[DNSOP] RFC2317 Question: Resolving cname delegation

Hector Santos <hsantos@isdg.net> Thu, 24 August 2017 15:47 UTC

Return-Path: <hsantos@isdg.net>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost []) by ietfa.amsl.com (Postfix) with ESMTP id ED8F71321C7 for <dnsop@ietfa.amsl.com>; Thu, 24 Aug 2017 08:47:07 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -0.601
X-Spam-Status: No, score=-0.601 tagged_above=-999 required=5 tests=[BAYES_05=-0.5, DKIM_SIGNED=0.1, DKIM_VALID=-0.1, DKIM_VALID_AU=-0.1, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Authentication-Results: ietfa.amsl.com (amavisd-new); dkim=pass (1024-bit key) header.d=isdg.net header.b=C4hFaMN1; dkim=pass (1024-bit key) header.d=beta.winserver.com header.b=zqRsz7Cs
Received: from mail.ietf.org ([]) by localhost (ietfa.amsl.com []) (amavisd-new, port 10024) with ESMTP id xUAW5P-4DbuL for <dnsop@ietfa.amsl.com>; Thu, 24 Aug 2017 08:47:06 -0700 (PDT)
Received: from catinthebox.net (groups.winserver.com []) by ietfa.amsl.com (Postfix) with ESMTP id 39E56124E15 for <dnsop@ietf.org>; Thu, 24 Aug 2017 08:47:03 -0700 (PDT)
DKIM-Signature: v=1; d=isdg.net; s=tms1; a=rsa-sha1; c=simple/relaxed; l=1205; t=1503589618; atps=ietf.org; atpsh=sha1; h=Received:Received:Received:Received:Message-ID:Date:From: Organization:To:Subject:List-ID; bh=VS0OFVISArvb38PNxuAV4roJ0SU=; b=C4hFaMN1lp9fAuOG+QRCxtPN8v8rcuoiFwS5PtC/b2mFE0VDl8I/vElZj6Wvm+ dS3pjQb8kL0rCtc4AP/mcIWohkaLeZqXlf3zT1lfUDblBULAZW4ykTWlQJ425cwu eISxcXPHs1GWKmmZj5cx53IGZ4/vV+3Hh7Y6UElHoqrjQ=
Received: by winserver.com (Wildcat! SMTP Router v7.0.454.6) for dnsop@ietf.org; Thu, 24 Aug 2017 11:46:58 -0400
Authentication-Results: dkim.winserver.com; dkim=pass header.d=beta.winserver.com header.s=tms1 header.i=beta.winserver.com; adsp=pass policy=all author.d=isdg.net asl.d=beta.winserver.com;
Received: from beta.winserver.com ([]) by winserver.com (Wildcat! SMTP v7.0.454.6) with ESMTP id 3653465672.75665.580; Thu, 24 Aug 2017 11:46:56 -0400
DKIM-Signature: v=1; d=beta.winserver.com; s=tms1; a=rsa-sha256; c=simple/relaxed; l=1205; t=1503589565; h=Received:Received: Message-ID:Date:From:Organization:To:Subject:List-ID; bh=VCt5S7D xE7Y3p6lf/igccOOJgEjSYIQ10wlX2TU3RTg=; b=zqRsz7Csw5QXB5MGoCHnu4w UTksKrA5VCAHpAsOyEEx2mR+NH1C+9aPXZ1qBO6zDqI0xVMVVhBEfe8ibjI6H4SE nbA2yAoU9uX8HfDSbCrG1FjugkgpmixthK8b8G8Oz/zK+5Xe/PS5NnM48Z3RGr2B B9XHC6jqOKJFfTHtkhmw=
Received: by beta.winserver.com (Wildcat! SMTP Router v7.0.454.6) for dnsop@ietf.org; Thu, 24 Aug 2017 11:46:04 -0400
Received: from [] ([]) by beta.winserver.com (Wildcat! SMTP v7.0.454.6) with ESMTP id 537445140.9.16468; Thu, 24 Aug 2017 11:46:04 -0400
Message-ID: <599EF4F2.6070509@isdg.net>
Date: Thu, 24 Aug 2017 11:46:58 -0400
From: Hector Santos <hsantos@isdg.net>
Organization: Santronics Software, Inc.
User-Agent: Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101 Thunderbird/24.8.1
MIME-Version: 1.0
To: "dnsop@ietf.org" <dnsop@ietf.org>
Content-Type: text/plain; charset="UTF-8"; format="flowed"
Content-Transfer-Encoding: 7bit
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/jLu5PMRQgBMa80u8YRPTcEPEvzk>
Subject: [DNSOP] RFC2317 Question: Resolving cname delegation
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.22
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Thu, 24 Aug 2017 15:47:08 -0000

I have a question related to RFC2317 "Classless IN-ADDR.ARPA delegation."

Earlier this year, I switched from a class C bank of 256 addresses to 
a reduced  set of 32 ips (/27).  To get PTR queries to work, RFC2317 
was referred by my ISP to prepare the delegation.

Having implemented RFC2317, I noticed with PTR lookups directly 
against my own DNS server, it returns the proper host names, no 
cnames.   When the query is done against other DNS servers, it returns 
the CNAME which points to the expected host name(s).  This I 
understand is the expected RFC2317 method setup by the ISP.

Not expecting this in my DNS resolver code, I modified the resolver to 
take the CNAMEs into account and return the host names instead.  Was 
this the correct thing to do, thus providing the same results 
regardless of the query location?

Reading RFC2317, section 5.1 and section 5.3, it sounds what I did was 

I have various PTR lookup scripts that did not expect the CNAME in the 
PTR query as RFC2317 indicates may happen, thus possibly failing a PTR 
requirement, i.e. SMTP receiver connection, etc.

Before I release my updates, I wonder if this was the right thing to do.