additional-from-cache and CNAME records
Barry Margolin
barmar at alum.mit.edu
Thu Aug 19 00:16:19 UTC 2004
In article <cg02q6$3019$1 at sf1.isc.org>,
Jeremie Le Hen <jeremie.le-hen at epita.fr> wrote:
> Hi,
>
> first excuse-me for my english.
>
> This may be a FAQ, but I did not succeed to find anything about this on
> mailing-list archives nor the FAQ. I use Bind 9.2.3.
>
> I have a zone with a CNAME pointing to a record which is totally
> outside my zones. Since it is an authoritative-only name server view,
> I want to disable exposure of cached private informations so I use
> the "additional-from-cache" statement. The problem is that when
> I disable this, the server refuses to answer to all queries concerning
> CNAME pointing outside my delegation when the resolver queries for an A
> record, while A and other CNAME records pointing into my delegation are
> still well answered. When I re-enable it, it works like a charm.
>
> Here is an example (zone example.com) :
> a-name IN A 123.123.123.123
> point-inside IN CNAME a-name
> point-outside IN CNAME another-name.at.another-domain.com.
>
>
> Whatever the value of "additional-from-cache yes", ``a-name.example.com''
> and ``point-inside.example.com'' are always answered but this is not the
> case for ``point-outside.example.com''. But when "additional-from-cache"
> is disabled, then the latter won't be answered any longer when queried with
> an A record. In this case, it would indeed normally answers with the CNAME
> record, despite the query is an A, AFAIK. Unfortunatelly, I must
> explicitly ask for a CNAME here.
Isn't that what you want to happen? You said you want to "disable
exposure of cached private informations". Since your server is not
authoritative for another-domain.com, this A record would have to come
from the cache. So your server just responds with the CNAME record, and
the server that's querying it is expected to follow the alias itself.
--
Barry Margolin, barmar at alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***
More information about the bind-users
mailing list