Define a domains addresses sole in terms of another

Clenna Lumina savagebeaste at
Thu Jul 12 16:44:58 UTC 2007

Barry Margolin wrote:
> In article <f727at$1er6$1 at>,
> "Clenna Lumina" <savagebeaste at> wrote:
>> Barry Margolin wrote:
>>> In article <f6u9f2$1uva$1 at>,
>>> Stephane Bortzmeyer <bortzmeyer at> wrote:
>>>>> webmail                          IN CNAME   www
>>>> Forbidden, you cannot have a CNAME going to a CNAME.
>>> Yes you can.  The RFC recommends against it for performance reasons,
>>> but doesn't prohibit it.  It even mentions that resolvers must
>>> follow CNAME chains, but may have limits on the number of CNAMEs
>>> that will be followed in order to avoid loops.
>>> All the web sites that use DNS-based load balancing like Akamai and
>>> Savvis ITM would be in big trouble if CNAME chains weren't allowed.
>>> $ dig
>>> ; <<>> DiG 9.3.4 <<>>
>>> ;; global options:  printcmd
>>> ;; Got answer:
>>> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5269
>>> ;; flags: qr rd ra; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL:
>>> 0
>>> ;      IN A
>>> 2566  IN CNAME
>>>  52 IN CNAME
>>>   52 IN CNAME
>>>    3790  IN CNAME
>>>  1189 IN  CNAME
>> That's odd... my locla bind server gives me a completely different
>> set of file A records:
> That's what Akamai (and other CDNs) does -- we have thousands of
> servers around the Internet, and use them to balance load and send
> you to the closest or least loaded server.  Different users will
> likely get different responses, and even a single user may get
> different responses if they wait 5-10 minutes between lookups.

While this can be a good thing, especially for an entity as large as 

>> Is this some sort of crazy load balancing is doing? Seeing
>> all those CNAMEs when doing the lookup for '' seems VERY
>> inefficient.
> Yes, it's crazy load balancing.  It allows us to react quickly to down
> or overloaded servers, network congestion, routing problems, etc.
> Note that the first level of CNAMEs has reasonably long TTLs, and
> only the A records have very short TTLs, so you don't have to look up
> the entire CNAME chain every time.

Ok, but still, having tiny TTL's in the A records means there's going to 
be a LOT of activity between any slaves. While I understand that it's 
all in the name of load balancing, I still find it strange, as  I always 
understood having so many inconsistencies between slaves was something a 
good dns admin wants to avoid :)

> It works well enough that we were one of the top-growing companies in
> Massachusetts in the past few years and were just added to the S&P
> 500.
> Disclaimer: I work for Akamai, but I am not a spokesman.
> --
> Barry Margolin, barmar at
> Arlington, MA
> *** PLEASE post questions in newsgroups, not directly to me ***
> *** PLEASE don't copy me on replies, I'll read them in the group ***

Um, you realize this is /also/ a mailing list, right?


More information about the bind-users mailing list