[Pdns-users] Please test: ALIAS/ANAME apex record in PowerDNS

Pepe Charli ppcharli at gmail.com
Tue Dec 30 08:28:12 UTC 2014


Are implemented these  ALIAS/ANAME records  in PowerDNS Authoritative
Server 3.4.1 ?


2014-09-21 12:54 GMT+02:00 bert hubert <bert.hubert at netherlabs.nl>:
> Hi everybody,
> Based on strong user interest, we are fast-tracking the implementation of
> ALIAS/ANAME records, to solve the 'CNAME at apex' problem. Because of the
> fast-tracking, we need rapid feedback to see if we got it right (see the end
> of the mail for details).
> In short, you can CNAME 'www.yourdomain.com' to a CDN or somewhere else, but
> you can't CNAME 'yourdomain.com', since that breaks DNS. This blogpost by
> CloudFlare expands on the problem:
> https://support.cloudflare.com/hc/en-us/articles/200169056-CNAME-Flattening-RFC-compliant-support-for-CNAME-at-the-root
> Today, we implemented ALIAS support as an experimental PowerDNS feature,
> which allows the following:
> $ORIGIN example.com.
> @       IN      SOA     ns1 ahu 2014091619 7200 3600 1209600 3600
> @       IN      NS      ns1
> @       IN      NS      ns2
> www     IN      CNAME   xs.powerdns.com.
> ns1     IN      A
> ns2     IN      A
> @       IN      ALIAS   www.powerdns.com.
> @       IN      MX      25 outpost.ds9a.nl.
> elsewhere       IN      CNAME   @
> The branch can be found on https://github.com/PowerDNS/pdns/tree/alias and
> we should have packages soon.
> The current semantics for the ALIAS pseudo-record are that they only match
> if no real record did.  So in the case above, an MX query for example.com
> would return "25 outpost.ds9a.nl".  But a query for AAAA would return the
> IPv6 address obtained by following the www.powerdns.com CNAME chain to
> xs.powerdns.com. This also works for all other record types, btw.
> Our implementation uses a defined resolver to look up the actually requested
> record, and adds the data found to the packet built so far. This means that
> querying 'elsewhere.example.com' will include a CNAME to example.com, which
> in turn will lead to processing of the ALIAS record.
> Finally, for TTL, we currently use what the resolver gave us. But perhaps we
> could use the TTL of the ALIAS record instead, or as a maximum? Or minimum?
> Please let us know your thoughts based on the semantics outlined above.
> Would this work for you? Do you miss anything? Is there a need for multiple
> ALIAS statements for load balancing? Are we needlessly incompatible with
> existing implementations? Is there standardization work we could align
> against?
> Your input is highly welcome!
>         Bert
> PS: the above is currently not yet supported for DNSSEC domains!
> --
> PowerDNS Website: http://www.powerdns.com/
> Contact us by phone on +31-15-7850372
> _______________________________________________
> Pdns-users mailing list
> Pdns-users at mailman.powerdns.com
> http://mailman.powerdns.com/mailman/listinfo/pdns-users

More information about the Pdns-users mailing list