Re: [DNSOP] fyi [Pdns-users] Please test: ALIAS/ANAME apex record in PowerDNS
Paul Hoffman <paul.hoffman@vpnc.org> Sun, 21 September 2014 15:13 UTC
Return-Path: <paul.hoffman@vpnc.org>
X-Original-To: dnsop@ietfa.amsl.com
Delivered-To: dnsop@ietfa.amsl.com
Received: from localhost (ietfa.amsl.com [127.0.0.1]) by ietfa.amsl.com (Postfix) with ESMTP id 698A41A0117 for <dnsop@ietfa.amsl.com>; Sun, 21 Sep 2014 08:13:52 -0700 (PDT)
X-Virus-Scanned: amavisd-new at amsl.com
X-Spam-Flag: NO
X-Spam-Score: -3.647
X-Spam-Level:
X-Spam-Status: No, score=-3.647 tagged_above=-999 required=5 tests=[BAYES_00=-1.9, HELO_MISMATCH_COM=0.553, RCVD_IN_DNSWL_MED=-2.3] autolearn=ham
Received: from mail.ietf.org ([4.31.198.44]) by localhost (ietfa.amsl.com [127.0.0.1]) (amavisd-new, port 10024) with ESMTP id 1OWMfKOFDtHU for <dnsop@ietfa.amsl.com>; Sun, 21 Sep 2014 08:13:50 -0700 (PDT)
Received: from proper.com (Hoffman.Proper.COM [207.182.41.81]) (using TLSv1.2 with cipher ECDHE-RSA-AES256-GCM-SHA384 (256/256 bits)) (No client certificate requested) by ietfa.amsl.com (Postfix) with ESMTPS id D19E11A0107 for <dnsop@ietf.org>; Sun, 21 Sep 2014 08:13:50 -0700 (PDT)
Received: from [10.20.30.90] (50-1-50-250.dsl.dynamic.fusionbroadband.com [50.1.50.250]) (authenticated bits=0) by proper.com (8.14.9/8.14.7) with ESMTP id s8LFDlRf004661 (version=TLSv1/SSLv3 cipher=AES128-SHA bits=128 verify=NO); Sun, 21 Sep 2014 08:13:49 -0700 (MST) (envelope-from paul.hoffman@vpnc.org)
X-Authentication-Warning: proper.com: Host 50-1-50-250.dsl.dynamic.fusionbroadband.com [50.1.50.250] claimed to be [10.20.30.90]
Content-Type: text/plain; charset="us-ascii"
Mime-Version: 1.0 (Mac OS X Mail 7.3 \(1878.6\))
From: Paul Hoffman <paul.hoffman@vpnc.org>
In-Reply-To: <20140921115222.GB16178@xs.powerdns.com>
Date: Sun, 21 Sep 2014 08:13:46 -0700
Content-Transfer-Encoding: quoted-printable
Message-Id: <412982B8-DBB4-475E-8A85-352AF35B579F@vpnc.org>
References: <20140921115222.GB16178@xs.powerdns.com>
To: bert hubert <bert.hubert@netherlabs.nl>
X-Mailer: Apple Mail (2.1878.6)
Archived-At: http://mailarchive.ietf.org/arch/msg/dnsop/oFhSgFHPCRbqBRucPAYSiY_-zAc
Cc: dnsop@ietf.org
Subject: Re: [DNSOP] fyi [Pdns-users] Please test: ALIAS/ANAME apex record in PowerDNS
X-BeenThere: dnsop@ietf.org
X-Mailman-Version: 2.1.15
Precedence: list
List-Id: IETF DNSOP WG mailing list <dnsop.ietf.org>
List-Unsubscribe: <https://www.ietf.org/mailman/options/dnsop>, <mailto:dnsop-request@ietf.org?subject=unsubscribe>
List-Archive: <http://www.ietf.org/mail-archive/web/dnsop/>
List-Post: <mailto:dnsop@ietf.org>
List-Help: <mailto:dnsop-request@ietf.org?subject=help>
List-Subscribe: <https://www.ietf.org/mailman/listinfo/dnsop>, <mailto:dnsop-request@ietf.org?subject=subscribe>
X-List-Received-Date: Sun, 21 Sep 2014 15:13:52 -0000
Two questions (although other folks are likely to have more questions). > $ORIGIN example.com. > @ IN SOA ns1 ahu 2014091619 7200 3600 1209600 3600 > @ IN NS ns1 > @ IN NS ns2 > www IN CNAME xs.powerdns.com. > ns1 IN A 1.2.3.4 > ns2 IN A 4.3.2.1 > @ IN ALIAS www.powerdns.com. > @ IN MX 25 outpost.ds9a.nl. > elsewhere IN CNAME @ > > The branch can be found on https://github.com/PowerDNS/pdns/tree/alias and > we should have packages soon. > > The current semantics for the ALIAS pseudo-record are that they only match > if no real record did. So in the case above, an MX query for example.com > would return "25 outpost.ds9a.nl". But a query for AAAA would return the > IPv6 address obtained by following the www.powerdns.com CNAME chain to > xs.powerdns.com. This also works for all other record types, btw. - What happens / should happen if the "@ IN MX 25 outpost.ds9a.nl." record is not in the zone file and the server gets an MX query for example.com? > PS: the above is currently not yet supported for DNSSEC domains! Can you say (much) more about that aside? Does it mean that the server will fail to load the zone if there is DNSSEC records and ALIAS pseudo-records? Or that the DNSSEC gets broken? Or that the ALIAS gets broken? Or... ? --Paul Hoffman
- Re: [DNSOP] fyi [Pdns-users] Please test: ALIAS/A… Paul Vixie
- [DNSOP] fyi [Pdns-users] Please test: ALIAS/ANAME… bert hubert
- Re: [DNSOP] fyi [Pdns-users] Please test: ALIAS/A… Paul Hoffman
- Re: [DNSOP] fyi [Pdns-users] Please test: ALIAS/A… bert hubert
- Re: [DNSOP] fyi [Pdns-users] Please test: ALIAS/A… Dick Franks
- Re: [DNSOP] fyi [Pdns-users] Please test: ALIAS/A… Suzanne Woolf
- Re: [DNSOP] fyi [Pdns-users] Please test: ALIAS/A… Doug Barton
- Re: [DNSOP] fyi [Pdns-users] Please test: ALIAS/A… Doug Barton
- Re: [DNSOP] fyi [Pdns-users] Please test: ALIAS/A… David Conrad
- Re: [DNSOP] fyi [Pdns-users] Please test: ALIAS/A… Paul Vixie
- Re: [DNSOP] fyi [Pdns-users] Please test: ALIAS/A… David Conrad
- Re: [DNSOP] fyi [Pdns-users] Please test: ALIAS/A… Colm MacCárthaigh
- Re: [DNSOP] fyi [Pdns-users] Please test: ALIAS/A… Paul Vixie
- Re: [DNSOP] fyi [Pdns-users] Please test: ALIAS/A… Suzanne Woolf
- Re: [DNSOP] fyi [Pdns-users] Please test: ALIAS/A… Tony Finch
- Re: [DNSOP] fyi [Pdns-users] Please test: ALIAS/A… Tony Finch
- Re: [DNSOP] fyi [Pdns-users] Please test: ALIAS/A… Tony Finch
- Re: [DNSOP] fyi [Pdns-users] Please test: ALIAS/A… John Levine
- Re: [DNSOP] fyi [Pdns-users] Please test: ALIAS/A… Dick Franks
- Re: [DNSOP] fyi [Pdns-users] Please test: ALIAS/A… Tony Finch
- Re: [DNSOP] fyi [Pdns-users] Please test: ALIAS/A… Andrew Sullivan
- Re: [DNSOP] fyi [Pdns-users] Please test: ALIAS/A… Dick Franks
- Re: [DNSOP] DNSSEC and ALIAS/ANAME apex record in… Paul Hoffman
- Re: [DNSOP] fyi [Pdns-users] Please test: ALIAS/A… Tony Finch
- Re: [DNSOP] fyi [Pdns-users] Please test: ALIAS/A… Colm MacCárthaigh
- Re: [DNSOP] fyi [Pdns-users] Please test: ALIAS/A… Olafur Gudmundsson
- Re: [DNSOP] fyi [Pdns-users] Please test: ALIAS/A… bert hubert
- Re: [DNSOP] fyi [Pdns-users] Please test: ALIAS/A… bert hubert
- Re: [DNSOP] fyi [Pdns-users] Please test: ALIAS/A… Paul Wouters