correct way to do CNAME's on server with no recursion

Barry Margolin barmar at genuity.net
Tue Jan 22 20:01:11 UTC 2002


In article <a2kdhq$9mt at pub3.rc.vix.com>,
David Nedved  <dnedved at nuvox.net> wrote:
>I am in the process of splitting our DNS servers from 2 servers to do 
>everything, to a cluster of 2 to do recursion for access users, and a
>cluster of 2 to provide nonrecursive DNS for zones we host.
>
>Currently have an issue where on the server with recursion turned off,
>if the customer wants to have a CNAME pointing to outside of their
>zone, it doesn't work.
>
>For example:
>
>www	1h	IN	CNAME	www.foo.com.
>
>With this config, apparently people who are not our customers are
>not able to resolve the CNAME all the way back to an IP address.
>
>Right now we've turned recursion back on, and this has fixed it
>temporarily, but what is the correct way to do this?
>
>Do I need to put in glue NS records for the foo.com zone?
>Are glue records for other zones even valid within a zone file?

We've had recursion turned off on our authoritative servers for years, and
never had a problem like this.

When a caching server is trying to look up www.thisdomain, it will get the
CNAME record from your server.  It will then do its own lookup of
www.foo.com.

This should happen whether your server has recursion enabled or not.  When
a recursive server queries an authoritative server, it does so with the
Recursion Desired flag turned off, so your server would never be asked to
recurse.

-- 
Barry Margolin, barmar at genuity.net
Genuity, Woburn, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.


More information about the bind-users mailing list