DNAME understanding
Andrew Sullivan
ajs at shinkuro.com
Fri Dec 4 21:08:52 CET 2009
On Fri, Dec 04, 2009 at 07:48:36PM +0000, Shawn Steele wrote:
> It was stated that DNAME doesn't solve mail.
Yes, but as I pointed out, I don't know why it doesn't.
WARNING: DNS mumbo-jumbo below:
Suppose you have dname-example.com and example.com:
www.example.com IN A 192.0.2.5
dname-example.com IN DNAME example.com
Now, if you look up www.dname-example.com, you get back an answer with
a DNAME or synthetic CNAME (or both) that gets you to 192.0.2.5.
Ok, but suppose you also have
example.com IN MX mail.example.com
mail.example.com IN A 192.0.2.2
The problem here is that if you lookup MX dname-example.com, you
_don't_ get the MX from example.com. You get back the DNAME record
that tells you to do to example.com. Now, this isn't great, but the
number of resolvers left out there that don't know what to do about
this is tiny. I simply don't believe it's a real problem.
Now, there _is_ a problem, and that is that the zone operator below
the DNAME might incorrectly take dname-example.com to be the "real"
zone, and example.com to be the "variant". They'll put an MX in
dname-example.com. But that record will never be seen, because the
DNAME record occludes everything below it. Frankly, I regard this as
a red herring: if people can't operate their DNS correctly, they need
to find someone who can. There's a real user education issue here for
sure, but that ought to be possible to overcome. I volunteer to help
with materials for registrars if needed.
There is a major PITA management issue with all of this, of course,
because it increases DNS traffic, and maintaining A records at the
owner name of the DNAME is also a pain (the DNAME doesn't include the
name itself. So if you want to have http://dname-example.com work,
you need to put an A record at that name _too_, which sort of
undermines the DNAME-for-variants strategy).
Does this clarify it for you? (If not, unless the Chair directs me
otherwise, I encourage people to ask me off-list. I think this is way
off-topic here.)
A
--
Andrew Sullivan
ajs at shinkuro.com
Shinkuro, Inc.
More information about the Idna-update
mailing list