Re: Problem with powerdns(master) -> bind(slave) - DNS

This is a discussion on Re: Problem with powerdns(master) -> bind(slave) - DNS ; On Mon, Jan 21, 2008 at 11:38:30AM -0500, Matt Pounsett wrote a message of 43 lines which said: > You can't mix a CNAME with other data. Other persons said so but it should be noted that it is no ...

+ Reply to Thread
Results 1 to 2 of 2

Thread: Re: Problem with powerdns(master) -> bind(slave)

  1. Re: Problem with powerdns(master) -> bind(slave)

    On Mon, Jan 21, 2008 at 11:38:30AM -0500,
    Matt Pounsett wrote
    a message of 43 lines which said:

    > You can't mix a CNAME with other data.


    Other persons said so but it should be noted that it is no longer
    completely true. RFC 4034 (published in march 2005) says:

    Because every authoritative RRset in a zone must be protected by a
    digital signature, RRSIG RRs must be present for names containing a
    CNAME RR. This is a change to the traditional DNS specification
    [RFC1034], which stated that if a CNAME is present for a name, it is
    the only type allowed at that name.

    Mixing CNAME and A is still forbidden but you cannot say "Never use
    CNAME with other types" any more.



  2. Re: Problem with powerdns(master) -> bind(slave)

    Stephane Bortzmeyer writes:

    > > You can't mix a CNAME with other data.

    >
    > Other persons said so but it should be noted that it is no longer
    > completely true. RFC 4034 (published in march 2005) says:
    >
    > Because every authoritative RRset in a zone must be protected by a
    > digital signature, RRSIG RRs must be present for names containing a
    > CNAME RR. This is a change to the traditional DNS specification
    > [RFC1034], which stated that if a CNAME is present for a name, it is
    > the only type allowed at that name.
    >
    > Mixing CNAME and A is still forbidden but you cannot say "Never use
    > CNAME with other types" any more.


    in this sense the rrsig rr sharing a node with a cname rr, and the ds rr
    sharing a node with a zone-bottom ns rr, should be thought of as metadata
    attached to those rrsets, rather than as data in their own right.
    --
    Paul Vixie



+ Reply to Thread