Re: [DNSOP] CNAME chain length limits

[Eric Orth <ericorth@google.com>]

On Wed, May 27, 2020 at 1:49 PM John R Levine <johnl@taugh.com> wrote:

> While I should have been doing something else, I made a rather long CNAME
> chain.  When I looked up chain.examp1e.com it got SERVFAIL, but after I
> warmed up my cache five links at a time by looking for chain5, chain10,
> chain15, and so forth, it worked.  At least it worked in "dig" and "host".
> When I try and look up http://chain.examp1e.com, Chrome waits a while
> and says not found,


If Chrome is using its built-in stub, there's not expected to be a limit
(other than the overall message size limits), but nothing tests chains this
long other than security fuzzers that are only looking for crashes or
memory issues.


> Firefox waits a while and says "Hmm. We’re having
> trouble finding that site." and Safari on my Mac hangs.  (Feel free to try
> it yourself.)
>
> I realize the answer to most questions like this can be summarized as
> "don't do that", but is there any consensus as to the maximum CNAME chain
> length that works reliably, and what happens if the chain is too long?
> Hanging seems sub-optimal.
>
> Regards,
> John Levine, johnl@taugh.com, Taughannock Networks, Trumansburg NY
> Please consider the environment before reading this e-mail. https://jl.ly
>
> $ dig chain.examp1e.com A
> ;; Truncated, retrying in TCP mode.
>
> ; <<>> DiG 9.10.6 <<>> chain.examp1e.com a
> ;; global options: +cmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 59001
> ;; flags: qr rd ra ad; QUERY: 1, ANSWER: 102, AUTHORITY: 0, ADDITIONAL: 1
>
> ;; OPT PSEUDOSECTION:
> ; EDNS: version: 0, flags:; udp: 4096
> ;; QUESTION SECTION:
> ;chain.examp1e.com.             IN      A
>
> ;; ANSWER SECTION:
> chain.examp1e.com.      3371    IN      CNAME   chain100.examp1e.com.
> chain100.examp1e.com.   3371    IN      CNAME   chain99.examp1e.com.
> chain99.examp1e.com.    3371    IN      CNAME   chain98.examp1e.com.
> chain98.examp1e.com.    3371    IN      CNAME   chain97.examp1e.com.
> chain97.examp1e.com.    3371    IN      CNAME   chain96.examp1e.com.
> chain96.examp1e.com.    3372    IN      CNAME   chain95.examp1e.com.
> chain95.examp1e.com.    3372    IN      CNAME   chain94.examp1e.com.
> chain94.examp1e.com.    3372    IN      CNAME   chain93.examp1e.com.
> chain93.examp1e.com.    3372    IN      CNAME   chain92.examp1e.com.
> chain92.examp1e.com.    3589    IN      CNAME   chain91.examp1e.com.
> chain91.examp1e.com.    3589    IN      CNAME   chain90.examp1e.com.
> chain90.examp1e.com.    3583    IN      CNAME   chain89.examp1e.com.
> chain89.examp1e.com.    3583    IN      CNAME   chain88.examp1e.com.
> chain88.examp1e.com.    3583    IN      CNAME   chain87.examp1e.com.
> chain87.examp1e.com.    3583    IN      CNAME   chain86.examp1e.com.
> chain86.examp1e.com.    3583    IN      CNAME   chain85.examp1e.com.
> chain85.examp1e.com.    3577    IN      CNAME   chain84.examp1e.com.
> chain84.examp1e.com.    3578    IN      CNAME   chain83.examp1e.com.
> chain83.examp1e.com.    3578    IN      CNAME   chain82.examp1e.com.
> chain82.examp1e.com.    3578    IN      CNAME   chain81.examp1e.com.
> chain81.examp1e.com.    3579    IN      CNAME   chain80.examp1e.com.
> chain80.examp1e.com.    3570    IN      CNAME   chain79.examp1e.com.
> chain79.examp1e.com.    3571    IN      CNAME   chain78.examp1e.com.
> chain78.examp1e.com.    3571    IN      CNAME   chain77.examp1e.com.
> chain77.examp1e.com.    3571    IN      CNAME   chain76.examp1e.com.
> chain76.examp1e.com.    3572    IN      CNAME   chain75.examp1e.com.
> chain75.examp1e.com.    3564    IN      CNAME   chain74.examp1e.com.
> chain74.examp1e.com.    3564    IN      CNAME   chain73.examp1e.com.
> chain73.examp1e.com.    3564    IN      CNAME   chain72.examp1e.com.
> chain72.examp1e.com.    3564    IN      CNAME   chain71.examp1e.com.
> chain71.examp1e.com.    3564    IN      CNAME   chain70.examp1e.com.
> chain70.examp1e.com.    3519    IN      CNAME   chain69.examp1e.com.
> chain69.examp1e.com.    3519    IN      CNAME   chain68.examp1e.com.
> chain68.examp1e.com.    3519    IN      CNAME   chain67.examp1e.com.
> chain67.examp1e.com.    3519    IN      CNAME   chain66.examp1e.com.
> chain66.examp1e.com.    3519    IN      CNAME   chain65.examp1e.com.
> chain65.examp1e.com.    3519    IN      CNAME   chain64.examp1e.com.
> chain64.examp1e.com.    3520    IN      CNAME   chain63.examp1e.com.
> chain63.examp1e.com.    3520    IN      CNAME   chain62.examp1e.com.
> chain62.examp1e.com.    3520    IN      CNAME   chain61.examp1e.com.
> chain61.examp1e.com.    3554    IN      CNAME   chain60.examp1e.com.
> chain60.examp1e.com.    3549    IN      CNAME   chain59.examp1e.com.
> chain59.examp1e.com.    3549    IN      CNAME   chain58.examp1e.com.
> chain58.examp1e.com.    3549    IN      CNAME   chain57.examp1e.com.
> chain57.examp1e.com.    3549    IN      CNAME   chain56.examp1e.com.
> chain56.examp1e.com.    3549    IN      CNAME   chain55.examp1e.com.
> chain55.examp1e.com.    3535    IN      CNAME   chain54.examp1e.com.
> chain54.examp1e.com.    3536    IN      CNAME   chain53.examp1e.com.
> chain53.examp1e.com.    3536    IN      CNAME   chain52.examp1e.com.
> chain52.examp1e.com.    3536    IN      CNAME   chain51.examp1e.com.
> chain51.examp1e.com.    3536    IN      CNAME   chain50.examp1e.com.
> chain50.examp1e.com.    3536    IN      CNAME   chain49.examp1e.com.
> chain49.examp1e.com.    3536    IN      CNAME   chain48.examp1e.com.
> chain48.examp1e.com.    3536    IN      CNAME   chain47.examp1e.com.
> chain47.examp1e.com.    3536    IN      CNAME   chain46.examp1e.com.
> chain46.examp1e.com.    3541    IN      CNAME   chain45.examp1e.com.
> chain45.examp1e.com.    3531    IN      CNAME   chain44.examp1e.com.
> chain44.examp1e.com.    3531    IN      CNAME   chain43.examp1e.com.
> chain43.examp1e.com.    3531    IN      CNAME   chain42.examp1e.com.
> chain42.examp1e.com.    3531    IN      CNAME   chain41.examp1e.com.
> chain41.examp1e.com.    3531    IN      CNAME   chain40.examp1e.com.
> chain40.examp1e.com.    3525    IN      CNAME   chain39.examp1e.com.
> chain39.examp1e.com.    3526    IN      CNAME   chain38.examp1e.com.
> chain38.examp1e.com.    3526    IN      CNAME   chain37.examp1e.com.
> chain37.examp1e.com.    3526    IN      CNAME   chain36.examp1e.com.
> chain36.examp1e.com.    3526    IN      CNAME   chain35.examp1e.com.
> chain35.examp1e.com.    3513    IN      CNAME   chain34.examp1e.com.
> chain34.examp1e.com.    3513    IN      CNAME   chain33.examp1e.com.
> chain33.examp1e.com.    3513    IN      CNAME   chain32.examp1e.com.
> chain32.examp1e.com.    3513    IN      CNAME   chain31.examp1e.com.
> chain31.examp1e.com.    3513    IN      CNAME   chain30.examp1e.com.
> chain30.examp1e.com.    3508    IN      CNAME   chain29.examp1e.com.
> chain29.examp1e.com.    3508    IN      CNAME   chain28.examp1e.com.
> chain28.examp1e.com.    3508    IN      CNAME   chain27.examp1e.com.
> chain27.examp1e.com.    3508    IN      CNAME   chain26.examp1e.com.
> chain26.examp1e.com.    3508    IN      CNAME   chain25.examp1e.com.
> chain25.examp1e.com.    3499    IN      CNAME   chain24.examp1e.com.
> chain24.examp1e.com.    3499    IN      CNAME   chain23.examp1e.com.
> chain23.examp1e.com.    3500    IN      CNAME   chain22.examp1e.com.
> chain22.examp1e.com.    3500    IN      CNAME   chain21.examp1e.com.
> chain21.examp1e.com.    3500    IN      CNAME   chain20.examp1e.com.
> chain20.examp1e.com.    3447    IN      CNAME   chain19.examp1e.com.
> chain19.examp1e.com.    3447    IN      CNAME   chain18.examp1e.com.
> chain18.examp1e.com.    3447    IN      CNAME   chain17.examp1e.com.
> chain17.examp1e.com.    3448    IN      CNAME   chain16.examp1e.com.
> chain16.examp1e.com.    3448    IN      CNAME   chain15.examp1e.com.
> chain15.examp1e.com.    3448    IN      CNAME   chain14.examp1e.com.
> chain14.examp1e.com.    3448    IN      CNAME   chain13.examp1e.com.
> chain13.examp1e.com.    3448    IN      CNAME   chain12.examp1e.com.
> chain12.examp1e.com.    3449    IN      CNAME   chain11.examp1e.com.
> chain11.examp1e.com.    3486    IN      CNAME   chain10.examp1e.com.
> chain10.examp1e.com.    3455    IN      CNAME   chain9.examp1e.com.
> chain9.examp1e.com.     3455    IN      CNAME   chain8.examp1e.com.
> chain8.examp1e.com.     3455    IN      CNAME   chain7.examp1e.com.
> chain7.examp1e.com.     3455    IN      CNAME   chain6.examp1e.com.
> chain6.examp1e.com.     3455    IN      CNAME   chain5.examp1e.com.
> chain5.examp1e.com.     3455    IN      CNAME   chain4.examp1e.com.
> chain4.examp1e.com.     3455    IN      CNAME   chain3.examp1e.com.
> chain3.examp1e.com.     3455    IN      CNAME   chain2.examp1e.com.
> chain2.examp1e.com.     3455    IN      CNAME   chain1.examp1e.com.
> chain1.examp1e.com.     3466    IN      CNAME   chain0.examp1e.com.
> chain0.examp1e.com.     3460    IN      A       64.57.183.119
>
> ;; Query time: 2 msec
> ;; SERVER: 192.168.80.2#53(192.168.80.2)
> ;; WHEN: Wed May 27 13:31:17 EDT 2020
> ;; MSG SIZE  rcvd: 2275
> _______________________________________________
> DNSOP mailing list
> DNSOP@ietf.org
> https://www.ietf.org/mailman/listinfo/dnsop
>