norecursion on external zone, but how do I allow CNAMEs to be fully resolved?
p.mayers at imperial.ac.uk
Fri May 20 08:27:44 UTC 2011
On 05/20/2011 07:16 AM, Tory M Blue wrote:
> This causes all types of failures if just using dig, or Linux built in
> lookup mechanism, or heck Perl or PHP methods as well. None of the
> stated methods, know that they should now query
> cdn.domain.net.edgesuite.net, so they provide the CNAME and SERVFAIL
> or whatever.
That's because stub resolvers are not recursive resolvers.
No-one should be querying your authoritative servers unless they are
themselves a full recursive resolver, and those will handle this
situation just fine.
Serving A records for other zones isn't valid anyway - for security
reasons they'll be ignored (after all, you could be trying to poison the
far end cache, and are not authoritative for the zones containing the
Can you give more info about how this is causing actual problems, versus
problems with dig/perl/whatever?
More information about the bind-users