[DNSOP] CNAME chain length limits
John R Levine <johnl@taugh.com> Wed, 27 May 2020 17:48 UTC
Return-Path: <johnl@taugh.com>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 2DAF73A0795 for <dnsop@ietfa.amsl.com>; Wed, 27 May 2020 10:48:39 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -2.1
X-Spam-Level:
X-Spam-Status: No, score=-2.1 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, DKIM_VALID_EF=-0.1, SPF_PASS=-0.001, URIBL_BLOCKED=0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1536-bit key) header.d=iecc.com header.b=bFtoCGvM; dkim=pass (1536-bit key) header.d=taugh.com header.b=tJDyFAIe
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id Qc1Sks5mabVU for <dnsop@ietfa.amsl.com>; Wed, 27 May 2020 10:48:36 -0700 (PDT)
Received: from gal.iecc.com (gal.iecc.com [IPv6:2001:470:1f07:1126:0:43:6f73:7461]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 81C5D3A064C for <dnsop@ietf.org>; Wed, 27 May 2020 10:48:36 -0700 (PDT)
Received: (qmail 98237 invoked from network); 27 May 2020 17:48:32 -0000
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=iecc.com; h=date:message-id:from:to:subject:mime-version:content-type:user-agent; s=17fbb.5ecea7f0.k2005; i=johnl-iecc.com@submit.iecc.com; bh=GQwB7pjuSoq6AdMb4aAbOBii+Bwd0ELsN2gs12I3jbg=; b=bFtoCGvMvbkM7EYFQjUS7UlaiNpvT2TuQpsqqDVEcu8iaC67X8v8bdup/u91qFaB68KsVG7NtC/zB2j7r0IOVgXvX4ziiDZtXp68wwRhbdepKzIlGapMmrH4xBadi6gBYOcUQ6mUvF1MQKat13nydeBK8OAI9GzW3lw+FV2UY9RTx95ikztU9jpFjDAy1OwEd5P8zlAB1vVhhVXtXl2LIghftboTI0YNwH1AL01XqXB0xSWHFY9YnaLqk1tVNkIQ
DKIM-Signature: v=1; a=rsa-sha256; c=simple; d=taugh.com; h=date:message-id:from:to:subject:mime-version:content-type:user-agent; s=17fbb.5ecea7f0.k2005; olt=johnl-iecc.com@submit.iecc.com; bh=GQwB7pjuSoq6AdMb4aAbOBii+Bwd0ELsN2gs12I3jbg=; b=tJDyFAIeo0NAYlsHTS56fv/fIMB4wmrDCWcz+HOGb7Pf8+IrTAfzwdtQw7t6JQXvdRRHkbpDH7B1CeB56soqkzyP5mAX+z04yYOZTpsElHQSGYa2Xb3G+uYw+HKgv37l2XlQUjjj6mdwinPmUdwhtZIYw6o+DckwNjzx4ZOF5mS8z6EbH21hyYnIXcoFY2UOSRmu+bofa7REJncBvGlTbKG1opZhnNbREQbvYwB3eH1i3s8Yqq6CuQ8guUxFR2zd
Received: from localhost ([IPv6:2001:470:1f07:1126::78:696d:6170]) by imap.iecc.com ([IPv6:2001:470:1f07:1126::78:696d:6170]) with ESMTPSA (TLS1.3 ECDHE-RSA AES-256-GCM AEAD, johnl@iecc.com) via TCP6; 27 May 2020 17:48:32 -0000
Date: Wed, 27 May 2020 13:48:32 -0400
Message-ID: <alpine.OSX.2.22.407.2005271341530.35268@ary.qy>
From: John R Levine <johnl@taugh.com>
To: dnsop@ietf.org
User-Agent: Alpine 2.22 (OSX 407 2020-02-09)
MIME-Version: 1.0
Content-Type: multipart/mixed; boundary="0-1195530771-1590601712=:35268"
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/71cdKULuAs2_SdWQvhRXzAWuHHU>
Subject: [DNSOP] CNAME chain length limits
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.29
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Wed, 27 May 2020 17:48:39 -0000
While I should have been doing something else, I made a rather long CNAME chain. When I looked up chain.examp1e.com it got SERVFAIL, but after I warmed up my cache five links at a time by looking for chain5, chain10, chain15, and so forth, it worked. At least it worked in "dig" and "host". When I try and look up http://chain.examp1e.com, Chrome waits a while and says not found, Firefox waits a while and says "Hmm. We’re having trouble finding that site." and Safari on my Mac hangs. (Feel free to try it yourself.) I realize the answer to most questions like this can be summarized as "don't do that", but is there any consensus as to the maximum CNAME chain length that works reliably, and what happens if the chain is too long? Hanging seems sub-optimal. Regards, John Levine, johnl@taugh.com, Taughannock Networks, Trumansburg NY Please consider the environment before reading this e-mail. https://jl.ly $ dig chain.examp1e.com A ;; Truncated, retrying in TCP mode. ; <<>> DiG 9.10.6 <<>> chain.examp1e.com a ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59001 ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 102, AUTHORITY: 0, ADDITIONAL: 1 ;; OPT PSEUDOSECTION: ; EDNS: version: 0, flags:; udp: 4096 ;; QUESTION SECTION: ;chain.examp1e.com. IN A ;; ANSWER SECTION: chain.examp1e.com. 3371 IN CNAME chain100.examp1e.com. chain100.examp1e.com. 3371 IN CNAME chain99.examp1e.com. chain99.examp1e.com. 3371 IN CNAME chain98.examp1e.com. chain98.examp1e.com. 3371 IN CNAME chain97.examp1e.com. chain97.examp1e.com. 3371 IN CNAME chain96.examp1e.com. chain96.examp1e.com. 3372 IN CNAME chain95.examp1e.com. chain95.examp1e.com. 3372 IN CNAME chain94.examp1e.com. chain94.examp1e.com. 3372 IN CNAME chain93.examp1e.com. chain93.examp1e.com. 3372 IN CNAME chain92.examp1e.com. chain92.examp1e.com. 3589 IN CNAME chain91.examp1e.com. chain91.examp1e.com. 3589 IN CNAME chain90.examp1e.com. chain90.examp1e.com. 3583 IN CNAME chain89.examp1e.com. chain89.examp1e.com. 3583 IN CNAME chain88.examp1e.com. chain88.examp1e.com. 3583 IN CNAME chain87.examp1e.com. chain87.examp1e.com. 3583 IN CNAME chain86.examp1e.com. chain86.examp1e.com. 3583 IN CNAME chain85.examp1e.com. chain85.examp1e.com. 3577 IN CNAME chain84.examp1e.com. chain84.examp1e.com. 3578 IN CNAME chain83.examp1e.com. chain83.examp1e.com. 3578 IN CNAME chain82.examp1e.com. chain82.examp1e.com. 3578 IN CNAME chain81.examp1e.com. chain81.examp1e.com. 3579 IN CNAME chain80.examp1e.com. chain80.examp1e.com. 3570 IN CNAME chain79.examp1e.com. chain79.examp1e.com. 3571 IN CNAME chain78.examp1e.com. chain78.examp1e.com. 3571 IN CNAME chain77.examp1e.com. chain77.examp1e.com. 3571 IN CNAME chain76.examp1e.com. chain76.examp1e.com. 3572 IN CNAME chain75.examp1e.com. chain75.examp1e.com. 3564 IN CNAME chain74.examp1e.com. chain74.examp1e.com. 3564 IN CNAME chain73.examp1e.com. chain73.examp1e.com. 3564 IN CNAME chain72.examp1e.com. chain72.examp1e.com. 3564 IN CNAME chain71.examp1e.com. chain71.examp1e.com. 3564 IN CNAME chain70.examp1e.com. chain70.examp1e.com. 3519 IN CNAME chain69.examp1e.com. chain69.examp1e.com. 3519 IN CNAME chain68.examp1e.com. chain68.examp1e.com. 3519 IN CNAME chain67.examp1e.com. chain67.examp1e.com. 3519 IN CNAME chain66.examp1e.com. chain66.examp1e.com. 3519 IN CNAME chain65.examp1e.com. chain65.examp1e.com. 3519 IN CNAME chain64.examp1e.com. chain64.examp1e.com. 3520 IN CNAME chain63.examp1e.com. chain63.examp1e.com. 3520 IN CNAME chain62.examp1e.com. chain62.examp1e.com. 3520 IN CNAME chain61.examp1e.com. chain61.examp1e.com. 3554 IN CNAME chain60.examp1e.com. chain60.examp1e.com. 3549 IN CNAME chain59.examp1e.com. chain59.examp1e.com. 3549 IN CNAME chain58.examp1e.com. chain58.examp1e.com. 3549 IN CNAME chain57.examp1e.com. chain57.examp1e.com. 3549 IN CNAME chain56.examp1e.com. chain56.examp1e.com. 3549 IN CNAME chain55.examp1e.com. chain55.examp1e.com. 3535 IN CNAME chain54.examp1e.com. chain54.examp1e.com. 3536 IN CNAME chain53.examp1e.com. chain53.examp1e.com. 3536 IN CNAME chain52.examp1e.com. chain52.examp1e.com. 3536 IN CNAME chain51.examp1e.com. chain51.examp1e.com. 3536 IN CNAME chain50.examp1e.com. chain50.examp1e.com. 3536 IN CNAME chain49.examp1e.com. chain49.examp1e.com. 3536 IN CNAME chain48.examp1e.com. chain48.examp1e.com. 3536 IN CNAME chain47.examp1e.com. chain47.examp1e.com. 3536 IN CNAME chain46.examp1e.com. chain46.examp1e.com. 3541 IN CNAME chain45.examp1e.com. chain45.examp1e.com. 3531 IN CNAME chain44.examp1e.com. chain44.examp1e.com. 3531 IN CNAME chain43.examp1e.com. chain43.examp1e.com. 3531 IN CNAME chain42.examp1e.com. chain42.examp1e.com. 3531 IN CNAME chain41.examp1e.com. chain41.examp1e.com. 3531 IN CNAME chain40.examp1e.com. chain40.examp1e.com. 3525 IN CNAME chain39.examp1e.com. chain39.examp1e.com. 3526 IN CNAME chain38.examp1e.com. chain38.examp1e.com. 3526 IN CNAME chain37.examp1e.com. chain37.examp1e.com. 3526 IN CNAME chain36.examp1e.com. chain36.examp1e.com. 3526 IN CNAME chain35.examp1e.com. chain35.examp1e.com. 3513 IN CNAME chain34.examp1e.com. chain34.examp1e.com. 3513 IN CNAME chain33.examp1e.com. chain33.examp1e.com. 3513 IN CNAME chain32.examp1e.com. chain32.examp1e.com. 3513 IN CNAME chain31.examp1e.com. chain31.examp1e.com. 3513 IN CNAME chain30.examp1e.com. chain30.examp1e.com. 3508 IN CNAME chain29.examp1e.com. chain29.examp1e.com. 3508 IN CNAME chain28.examp1e.com. chain28.examp1e.com. 3508 IN CNAME chain27.examp1e.com. chain27.examp1e.com. 3508 IN CNAME chain26.examp1e.com. chain26.examp1e.com. 3508 IN CNAME chain25.examp1e.com. chain25.examp1e.com. 3499 IN CNAME chain24.examp1e.com. chain24.examp1e.com. 3499 IN CNAME chain23.examp1e.com. chain23.examp1e.com. 3500 IN CNAME chain22.examp1e.com. chain22.examp1e.com. 3500 IN CNAME chain21.examp1e.com. chain21.examp1e.com. 3500 IN CNAME chain20.examp1e.com. chain20.examp1e.com. 3447 IN CNAME chain19.examp1e.com. chain19.examp1e.com. 3447 IN CNAME chain18.examp1e.com. chain18.examp1e.com. 3447 IN CNAME chain17.examp1e.com. chain17.examp1e.com. 3448 IN CNAME chain16.examp1e.com. chain16.examp1e.com. 3448 IN CNAME chain15.examp1e.com. chain15.examp1e.com. 3448 IN CNAME chain14.examp1e.com. chain14.examp1e.com. 3448 IN CNAME chain13.examp1e.com. chain13.examp1e.com. 3448 IN CNAME chain12.examp1e.com. chain12.examp1e.com. 3449 IN CNAME chain11.examp1e.com. chain11.examp1e.com. 3486 IN CNAME chain10.examp1e.com. chain10.examp1e.com. 3455 IN CNAME chain9.examp1e.com. chain9.examp1e.com. 3455 IN CNAME chain8.examp1e.com. chain8.examp1e.com. 3455 IN CNAME chain7.examp1e.com. chain7.examp1e.com. 3455 IN CNAME chain6.examp1e.com. chain6.examp1e.com. 3455 IN CNAME chain5.examp1e.com. chain5.examp1e.com. 3455 IN CNAME chain4.examp1e.com. chain4.examp1e.com. 3455 IN CNAME chain3.examp1e.com. chain3.examp1e.com. 3455 IN CNAME chain2.examp1e.com. chain2.examp1e.com. 3455 IN CNAME chain1.examp1e.com. chain1.examp1e.com. 3466 IN CNAME chain0.examp1e.com. chain0.examp1e.com. 3460 IN A 64.57.183.119 ;; Query time: 2 msec ;; SERVER: 192.168.80.2#53(192.168.80.2) ;; WHEN: Wed May 27 13:31:17 EDT 2020 ;; MSG SIZE rcvd: 2275
- [DNSOP] CNAME chain length limits John R Levine
- Re: [DNSOP] CNAME chain length limits Evan Hunt
- Re: [DNSOP] CNAME chain length limits John R Levine
- Re: [DNSOP] CNAME chain length limits Eric Orth
- Re: [DNSOP] CNAME chain length limits Eric Orth
- Re: [DNSOP] CNAME chain length limits John R Levine
- Re: [DNSOP] CNAME chain length limits John R Levine
- Re: [DNSOP] CNAME chain length limits dagon
- Re: [DNSOP] CNAME chain length limits Eric Orth
- Re: [DNSOP] CNAME chain length limits Paul Vixie
- Re: [DNSOP] CNAME chain length limits Tony Finch
- Re: [DNSOP] CNAME chain length limits dagon
- Re: [DNSOP] CNAME chain length limits Mark Andrews
- Re: [DNSOP] CNAME chain length limits John R Levine
- Re: [DNSOP] CNAME chain length limits dagon