Re: [DNSOP] Where in a CNAME chain is the QNAME?
Robert Edmonds <edmonds@mycre.ws> Tue, 20 September 2016 16:37 UTC
Return-Path: <edmonds@mycre.ws>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (localhost [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 03B9E12B3EE for <dnsop@ietfa.amsl.com>; Tue, 20 Sep 2016 09:37:56 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -4.218
X-Spam-Level:
X-Spam-Status: No, score=-4.218 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, RP_MATCHES_RCVD=-2.316, SPF_HELO_PASS=-0.001, SPF_PASS=-0.001] autolearn=ham autolearn_force=no
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id sl5baOGULHqZ for <dnsop@ietfa.amsl.com>; Tue, 20 Sep 2016 09:37:54 -0700 (PDT)
Received: from mycre.ws (mycre.ws [45.33.102.105]) (using TLSv1.2 with cipher AECDH-AES256-SHA (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id 0406B12B0E9 for <dnsop@ietf.org>; Tue, 20 Sep 2016 09:37:54 -0700 (PDT)
Received: by chase.mycre.ws (Postfix, from userid 1000) id 596A612C10B2; Tue, 20 Sep 2016 12:37:53 -0400 (EDT)
Date: Tue, 20 Sep 2016 12:37:53 -0400
From: Robert Edmonds <edmonds@mycre.ws>
To: Stephane Bortzmeyer <bortzmeyer@nic.fr>
Message-ID: <20160920163753.5k4h4cvrtdkt4pjh@mycre.ws>
References: <20160920161350.GA3288@laperouse.bortzmeyer.org>
MIME-Version: 1.0
Content-Type: text/plain; charset="utf-8"
Content-Disposition: inline
Content-Transfer-Encoding: 8bit
In-Reply-To: <20160920161350.GA3288@laperouse.bortzmeyer.org>
Archived-At: <https://mailarchive.ietf.org/arch/msg/dnsop/lXIX0Fuv0XlThRcJ9cLpcnP1lys>
Cc: dnsop@ietf.org
Subject: Re: [DNSOP] Where in a CNAME chain is the QNAME?
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.17
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <https://mailarchive.ietf.org/arch/browse/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Tue, 20 Sep 2016 16:37:56 -0000
Stephane Bortzmeyer wrote: > Do you like long terminology discussions, backed by a dozen RFC, where > people disagree on what's written in these RFC? If so, read on. Yes, please! > RFC 1034 had a different definition of QNAME but is not clear on the > specific case of CNAME chains: > > > A standard query specifies a target domain name (QNAME) RFC 1034 gives an "algorithm" (§4.3.2): […] Search the available zones for the zone which is the nearest ancestor to QNAME. […] […] If the whole of QNAME is matched, we have found the node. If the data at the node is a CNAME, and QTYPE doesn't match CNAME, copy the CNAME RR into the answer section of the response, change QNAME to the canonical name in the CNAME RR, and go back to step 1. […] It seems the use of QNAME for anything other than the question resource record name is due to this "variable reuse" in the §4.3.2 "algorithm". RFC 1035 gives a definition of QNAME in §4.1. All communications inside of the domain protocol are carried in a single format called a message. […] The names of the sections after the header are derived from their use in standard queries. The question section contains fields that describe a question to a name server. These fields are a query type (QTYPE), a query class (QCLASS), and a query domain name (QNAME). […] So, this implies that QNAME means the same thing regardless of whether the message is a query or response. Also see §4.1.2 which is even more graphic about where the QNAME is. > So, which is right? In this DNS query: > > % dig A www.afnic.fr > > ; <<>> DiG 9.10.3-P4-Ubuntu <<>> A www.afnic.fr > ;; global options: +cmd > ;; Got answer: > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 35551 > ;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1 > > ;; OPT PSEUDOSECTION: > ; EDNS: version: 0, flags:; udp: 1280 > ;; QUESTION SECTION: > ;www.afnic.fr. IN A > > ;; ANSWER SECTION: > www.afnic.fr. 213 IN CNAME www.nic.fr. > www.nic.fr. 213 IN CNAME lb01-1.nic.fr. > lb01-1.nic.fr. 213 IN A 192.134.5.24 > > ;; Query time: 875 msec > ;; SERVER: 192.168.43.1#53(192.168.43.1) > ;; WHEN: Tue Sep 20 18:11:06 CEST 2016 > ;; MSG SIZE rcvd: 100 > > Is the QNAME "www.afnic.fr" or "lb01-1.nic.fr" ("the data field of the > last CNAME")??? "www.afnic.fr", because that is the domain name in the question section. -- Robert Edmonds
- [DNSOP] Where in a CNAME chain is the QNAME? Stephane Bortzmeyer
- Re: [DNSOP] Where in a CNAME chain is the QNAME? Robert Edmonds
- Re: [DNSOP] Where in a CNAME chain is the QNAME? Paul Hoffman
- Re: [DNSOP] Where in a CNAME chain is the QNAME? Warren Kumari
- Re: [DNSOP] Where in a CNAME chain is the QNAME? Peter van Dijk
- Re: [DNSOP] Where in a CNAME chain is the QNAME? Peter van Dijk
- Re: [DNSOP] Where in a CNAME chain is the QNAME? Stephane Bortzmeyer
- Re: [DNSOP] Where in a CNAME chain is the QNAME? Viktor Dukhovni
- Re: [DNSOP] Where in a CNAME chain is the QNAME? Robert Edmonds
- Re: [DNSOP] Where in a CNAME chain is the QNAME? Stephane Bortzmeyer
- Re: [DNSOP] Where in a CNAME chain is the QNAME? Peter van Dijk
- Re: [DNSOP] Where in a CNAME chain is the QNAME? Ólafur Guðmundsson
- Re: [DNSOP] Where in a CNAME chain is the QNAME? Matt Larson
- Re: [DNSOP] Where in a CNAME chain is the QNAME? Paul Hoffman
- Re: [DNSOP] Where in a CNAME chain is the QNAME? Robert Edmonds
- Re: [DNSOP] Where in a CNAME chain is the QNAME? Peter van Dijk
- Re: [DNSOP] Where in a CNAME chain is the QNAME? Suzanne Woolf
- Re: [DNSOP] Where in a CNAME chain is the QNAME? Stephane Bortzmeyer
- Re: [DNSOP] Where in a CNAME chain is the QNAME? Stephane Bortzmeyer
- Re: [DNSOP] Where in a CNAME chain is the QNAME? Robert Edmonds
- Re: [DNSOP] Where in a CNAME chain is the QNAME? Viktor Dukhovni
- Re: [DNSOP] Where in a CNAME chain is the QNAME? Shumon Huque
- Re: [DNSOP] Where in a CNAME chain is the QNAME? Stephane Bortzmeyer
- Re: [DNSOP] Where in a CNAME chain is the QNAME? Paul Hoffman
- Re: [DNSOP] Where in a CNAME chain is the QNAME? Shumon Huque
- Re: [DNSOP] Where in a CNAME chain is the QNAME? Paul Hoffman
- Re: [DNSOP] Where in a CNAME chain is the QNAME? Robert Edmonds