-
-
Notifications
You must be signed in to change notification settings - Fork 99
New issue
Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.
By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.
Already on GitHub? Sign in to your account
CNAME should be explicitly allowed or disallowed in server name resolution spec #606
Comments
Reading it word for word, it would indeed be a Synapse issue as the MSC was not clear: matrix-org/matrix-spec-proposals#1708 However, it's logical to assume that CNAME is supported as it does eventually point to an A or AAAA record. |
I don't know if you are aware, but SRVs are not allowed to have a CNAME as target. I guess this is only about .well-known and server_name?
|
Since there hasn't been any movement on this issue for over a year, I figured I'd add an outsider's point of view: It would indeed make sense for CNAME's to be allowed (for .well-known and server_name), as that is how the larger internet functions in general. However, reading the current spec, I would understand it as them to specifically not be allowed. In my personal opinion as somebody that has implemented numerous specifications/protocols/servers, this is extremely jarring and confusing and I would heavily recommend clarifying the spec to explicitly allow CNAME as well. Or, even better: word it something to the extend of "using the standard hostname resolution of the operating system", so that potential future changes to DNS are automatically accounted for and followed in a logical/consistent manner. Especially since Synapse already follows CNAME records and following them inside a browser cannot be avoided (!), it would make sense to not let this rest for even longer and fix up the wording to be in-line with both current behavior of the reference implementation and the capabilities of modern browsers. |
Each step in the "Resolving server names" spec tells you to "resolve the IP address using AAAA or A records", which doesn't make it clear whether or not CNAME records are allowed.
If they're not allowed, Synapse should be fixed not to allow them.
The text was updated successfully, but these errors were encountered: