external view recursion issue

WBrown at e1b.org WBrown at e1b.org
Fri Mar 16 19:20:39 UTC 2012


Put record.ourdomain.com as a CNAME in both your internal and external 
views.

Internal user will query internal view and get CNAME record to 
record.client.otherdomain.com.  Your recursive name server will look up 
record.client.otherdomain.com and get the CNAME record to 
otherhost.otherdomain.com.  It will look up that name and get the A 
record.  Address is returned to the DNS client.

External user queries your authoritative serve for record.ourdomain.com 
and get CNAME to record.client.otherdomain.com.  Their recursive name 
server will look up record.client.otherdomain.com and get the CNAME record 
to otherhost.otherdomain.com.  It will look up that name and get the A 
record.  Address is returned to the external DNS client.

-- 

William Brown
Messaging and Core Hosted Application Technical Teams
Technology Services, WNYRIC, Erie 1 BOCES
(716) 821-7285


Samantha Steers <sam.faith11 at gmail.com> wrote on 03/16/2012 03:09:52 PM:

> From: Samantha Steers <sam.faith11 at gmail.com>
> To: WBrown at e1b.org, 
> Date: 03/16/2012 03:09 PM
> Subject: Re: external view recursion issue
> 
> Thank you for getting back to me. 
> 
> We have a set up with "internal" and "external" views. The internal 
> is handling all the internal/recursive queries and the external is 
> supposed to be authoritative without recursion. I am trying to 
> reverse engineer the existing setup so I can match it. I guess the 
> long and short of it is, if there are  CNAMES looking for 
otherdomain.com
> then recursion has to  = yes on the existing server, correct?
> 
> The existing server is giving the result mentioned previously 
> (below) while the new server is giving REFUSED. 
> 
>               host record.ourdomain.com
>               record.ourdomain.com is an alias for 
> record.client.otherdomain.com.
>               record.client.otherdomain.com is an alias for 
> otherhost.otherdomain.com.
>               otherhost.otherdomain.com has address x.x.x.x
> 
> My thought is that it is either one way or the other, recursive or 
> not, and that the record are going to have to be changed when they 
> are migrated to the new servers to be A records pointing to the IP 
> of the related, existing CNAMES. 
> 
> On Fri, Mar 16, 2012 at 1:47 PM, <WBrown at e1b.org> wrote:
> Who will be using this in-house DNS server?  Your local users?  If yes,
> then you will need to enable recursion so they can look up outside
> resources (google.com, etc.)
> 
> If this server will strictly be an authoritative server for your domain,
> then it won't need recursion but queries that return a CNAME will cause
> the recursive server to look up anything in otherdomain.com, CNAME or A.
> 
> Samantha  wrote on 03/16/2012 10:13:30 AM:
> 
> > I am getting prepped to migrate dns from one service to in-house
> > servers. While going through the zone file to ensure I got
> > everything, I found that we have CNAME in our domain pointing to a
> > CNAME in another domain that is pointing to the A record in the other
> domain:
> >
> > host record.ourdomain.com
> > record.ourdomain.com is an alias for record.client.otherdomain.com.
> > record.client.otherdomain.com is an alias for 
otherhost.otherdomain.com.
> > otherhost.otherdomain.com has address x.x.x.x
> >
> > To duplicate this exactly on our servers, it appears that I have to
> > enable recursion but the provider said that they are not doing that.
> > I get the feeling that I am not going to get the information from
> > them on how they are accomplishing this without recursion.
> >
> > Right now I have replaced the CNAME with an A record pointing to the
> > IP directly and am getting the proper results, but feel that this
> > leaves me having to watch for changes that the otherdomain.com
> > administrator might make.
> >
> > Am I missing something else that I can do to replicate? A separate
> > external view?
> 




Confidentiality Notice: 
This electronic message and any attachments may contain confidential or 
privileged information, and is intended only for the individual or entity 
identified above as the addressee. If you are not the addressee (or the 
employee or agent responsible to deliver it to the addressee), or if this 
message has been addressed to you in error, you are hereby notified that 
you may not copy, forward, disclose or use any part of this message or any 
attachments. Please notify the sender immediately by return e-mail or 
telephone and delete this message from your system.



More information about the bind-users mailing list