Define a domains addresses sole in terms of another

Kevin Darcy kcd at
Thu Jul 12 21:25:19 UTC 2007

Clenna Lumina wrote:
> Barry Margolin wrote:
>> In article <f727at$1er6$1 at>,
>> "Clenna Lumina" <savagebeaste at> wrote:
>>> Barry Margolin wrote:
>>>> In article <f6u9f2$1uva$1 at>,
>>>> Stephane Bortzmeyer <bortzmeyer at> wrote:
>>>>>> webmail                          IN CNAME   www
>>>>> Forbidden, you cannot have a CNAME going to a CNAME.
>>>> Yes you can.  The RFC recommends against it for performance reasons,
>>>> but doesn't prohibit it.  It even mentions that resolvers must
>>>> follow CNAME chains, but may have limits on the number of CNAMEs
>>>> that will be followed in order to avoid loops.
>>>> All the web sites that use DNS-based load balancing like Akamai and
>>>> Savvis ITM would be in big trouble if CNAME chains weren't allowed.
>>>> $ dig
>>>> ; <<>> DiG 9.3.4 <<>>
>>>> ;; global options:  printcmd
>>>> ;; Got answer:
>>>> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5269
>>>> ;; flags: qr rd ra; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL:
>>>> 0
>>>> ;      IN A
>>>> 2566  IN CNAME
>>>>  52 IN CNAME
>>>>   52 IN CNAME
>>>>    3790  IN CNAME
>>>>  1189 IN  CNAME
>>> That's odd... my locla bind server gives me a completely different
>>> set of file A records:
>> That's what Akamai (and other CDNs) does -- we have thousands of
>> servers around the Internet, and use them to balance load and send
>> you to the closest or least loaded server.  Different users will
>> likely get different responses, and even a single user may get
>> different responses if they wait 5-10 minutes between lookups.
> While this can be a good thing, especially for an entity as large as 
> Google.
>>> Is this some sort of crazy load balancing is doing? Seeing
>>> all those CNAMEs when doing the lookup for '' seems VERY
>>> inefficient.
>> Yes, it's crazy load balancing.  It allows us to react quickly to down
>> or overloaded servers, network congestion, routing problems, etc.
>> Note that the first level of CNAMEs has reasonably long TTLs, and
>> only the A records have very short TTLs, so you don't have to look up
>> the entire CNAME chain every time.
> Ok, but still, having tiny TTL's in the A records means there's going to 
> be a LOT of activity between any slaves. While I understand that it's 
> all in the name of load balancing, I still find it strange, as  I always 
> understood having so many inconsistencies between slaves was something a 
> good dns admin wants to avoid :)
They're not "slaves" in the regular sense, they're just DNS responders 
that give out geographically- and/or topologically-customized responses. 
"Inconsistency", as per the classic model, is not just a side-effect of 
their technology, it's actually the whole *point* of it.

               - Kevin

More information about the bind-users mailing list