tlimoncelli
commented
7 years ago The goal of IMPORT_TRANSFORM is to create a subdomain that is used for API calls. That is, calls that would normally go to X.old.com now need to go to X.old.com.new.com.
At this time, no code tries to connect to c.old.com. (or c.old.com.new.com.), so it doesn't matter that the CNAME is broken. It will never be used.
The cost of unused DNS records is a few kilobytes on the DNS servers. That is a lot less expensive than creating/debugging/maintaining code that doesn't affect production. Not generating those records would have cosmetic value, but doesn't affect production.
A little bit of SRE philosophy...
A big source of human error is mental-model mismatch. That is, when configuring/operating a system, the person has a mental model of what is going on in the system. They are, essentially, emulating the software in their head to predict that the change they are making will have the desired result they want. The more complex the system the less likely the mental model will match it. When there is a mismatch it leads to confusion, frustration, and more importantly it increases the risk of operating error the creates production problems. If the rules are simple ("the transformation always appends the new.com. domain") the mental model will be more accurate than if if it is complex ("the transformation appends new.com. but only if the target ends in old.com., plus serverfault.com and other domains in a whitelist; unless the record is annotated with the INCLUDE_IN_TRANSFORM keyword, etc. etc."). What if the rules include a little-known exception to handle a corner-case? It may seem like a good corner-case to fix, but not if it adds "mystery" to the system.
One could argue that unused DNS records adds mystery to the system. Someone looking at the DNS zone would see "google.com.new.com." and think it is a bug. However, it is easier to explain "unused records may not be valid" than a set of complex rules that eliminate such records. We can also point them to this bugid for more info.
One more thing...
"Future proofing is not adding stuff. Future proofing is making sure you can easily add code/features without breaking existing functionality." Imagine we do fix this cosmetic issue. Now imagine that at a later date there is a production reason why we need to change CNAME processing. We would have to fix the code and be careful not to break backwards compatibility with users that have grown to depend on the cosmetic change. In the worst case, the cosmetic change will have grown dependencies and will now be a production requirement. If the needed production change conflicts with the cosmetic change, we would be in a bind. In the best case, the code change is just more complex and requires more testing. On the other hand, if we leave these broken CNAMEs and wait for the day when we have a production-related feature request, implementing that feature will be easier. (Basically this is the rule that "Future proofing is not adding stuff.
captncraig
nicollet
Currently if I do:
I will end up with:
CNAME c.old.com.new.com. -> google.com.new.com.But nowhere else is that record defined in an A record or anything because it is outside the zone.
I'm wondering if the behaviour for CNAMES should first check if the cname is a FQDN outside the old zone, and if so, do nothing to it at all.
That would give us instead:
CNAME c.old.com.new.com. -> google.com.