On 01/30/2016 04:44 AM, Reindl Harald wrote:
nonsense
Okay ...
From RFC 1034 - Domain names - concepts and facilities: Of course, by the robustness principle, domain software should not fail when presented with CNAME chains or loops; CNAME chains should be followed and CNAME loops signalled as an error.
I'll agree that they SHOULD work. But I've had too many occasions over the last 15 years where chained CNAMEs DIDN'T work.
"Domain names in RRs which point at another name should always point at the primary name and not the alias. This avoids extra indirections in accessing information" is NOT a MUST
I think chained CNAMEs fall into the gray area (no mans land) between zealots on either side of the RFC interpretation line.
If chained CNAMEs work for you, more power to you. But don't be surprised if they fail unexpectedly at some point.
see above
I see my experience of poorly written resolvers, and server forbidding CNAMEs referring to other CNAMEs in the same zone, and DNS gateways that are overly zealous in their filtering.
I maintain that using chained CNAMEs is not safe, and as such should not be relied upon. - We are each entitled to our own opinions.
-- Grant. . . . unix || die _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
