Comments (5)
I don't see any issue with the spec as such. CNAME on APEX is forbidden by DNS RFCs.
That said Cloudflare indeed supports something like CNAME flattening, which is not DNS standard but their implementation [1].
In fact what they do is not putting/responding with a real CNAME but rather looking up the records on the fly and responding with whose.
As far as this will be working fine if there is only this CNAME on the APEX, some tricky situation s may happen if there are more records - for example A record coming both from the alias domain and the origin. Which one should be correct?
I'm sure @kerolasa can tell more context, but I can imagine why Cloudflare would be willing to block such mix. Is the setup you are trying to achieve at all possible in their control panel?
If yes, they may decide to relax the conflict management on their side to support this use case better. This is then vendor specific.
Anyway I would not recommend using CNAME on APEX in any template, as it would basically only work with providers having CNAME flattening which is not standard.
[1] https://blog.cloudflare.com/introducing-cname-flattening-rfc-compliant-cnames-at-a-domains-root/
from spec.
As Pawel said, in traditional DNS CNAME on apex is not allowed. How ever Cloudflare does support such CNAMEs, that get flattened, that is queried from where the CNAME is pointing at time authoritative server receives request and converting dynamically the CNAME to what ever one can find from the CNAME destination.
And that is where the problem lies. In traditional DNS one have any records with CNAME. Same is true in case of CNAME flattening, authority about other records is forwarded to CNAME destination. One could argue CNAME flattening should only work for A and AAAA records, but that is not how it was implemented and people rely on existing behaviour so it cannot be changed.
from spec.
Thank you for your response and detailed explanation, @pawel-kow and @kerolasa. This issue was brought to our attention by one of our customers who uses CNAME flattening. They noticed that the removal of non-conflicting TXT and MX records never happened when they added the CNAME record directly from the Cloudflare console. Therefore, we decided to raise this issue as it was only occurring during domain connect flows and we were hoping for a fix to this DC logic. We really appreciate your time in looking into this issue.
from spec.
@Thekkedath as mentioned before, not a specification issue.
CNAME flattening is vendor specific, therefore the spec would not be able to dictate an unified behaviour here that would work the same across providers.
Indeed if Cloudflare control panel allows to create such CNAME alongside of existing MX/TXT record and the domain connect flow does erase those records it is kind of inconsistency which you may discuss with @kerolasa representing the provider.
I may keep the issue open here or you may move to another venue and close this issue.
from spec.
Thank you, Pawel. This makes complete sense to me. I will get in touch with the Cloudflare team to see if we can address the inconsistency between the DC conflict logic and the Cloudflare console. I appreciate your time in looking into this.
from spec.
Related Issues (20)
- Multi domain application
- Multi-template application
- Specify better mixed APEX/subdomain template kind
- Multiple instances of the same record
- Template compatibility test
- Lack of overview on the level of spec support by the DNS provider HOT 2
- Template onboarding automation
- IETF submission
- New record types (CAA)
- Validation of _domainconnect TXT record contents HOT 1
- General acceptance of txtConflictMatchingPolicy
- Inconsistencies in the implementations from DNS providers and/or signalling of implemented features set
- Using variables in port for SRV records HOT 5
- Register _domainconnect TXT record with IANA as per RFC8552
- Add success state to redirect_uri to validate changes HOT 4
- Possible extension for full domain and zone transfer
- 966559068865 HOT 1
- > https:// [[email protected]](mailto:[email protected])
- > https:// [[email protected]](mailto:[email protected])
Recommend Projects
-
React
A declarative, efficient, and flexible JavaScript library for building user interfaces.
-
Vue.js
🖖 Vue.js is a progressive, incrementally-adoptable JavaScript framework for building UI on the web.
-
Typescript
TypeScript is a superset of JavaScript that compiles to clean JavaScript output.
-
TensorFlow
An Open Source Machine Learning Framework for Everyone
-
Django
The Web framework for perfectionists with deadlines.
-
Laravel
A PHP framework for web artisans
-
D3
Bring data to life with SVG, Canvas and HTML. 📊📈🎉
-
Recommend Topics
-
javascript
JavaScript (JS) is a lightweight interpreted programming language with first-class functions.
-
web
Some thing interesting about web. New door for the world.
-
server
A server is a program made to process requests and deliver data to clients.
-
Machine learning
Machine learning is a way of modeling and interpreting data that allows a piece of software to respond intelligently.
-
Visualization
Some thing interesting about visualization, use data art
-
Game
Some thing interesting about game, make everyone happy.
Recommend Org
-
Facebook
We are working to build community through open source technology. NB: members must have two-factor auth.
-
Microsoft
Open source projects and samples from Microsoft.
-
Google
Google ❤️ Open Source for everyone.
-
Alibaba
Alibaba Open Source for everyone
-
D3
Data-Driven Documents codes.
-
Tencent
China tencent open source team.
from spec.