external view recursion issue
WBrown at e1b.org
WBrown at e1b.org
Fri Mar 16 19:20:39 UTC 2012
Put record.ourdomain.com as a CNAME in both your internal and external
Internal user will query internal view and get CNAME record to
record.client.otherdomain.com. Your recursive name server will look up
record.client.otherdomain.com and get the CNAME record to
otherhost.otherdomain.com. It will look up that name and get the A
record. Address is returned to the DNS client.
External user queries your authoritative serve for record.ourdomain.com
and get CNAME to record.client.otherdomain.com. Their recursive name
server will look up record.client.otherdomain.com and get the CNAME record
to otherhost.otherdomain.com. It will look up that name and get the A
record. Address is returned to the external DNS client.
Messaging and Core Hosted Application Technical Teams
Technology Services, WNYRIC, Erie 1 BOCES
Samantha Steers <sam.faith11 at gmail.com> wrote on 03/16/2012 03:09:52 PM:
> From: Samantha Steers <sam.faith11 at gmail.com>
> To: WBrown at e1b.org,
> Date: 03/16/2012 03:09 PM
> Subject: Re: external view recursion issue
> Thank you for getting back to me.
> We have a set up with "internal" and "external" views. The internal
> is handling all the internal/recursive queries and the external is
> supposed to be authoritative without recursion. I am trying to
> reverse engineer the existing setup so I can match it. I guess the
> long and short of it is, if there are CNAMES looking for
> then recursion has to = yes on the existing server, correct?
> The existing server is giving the result mentioned previously
> (below) while the new server is giving REFUSED.
> host record.ourdomain.com
> record.ourdomain.com is an alias for
> record.client.otherdomain.com is an alias for
> otherhost.otherdomain.com has address x.x.x.x
> My thought is that it is either one way or the other, recursive or
> not, and that the record are going to have to be changed when they
> are migrated to the new servers to be A records pointing to the IP
> of the related, existing CNAMES.
> On Fri, Mar 16, 2012 at 1:47 PM, <WBrown at e1b.org> wrote:
> Who will be using this in-house DNS server? Your local users? If yes,
> then you will need to enable recursion so they can look up outside
> resources (google.com, etc.)
> If this server will strictly be an authoritative server for your domain,
> then it won't need recursion but queries that return a CNAME will cause
> the recursive server to look up anything in otherdomain.com, CNAME or A.
> Samantha wrote on 03/16/2012 10:13:30 AM:
> > I am getting prepped to migrate dns from one service to in-house
> > servers. While going through the zone file to ensure I got
> > everything, I found that we have CNAME in our domain pointing to a
> > CNAME in another domain that is pointing to the A record in the other
> > host record.ourdomain.com
> > record.ourdomain.com is an alias for record.client.otherdomain.com.
> > record.client.otherdomain.com is an alias for
> > otherhost.otherdomain.com has address x.x.x.x
> > To duplicate this exactly on our servers, it appears that I have to
> > enable recursion but the provider said that they are not doing that.
> > I get the feeling that I am not going to get the information from
> > them on how they are accomplishing this without recursion.
> > Right now I have replaced the CNAME with an A record pointing to the
> > IP directly and am getting the proper results, but feel that this
> > leaves me having to watch for changes that the otherdomain.com
> > administrator might make.
> > Am I missing something else that I can do to replicate? A separate
> > external view?
This electronic message and any attachments may contain confidential or
privileged information, and is intended only for the individual or entity
identified above as the addressee. If you are not the addressee (or the
employee or agent responsible to deliver it to the addressee), or if this
message has been addressed to you in error, you are hereby notified that
you may not copy, forward, disclose or use any part of this message or any
attachments. Please notify the sender immediately by return e-mail or
telephone and delete this message from your system.
More information about the bind-users