Questions about DNAME records

Braebaum, Neil Neil.Braebaum at shopdirect.com
Wed Jun 17 10:51:11 UTC 2009 

> -----Original Message-----
> From: Chris Buxton [mailto:cbuxton at menandmice.com] 
> Sent: 16 June 2009 15:40
> To: Braebaum, Neil
> Cc: Bind Mailing
> Subject: Re: Questions about DNAME records
> 
> On Jun 16, 2009, at 1:37 AM, Braebaum, Neil wrote:
> > What I was getting at - probably worded poorly - was say I 
> wanted to 
> > provide resolution for something like:-
> >
> > _service._tcp.example.com.
> >
> > if I'd previously created the DNAME record (example.com.	IN
> > DNAME		example2.com.), would creating a SRV RR 
> record in
> > example2.com.:-
> >
> > _service._tcp.example2.com.
> >
> > work as resolution for it?
> 
> Yes. The final and complete answer will be:
> 
> _service._tcp.example.com.	IN	CNAME	
> _service._tcp.example2.com.
> _service._tcp.example2.com.	IN	SRV	... 4 fields here ...
> 
> > As to the forwarding thing, what I was thinking of, is that 
> > example2.com. forwards out to internet DNS servers for external 
> > resolution
> 
> Unfortunately, that's a nonsensical assertion. A domain does 
> not forward. A DNS server forwards.

OK, the DNS servers that are authoritative for example2.com.

> > and it just so happens that example.com. is a namespace we use 
> > externally. So would it work in the scenario I've given, that if I 
> > wanted to provide resolution for _service._tcp.example.com. (if it 
> > works with the DNAME scenario I've described above), would other 
> > records for example.com. that aren't catered for in 
> example2.com., be 
> > obtained by merit of example2.com. forwarding? Or would the DNAME 
> > configuration not allow it?
> 
> A DNAME record precludes child names. That is, you cannot 
> have any names of the form "foo.example.com" and also have a 
> DNAME record named "example.com".
> 
> > I guess what I'm wondering is that if example.com. is DNAMEd to 
> > example2.com. and the records aren't in example2.com. does 
> the enquiry 
> > end there, or could / would the question be dealt with by merit of 
> > example2.com. forwarding to internet DNS servers?
> 
> If you have a DNAME record named example.com, then aside from 
> other records named example.com, there cannot be any other 
> records in the example.com zone. No subdomains are allowed.

I think this is why I'm struggling to fully understand the DNAME usage -
the example I gave above:-

_service._tcp.example.com.

would (effectively) be subdomain records from example.com. that I'm
hoping to be able to provide responses for by using:-

example.com.	IN	DNAME		example2.com.

and creating:-

_service._tcp.example2.com. SRV resource records in example2.com., which
you said would work above.

> So if example.com is hosted on the outside, and example2.com 
> is internal, an internal resolver will see the external DNAME 
> record (and related, synthesized CNAME records) and be able 
> to resolve them inside example2.com (assuming it can find 
> example2.com).

What I was hoping to do was create, or perhaps more correctly, cater for
a specific and small number of records for example.com. (by DNAME'ing to
example2.com.) internally, by creating a very simple zone with the DNAME
to example2.com. - merely to provide answers for these resource records,
that I don't want - nor are relevant - to the external use of
example.com.

example.com. is known on the internet, provided by a managed service DNS
provided, and hosts some ecom related DNS records. I'm kind of being
forced down the track of providing some resolution for some specific
records (the resource records I've given examples for) internally
(because of the domain name used for some email addresses), but I don't
want to provide a fully authoritative zone for example.com. internally,
because I don't want to have to maintain duplicate records in an
internal example.com. authoritative zone, and for the external
example.com. zone, and because I don't want to have to maintain or
expose these resource records in my external example.com. zone.

So what I was wondering was, by merit of using a DNAME record, is
whether I could host the small number of resource records (that really
are subdomain records from example.com.), and using a DNAME record
internally, provide them in example2.com., and because the nameservers
that are authoritative for example2.com. forward to internet DNS
servers, whether they would in the scenario that the internal name
enquired on in example.com. isn't present in example2.com. (eg say, some
of the ecom related records in the external example.com. that I don't
really want to have to cater for internally, too).

> If there is no external version of example2.com, then you're 
> creating problems, because a DNAME record from a public zone 
> to a strictly private zone will cause resolution for the 
> public for names in the example.com domain (except 
> example.com itself) to fail.

example2.com. is purely an internal namespace, and I wasn't thinking of
creating a DNAME record in my external example.com. domain. I was
thinking of creating an internal zone for example.com., creating the
DNAME record, so hopefully providing the resource records that are
subdomain values for example.com., by creating them in my (internal)
example2.com. (not known externally).

What I was really driving at, was whether - by merit of the DNAME record
- internal DNS questions for names in example.com. (assuming I setup an
internal zone for example.com. simply with the DNAME to example2.com.)
that were entries not created in example2.com. (so ecom DNS entries that
are present in the external example.com.) would get no answer because
the entries hadn't been created for them in the internal example2.com.,
or whether they could potentially be resolved because example2.com.
(internal) nameservers forward to internet DNS servers, and would then
find the external example.com. domain?

> Unfortunately, if this explanation isn't clear, I would need 
> to know exactly what you're trying to accomplish, probably 
> including real names, in order to help further. My employer 
> offers confidential DNS consulting service for a fee, if that 
> would be useful to you.

Thanks.

I'm not sure I truly need that, yet - I was just trying to establish
what would happen if I try and create a zone internally for example.com.
merely using a DNAME (pointing to example2.com. internally), for the
internal resource records I want, and whether, then, example2.com.
nameservers would then forward (as normal) for any names requested in
example.com. that it didn't have, or whether the question would get
refused, there.

Because of the subversion of namespaces, it's not a terrible easy
scenario for me to test, without having some potential impact, but I'm
sure that you and other gurus will know the answer to the DNAME
questions I have.

Neil



*****************************************************************************

This email and its attachments are confidential to the intended recipient. If this has come to you in error, please notify the sender immediately and delete this email from your system. You must take no action based on this email, nor must you copy or disclose it or any part of its contents to any person or organisation. Please note that email communications may be monitored. The registered office of Shop Direct Limited is First Floor, Skyways House, Speke Road, Speke, Liverpool, L70 1AB, registered number 04730752.
 
Subsidiary companies of Shop Direct Limited include:

Shop Direct Group Financial Services Limited (SDGFS), Shop Direct Financial Services Limited (SDFS) and Shop Direct Finance Company Limited (SDFC). The registered office of SDGFS, SDFS and SDFC is Aintree Innovation Centre, Park Lane, Netherton, Bootle, L30 1SL, registered numbers 05200103 (SDGFS), 04730706 (SDFS) and 04660974 (SDFC). SDFS and SDFC are authorised and regulated by the Financial Services Authority in respect of arranging insurance products. 

Shop Direct Contact Centres Limited (SDCC) and Shop Direct Home Shopping Limited (SDHS). The registered office of SDCC and SDHS is First Floor, Skyways House, Speke Road, Speke, Liverpool, L70 1AB, registered numbers 05330323 (SDCC), 04663281 (SDHS). 

All companies registered in England.

*****************************************************************************

More information about the bind-users mailing list