kcd at daimlerchrysler.com
Tue Nov 21 20:29:46 UTC 2006
1. Resolver sends a query gets only a CNAME in the response
2. Resolver looks up the target of the CNAME and it resolves to an A record
Sure, it's more *convenient* to get the A record in the first step. But
any fully-featured (= iterative) resolver should be able to get the A
record "the hard way" if it needs to.
Perhaps you don't understand that a real resolver follows a whole
*algorithm* for resolving names, which might involve several different
lookups. A lookup tool like dig or nslookup, however, in the absence of
any special configuration, options, etc. just does individual lookups so
it may only be showing you *part* of the overall resolution process, a
piece of the puzzle, as it were. You could try the +trace option to dig,
if you want to see something more like a full DNS-resolution sequence.
Nick Allum wrote:
> Would someone be able to explain what "An iterative resolver has to be
> able to deal with such responses" would mean.
> What I am trying to do is turn off recusrion, so I just have an
> advertising dns server for my domains, however some of my CNAME records
> point to some external domains which are not resolving once I set
> recursion off. I am running bind 9.2.4
> -----Original Message-----
> From: bind-users-bounce at isc.org [mailto:bind-users-bounce at isc.org] On
> Behalf Of Chris Thompson
> Sent: Wednesday, November 15, 2006 2:01 PM
> To: Bind Users Mailing List
> Subject: RE: Recursion off\forward
> On Nov 15 2006, Nick Allum wrote:
>> I had another question within regarding "recursion off"
>> If you have recursion off and you have a CNAME that point to some non
>> authorative domain/A Record you get a negative response.
> You get a response with the answer section containing the CNAME but not
> A record, and an rcode of zero. I wouldn't call that "a negative
> response". An iterative resolver has to be able to deal with such
>> Is there a way to work around this. Senario My server is the authority
>> for abcd.com and withing the abcd.com record I have the following
>> Test IN CNAME hdshsh.frdskfjh.com
>> For which "frdskfjh.com" I am not the authority for so when I try to
>> lookup test.abdc.com I get a negative response. Is there a way to work
>> around this other than using the IP vs CNAME.
> It seems to me that you are still asking for "recursion sometimes"
> rather than "recursion no".
More information about the bind-users