CNAMEs and non-recursive name servers

Simpson, John R john_simpson at
Thu Mar 15 22:36:21 UTC 2001


	Our public name servers have recursion turned off for security and
performance reasons.  Some of our customers have asked us to add CNAME
records to their domains with right-hand-sides that are in external domains
(a web server from a web-hosting service).  These entries work fine on our
internal, recursive name servers, but fail on the public, non-recursive name
servers.  Queries for the CNAME record type work fine on both.

	It seems pretty clear what's happening -- the lookup of the outside
name is failing.  This synchs with Cricket's book, "When a name server looks
up a name and finds a CNAME record, it replaces the name with the canonical
name and looks up the new name."

	Is this normal, and if so, what are the preferred work arounds?
It'd be nice, at least for this specific problem, if it'd use the local
resolver config which points to the internal name servers to resolve the
outside name, but if that's not the standard behavior I'm sure it's for good
reasons.  I'm just looking for my options.

	Right now we're using an A record and the customer's systems are
working fine.  Using the CNAME would be nice for us because we wouldn't be
caught in the middle when the web server's IP addresses change (we've got a
lot of customers who use this hosting service).  And the customer would be
happier because "that's the way we've always done it."

	We're running BIND 8.2.3 on Solaris 7, the name servers are and, and the test zone file below
demonstrates the problem.   The record for
demonstrates the problem. works fine, since is in a zone where we're authoritative.


John Simpson	

$TTL 1d
@               IN      SOA (
                        86400 )

                IN      NS
                IN      NS     IN      MX 10        IN      CNAME         IN      CNAME

John R. Simpson							The Reynolds
and Reynolds Co.
Sr. Network Engineer						800
Germantown Street OH10
Network Services, Network Architecture Team			Dayton, OH
Voice (937) 485-2269 Fax (937) 485-2427
mailto:John_Simpson at

More information about the bind-users mailing list