MoinQ:

DNS/DNAMEについて、ここに記述してください。

The DNAME RR has mnemonic DNAME and type code 39 (decimal). It is CLASS-insensitive.

/Acceptance /tinydns /解説

watchNS/jaist.jp

DNAMEが作られたゾーンのNSレコードにどういう意味があるのだろう。

-- ToshinoriMaeno 2019-09-04 02:24:01

1. 探索の手順の変更

QNAMEにマッチする名前がない場合に、先頭のラベルを削って再度ゾーンを探索する。(ダメ)

qname minimisationとの整合性はあるのか。-- ToshinoriMaeno 2019-09-06 04:05:17

いや、それよりもDNAMEがなかったときの探索との整合性は?

https://tools.ietf.org/html/rfc6672

Abstract

   The DNAME record provides redirection for a subtree of the domain
   name tree in the DNS.  That is, all names that end with a particular
   suffix are redirected to another part of the DNS.  This document
   obsoletes the original specification in RFC 2672 as well as updates
   the document on representing IPv6 addresses in DNS (RFC 3363).

  That is, all names that end with a particular suffix are redirected to another part of the DNS.

This document obsoletes the original specification in RFC 2672 as well as updates the document on representing IPv6 addresses in DNS (RFC 3363).

2.2.  The DNAME Substitution

   When following step 3 of the algorithm in RFC 1034 [RFC1034], Section
   4.3.2, "start matching down, label by label, in the zone" and a node
   is found to own a DNAME resource record, a DNAME substitution occurs.

こういう手順で探索しているのですかね。

   The name being sought may be the original query name or a name that
   is the result of a CNAME resource record being followed or a
   previously encountered DNAME.  As in the case when finding a CNAME
   resource record or NS resource record set, the processing of a DNAME
   will happen prior to finding the desired domain name.

   A DNAME substitution is performed by replacing the suffix labels of
   the name being sought matching the owner name of the DNAME resource
   record with the string of labels in the RDATA field.  The matching
   labels end with the root label in all cases.  Only whole labels are
   replaced.  See the table of examples for common cases and corner cases.

   In the table below, the QNAME refers to the query name.  The owner is
   the DNAME owner domain name, and the target refers to the target of
   the DNAME record.  The result is the resulting name after performing
   the DNAME substitution on the query name. "no match" means that the

   query did not match the DNAME, and thus no substitution is performed
   and a possible error message is returned (if no other result is
   possible).  Thus, every line contains one example substitution.  In
   the examples below, 'cyc' and 'shortloop' contain loops.

    QNAME            owner  DNAME   target         result
    ---------------- -------------- -------------- -----------------
    com.             example.com.   example.net.   <no match>
    example.com.     example.com.   example.net.   [0]
    a.example.com.   example.com.   example.net.   a.example.net.
    a.b.example.com. example.com.   example.net.   a.b.example.net.
    ab.example.com.  b.example.com. example.net.   <no match>
    foo.example.com. example.com.   example.net.   foo.example.net.
    a.x.example.com. x.example.com. example.net.   a.example.net.
    a.example.com.   example.com.   y.example.net. a.y.example.net.
    cyc.example.com. example.com.   example.com.   cyc.example.com.
    cyc.example.com. example.com.   c.example.com. cyc.c.example.com.
    shortloop.x.x.   x.             .              shortloop.x.
    shortloop.x.     x.             .              shortloop.

   [0] The result depends on the QTYPE.  If the QTYPE = DNAME, then
       the result is "example.com.", else "<no match>".

                   Table 1. DNAME Substitution Examples

<no match> は置換えを行わないということ。-- ToshinoriMaeno 2019-09-06 10:26:20

5.1. Canonical Hostnames Cannot Be below DNAME Owners

The names listed as target names of MX, NS, PTR, and SRV [RFC2782]
   records must be canonical hostnames.  This means no CNAME or DNAME
   redirection may be present during DNS lookup of the address records
   for the host. 

5.3. DNSSEC and DNAME どうなるのか。(署名)

6. Examples of DNAME Use in a Zone

8. Security Considerations

If a validating resolver accepts wildcarded DNAMEs, this creates