No subject

Sun Dec 6 01:12:07 CET 2009

(say) and the NS records from the parent side pointing over
to the child side (the zone).  In the zone, you
have the SOA records, the NS and A and AAAA records, and so on.  On
the parent side, you have also DNAME  The
substitution at any lookup for labels beneath then gets sent to (so gets sent to, but
the substitution DOES NOT work for the label itself: if you query the
.com nameservers for, you get back the DNAME answer
but don't follow the chain.  This is why the A record for
does not work for  Note that you could have other
RRs at the same owner name (except for a CNAME), so you can in fact
have an A record.  BUT, MX records aren't allowed to
have DNAMEs in their chain, so you can't have an MX for  Isn't this fun?

But wait, there's more.  You can also put the DNAME on the child
side.  In this case, the apex of will include the NS
records for the zone, the SOA record, and one DNAME record for pointing to  Again, you could put other
RRs at the owner name (so you could have an A or AAAA
there).  On the parent side, you'd have NS records for pointing to the name servers for
This requires that the registrant maintain a separate zone for  It also entails that it's entirely possible for a
registrant to make and to go to different
places, which was (I thought) exactly the thing we were trying to
prevent.  As far as the DNS is concerned, this approach would just
make a different domain.  One could in principle do
something with registry-registrar-registrant agreements to put a
policy in place, but I think it'd be a major hassle (sorry) to
monitor.  And most gTLDs refuse to do any inspection of child zones,
in any case.

Does this help?

> I agree, although I do think the combinatorial explosion will be limited 
> in practice. There are not many domains registered. And 
> the Greeks and Cypriots may well decide that only bunding variants where 
> the s precedes a hyphen or is at the end of the label may well cover a 
> high enough % of cases.

The feedback we got here in this WG about tonos was that the explosion
was in fact a big deal for them.

> forms. What did people mean when they said "bundling"? DNAME? Are we now 
> back to the point that no-one really knows what "bundling" means?

I think we are in that situation, yes, which is why I think explaining
exactly what DNAME can and cannot do is suddenly important here.


Andrew Sullivan
ajs at
Shinkuro, Inc.

More information about the Idna-update mailing list