On Fri, Feb 01, 2002 at 03:47:21PM -0600, Brian McGroarty wrote: > > I'd appreciate it if you'd direct me to the newer material that > supersedes the information in RFC 1033, Noah. I'll be searching myself > as well. I don't wish to remain ignorant, of course.
From RFC 1912 (Common DNS Operational and Configuration Errors) section 2.4: Having NS records pointing to a CNAME is bad and may conflict badly with current BIND servers. In fact, current BIND implementations will ignore such records, possibly leading to a lame delegation. There is a certain amount of security checking done in BIND to prevent spoofing DNS NS records. Also, older BIND servers reportedly will get caught in an infinite query loop trying to figure out the address for the aliased nameserver, causing a continuous stream of DNS requests to be sent. Now of course, this doesn't give any hint at all as to *why* this may be bad, except that BIND doesn't like it. If that's not a bad reason then I don't know what is. This may not be the best source for this info, however. There may very well be another RFC that gives more details. This was the first one that came to mind, though. noah -- _______________________________________________________ | Web: http://web.morgul.net/~frodo/ | PGP Public Key: http://web.morgul.net/~frodo/mail.html
pgpygNc2xMZ0J.pgp
Description: PGP signature
