Define a domains addresses sole in terms of another
savagebeaste at yahoo.com
Thu Jul 12 16:44:58 UTC 2007
Barry Margolin wrote:
> In article <f727at$1er6$1 at sf1.isc.org>,
> "Clenna Lumina" <savagebeaste at yahoo.com> wrote:
>> Barry Margolin wrote:
>>> In article <f6u9f2$1uva$1 at sf1.isc.org>,
>>> Stephane Bortzmeyer <bortzmeyer at nic.fr> wrote:
>>>>> webmail IN CNAME www
>>>> Forbidden, you cannot have a CNAME going to a CNAME.
>>> Yes you can. The RFC recommends against it for performance reasons,
>>> but doesn't prohibit it. It even mentions that resolvers must
>>> follow CNAME chains, but may have limits on the number of CNAMEs
>>> that will be followed in order to avoid loops.
>>> All the web sites that use DNS-based load balancing like Akamai and
>>> Savvis ITM would be in big trouble if CNAME chains weren't allowed.
>>> $ dig download.microsoft.com
>>> ; <<>> DiG 9.3.4 <<>> download.microsoft.com
>>> ;; global options: printcmd
>>> ;; Got answer:
>>> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5269
>>> ;; flags: qr rd ra; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL:
>>> ;; QUESTION SECTION:
>>> ;download.microsoft.com. IN A
>>> ;; ANSWER SECTION:
>>> download.microsoft.com. 2566 IN CNAME main.dl.ms.akadns.net.
>>> main.dl.ms.akadns.net. 52 IN CNAME dom.dl.ms.akadns.net.
>>> dom.dl.ms.akadns.net. 52 IN CNAME dl.ms.d4p.net.
>>> dl.ms.d4p.net. 3790 IN CNAME dl.ms.georedirector.akadns.net.
>>> dl.ms.georedirector.akadns.net. 1189 IN CNAME a767.ms.akamai.net.
>> That's odd... my locla bind server gives me a completely different
>> set of file A records:
> That's what Akamai (and other CDNs) does -- we have thousands of
> servers around the Internet, and use them to balance load and send
> you to the closest or least loaded server. Different users will
> likely get different responses, and even a single user may get
> different responses if they wait 5-10 minutes between lookups.
While this can be a good thing, especially for an entity as large as
>> Is this some sort of crazy load balancing akamai.net is doing? Seeing
>> all those CNAMEs when doing the lookup for 'akamai.net' seems VERY
> Yes, it's crazy load balancing. It allows us to react quickly to down
> or overloaded servers, network congestion, routing problems, etc.
> Note that the first level of CNAMEs has reasonably long TTLs, and
> only the A records have very short TTLs, so you don't have to look up
> the entire CNAME chain every time.
Ok, but still, having tiny TTL's in the A records means there's going to
be a LOT of activity between any slaves. While I understand that it's
all in the name of load balancing, I still find it strange, as I always
understood having so many inconsistencies between slaves was something a
good dns admin wants to avoid :)
> It works well enough that we were one of the top-growing companies in
> Massachusetts in the past few years and were just added to the S&P
> Disclaimer: I work for Akamai, but I am not a spokesman.
> Barry Margolin, barmar at alum.mit.edu
> Arlington, MA
> *** PLEASE post questions in newsgroups, not directly to me ***
> *** PLEASE don't copy me on replies, I'll read them in the group ***
Um, you realize this is /also/ a mailing list, right?
More information about the bind-users