IETF Logo Mail Archive

Re: [DNSOP] fyi [Pdns-users] Please test: ALIAS/ANAME apex record in PowerDNS

Paul Hoffman <paul.hoffman@vpnc.org> Sun, 21 September 2014 15:13 UTC

Return-Path: <paul.hoffman@vpnc.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 698A41A0117 for <dnsop@ietfa.amsl.com>; Sun, 21 Sep 2014 08:13:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.647
X-Spam-Level:
X-Spam-Status: No, score=-3.647 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_MISMATCH_COM=0.553, RCVD_IN_DNSWL_MED=-2.3] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1OWMfKOFDtHU for <dnsop@ietfa.amsl.com>; Sun, 21 Sep 2014 08:13:50 -0700 (PDT)
Received: from proper.com (Hoffman.Proper.COM [207.182.41.81]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D19E11A0107 for <dnsop@ietf.org>; Sun, 21 Sep 2014 08:13:50 -0700 (PDT)
Received: from [10.20.30.90] (50-1-50-250.dsl.dynamic.fusionbroadband.com [50.1.50.250]) (authenticated bits=0) by proper.com (8.14.9/8.14.7) with ESMTP id s8LFDlRf004661 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO); Sun, 21 Sep 2014 08:13:49 -0700 (MST) (envelope-from paul.hoffman@vpnc.org)
X-Authentication-Warning: proper.com: Host 50-1-50-250.dsl.dynamic.fusionbroadband.com [50.1.50.250] claimed to be [10.20.30.90]
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\))
From: Paul Hoffman <paul.hoffman@vpnc.org>
In-Reply-To: <20140921115222.GB16178@xs.powerdns.com>
Date: Sun, 21 Sep 2014 08:13:46 -0700
Content-Transfer-Encoding: quoted-printable
Message-Id: <412982B8-DBB4-475E-8A85-352AF35B579F@vpnc.org>
References: <20140921115222.GB16178@xs.powerdns.com>
To: bert hubert <bert.hubert@netherlabs.nl>
X-Mailer: Apple Mail (2.1878.6)
Archived-At: http://mailarchive.ietf.org/arch/msg/dnsop/oFhSgFHPCRbqBRucPAYSiY_-zAc
Cc: dnsop@ietf.org
Subject: Re: [DNSOP] fyi [Pdns-users] Please test: ALIAS/ANAME apex record in PowerDNS
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 21 Sep 2014 15:13:52 -0000

Two questions (although other folks are likely to have more questions).

> $ORIGIN example.com.
> @       IN      SOA     ns1 ahu 2014091619 7200 3600 1209600 3600
> @       IN      NS      ns1
> @       IN      NS      ns2
> www     IN      CNAME   xs.powerdns.com.
> ns1     IN      A       1.2.3.4
> ns2     IN      A       4.3.2.1
> @       IN      ALIAS   www.powerdns.com.
> @       IN      MX      25 outpost.ds9a.nl.
> elsewhere       IN      CNAME   @
> 
> The branch can be found on https://github.com/PowerDNS/pdns/tree/alias and
> we should have packages soon. 
> 
> The current semantics for the ALIAS pseudo-record are that they only match
> if no real record did.  So in the case above, an MX query for example.com
> would return "25 outpost.ds9a.nl".  But a query for AAAA would return the
> IPv6 address obtained by following the www.powerdns.com CNAME chain to
> xs.powerdns.com. This also works for all other record types, btw.

- What happens / should happen if the "@  IN MX 25 outpost.ds9a.nl." record is not in the zone file and the server gets an MX query for example.com?

> PS: the above is currently not yet supported for DNSSEC domains!

Can you say (much) more about that aside? Does it mean that the server will fail to load the zone if there is DNSSEC records and ALIAS pseudo-records? Or that the DNSSEC gets broken? Or that the ALIAS gets broken? Or... ?

--Paul Hoffman

v2.23.0 | Report a Bug | By Email