faqts : Computers : Internet : Domain Names : djbdns

+ Search
 Add Entry AlertManage Folder Edit Entry Add page to http://del.icio.us/
Did You Find This Entry Useful?

110 of 116 people (95%) answered Yes
Recently 10 of 10 people (100%) answered Yes

Entry

Why are CNAMEs considered evil?

Aug 10th, 2002 21:09
Brian Coogan, 


A CNAME is an alias that is implemented by the client (to allow you to 
CNAME to other domains).  As a result, the client usually has to 
perform at least 2 lookups to get a record when a CNAME is used – one 
to get the CNAME and one to get the A record (less lookups may be 
needed if the CNAME target is in the bailiwick of the nameserver 
serving the CNAME and glue is sent).  Additionally, since CNAME is 
implemented in the client software, there are inconsistent 
implementations around that may cause you weird, hard-to-diagnose 
problems.  See below for an RFC quote on the subject.
To see what Dan has to say about CNAMES, look up the webpage 
http://cr.yp.to/djbdns/notes.html and search for the Aliases heading 
(there's no name anchor).  Dan advocates that CNAMEs not be used, 
giving an argument that chains of CNAMEs are easily misconfigured.
It's illegal to point NS, MX or CNAME records to CNAMEs. That alone 
should be enough reason to not use them. Somebody else may CNAME to a 
host at your site, and the moment you change that A into a CNAME stuff 
breaks  [this point is the same as Dan’s]
According to RFC-821, if the domain you are sending mail to is a 
CNAME, 
the SMTP sender is supposed to rewrite the recipient addresses to the 
CNAME target.  The relevant text from RFC-1123 is:
 5.2.2  Canonicalization: RFC-821 Section 3.1
  The domain names that a Sender-SMTP sends in MAIL and RCPT
  commands MUST have been  "canonicalized," i.e., they must be
  fully-qualified principal names or domain literals, not nicknames
  or domain abbreviations.  A canonicalized name either
  identifies a host directly or is an MX name; it cannot be a
  CNAME.
[most of this was stolen from posts to the mailing list during late 
2000 and early 2001, apologies for lack of acknowledgement]
There is some further discussion on CNAME use (with respect to CNAME 
chains) in an article by Dan at:
   http://cr.yp.to/djbdns/killa6.html
Excerpt: "RFC 1034 says that the first CNAME ``should always'' get me 
to the canonical name, to avoid ``extra indirections,'' but it also 
says that I should follow chains if they do happen."
A thorough analysis of the RFCs as related to this point can be found 
at:
   http://www.intac.com./~cdp/cptd-faq/section6.html#MXCNAMEA
   (Question 6.5)