CNAMEs and non-recursive name servers
Simpson, John R
john_simpson at reyrey.com
Thu Mar 15 22:36:21 UTC 2001
Our public name servers have recursion turned off for security and
performance reasons. Some of our customers have asked us to add CNAME
records to their domains with right-hand-sides that are in external domains
(a web server from a web-hosting service). These entries work fine on our
internal, recursive name servers, but fail on the public, non-recursive name
servers. Queries for the CNAME record type work fine on both.
It seems pretty clear what's happening -- the lookup of the outside
name is failing. This synchs with Cricket's book, "When a name server looks
up a name and finds a CNAME record, it replaces the name with the canonical
name and looks up the new name."
Is this normal, and if so, what are the preferred work arounds?
It'd be nice, at least for this specific problem, if it'd use the local
resolver config which points to the internal name servers to resolve the
outside name, but if that's not the standard behavior I'm sure it's for good
reasons. I'm just looking for my options.
Right now we're using an A record and the customer's systems are
working fine. Using the CNAME would be nice for us because we wouldn't be
caught in the middle when the web server's IP addresses change (we've got a
lot of customers who use this hosting service). And the customer would be
happier because "that's the way we've always done it."
We're running BIND 8.2.3 on Solaris 7, the name servers are
ns01.reyrey.net and ns02.reyrey.net, and the test zone file below
demonstrates the problem. The record for www.carsrus.reyrey.net
demonstrates the problem. Test.carsrus.reyrey.net works fine, since
gw.reyrey.net is in a zone where we're authoritative.
@ IN SOA ns01.reyrey.net. hostmaster.reyrey.net. (
IN NS ns01.reyrey.net.
IN NS ns02.reyrey.net.
carsrus.reyrey.net. IN MX 10 mailrtr01.reyrey.net.
test.carsrus.reyrey.net. IN CNAME gw.reyrey.net.
www.carsrus.reyrey.net. IN CNAME www.redhat.com.
John R. Simpson The Reynolds
and Reynolds Co.
Sr. Network Engineer 800
Germantown Street OH10
Network Services, Network Architecture Team Dayton, OH
Voice (937) 485-2269 Fax (937) 485-2427
mailto:John_Simpson at reyrey.com
More information about the bind-users