DEVHIDE
Login Or Sign up

CNAME Record in Additional section

2.1k Views Asked by At

RFC 1034+1035 state the CNAME records should cause no additional section processing. But I am seeing an increasing trend of services like wordpress sending a CNAME chain with one part of the chain in the additional section. So, without parsing the additional section you cannot decode the DNS response.

Example:

;; QUESTION SECTION:
;after12.failblog.org.      IN  A

;; ANSWER SECTION:
after12.failblog.org.   3600    IN  CNAME   chzallnighter.wordpress.com.
vip-lb.wordpress.com.   300 IN  A   72.233.104.123
vip-lb.wordpress.com.   300 IN  A   76.74.255.117
vip-lb.wordpress.com.   300 IN  A   74.200.247.187
vip-lb.wordpress.com.   300 IN  A   74.200.247.59
vip-lb.wordpress.com.   300 IN  A   76.74.255.123
vip-lb.wordpress.com.   300 IN  A   72.233.127.217

;; AUTHORITY SECTION:
wordpress.com.      14400   IN  NS  ns1.wordpress.com.
wordpress.com.      14400   IN  NS  ns2.wordpress.com.
wordpress.com.      14400   IN  NS  ns3.wordpress.com.
wordpress.com.      14400   IN  NS  ns4.wordpress.com.
wordpress.com.      14400   IN  NS  ns5.wordpress.com.
wordpress.com.      14400   IN  NS  ns6.wordpress.com.

;; ADDITIONAL SECTION:
chzallnighter.wordpress.com. 300 IN CNAME   vip-lb.wordpress.com.
ns1.wordpress.com.  14400   IN  A   72.233.69.14
ns2.wordpress.com.  14400   IN  A   76.74.159.137
ns3.wordpress.com.  14400   IN  A   64.34.177.159
ns4.wordpress.com.  14400   IN  A   72.233.104.98
ns5.wordpress.com.  14400   IN  A   69.174.248.140
ns6.wordpress.com.  14400   IN  A   64.34.174.135

Note chzallnighter.wordpress.com. 300 IN CNAME vip-lb.wordpress.com. is in the Additional section and without it you cannot get to A records in the Answer.

Why are providers using such a tactic and what does it really buy them ?

dns rfc1035
Original Q&A
1

There are 1 best solutions below

5
On

The server you're talking to happens to be authoritative for both domains and gives you whatever it has. A smart client could optimize for this type of response, avoiding round-trips. One of those stretch-the-spec "make the web faster" type things.

A naive client might not notice that the server is authoritative for the CNAMEd domain, discard the additional data and re-query - ensuring a correct, secure result. A smart client can short-circuit a second query by noticing that it had asked server X for the original domain and that server X is also in the list of authoritative servers for the CNAMEd domain. Therefore the CNAME in the additional section is trustable.

Related Questions in DNS

Related Questions in RFC1035

Trending Questions

Popular # Hahtags

javascript python java c# php android html jquery c++ css ios sql mysql r reactjs node.js arrays c asp.net json python-3.x ruby-on-rails .net sql-server swift django angular objective-c pandas excel

Popular Questions

Copyright © 2021 Jogjafile Inc.