In message <537c15b4.2000...@necom830.hpcl.titech.ac.jp>, Masataka Ohta writes: > Mark Andrews wrote: > > > The reason why CNAME is prohibited at a zone apex is described in RFC 1034: > > If we must change something, isn't it easier to allow CNAME at > a zone apex than introducing ENAME?
No. They are roughly equally difficult and allowing CNAME at the apex still won't solve CNAME + MX or CNAME + DNAME or CNAME + TXT or CNAME + just about any other type. The zone apex has lots of data stored at it. You have to update validators. You have to do a DNSSEC algorithm bump. You need to update signers and authoritative servers to enforce the algorithm bump. You have to update recursive servers to know about the new CNAME semantics. You have to have a transition strategy. If you do allow CNAME at the apex one will then just end up with two zones to manage instead of one just the second one is on the CDN's nameservers for all the apex data. Mark > Masataka Ohta -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org _______________________________________________ DNSOP mailing list DNSOP@ietf.org https://www.ietf.org/mailman/listinfo/dnsop
