fixing insecure email infrastructure (was: Re: [eweek article]

Todd Vierling tv at duh.org
Fri Jan 14 15:52:03 UTC 2005


On Fri, 14 Jan 2005, Suresh Ramasubramanian wrote:

> > > That's bad sincd DNAME is deprecated and has been removed from BIND.
> >
> > No, its A6 that is to be depreciated (and too bad because its superior
> > to AAAA), but last I heard DNAME stays as standard RR.
>
> Cue DJB's "kill A6" page
> http://cr.yp.to/djbdns/killa6.html

Well, A6 is not DNAME; the only relation is that A6 needed DNAME in the
reverse lookup direction.

DNAME is quite useful in the forward lookup direction, particularly since
synthesizing CNAMEs for older resolvers is part of the requirement.  It
allows moving of an entire subdomain wholesale from one parent to another
without creating a flurry of CNAMEs.  This helps even more if you have a
wildcard subdomain in there.  8-)

-- 
-- Todd Vierling <tv at duh.org> <tv at pobox.com>



More information about the NANOG mailing list