3rd party CNAMEs and open recursion
Barry Margolin
barmar at alum.mit.edu
Mon Mar 4 19:45:22 UTC 2013
In article <mailman.1592.1362422631.11945.bind-users at lists.isc.org>,
Verne Britton <verne at wvnet.edu> wrote:
> I have been testing and testing and either just don't see what I'm doing
> wrong, or have a learning block :-)
>
> current thinking is that a open recursion DNS server is bad, so we want to
> implement an allow-recursion clause; perhaps even make some views so our
> local users still recurse while the general public cannot ...
>
> but I am running into a roadblock with our Google Apps cname:
>
> gmail.wvstateu.edu is a cname to ghs.google.com
>
> and bind wants recursion turned on in order to translate it.
What's the problem?
If the query comes from a local user, recursion will be allowed, and the
CNAME will be resolved.
If the query comes from a remote resolver, recursion shouldn't even be
requested. You'll respond with the CNAME, and the remote resolver will
then do its own lookup of that.
--
Barry Margolin
Arlington, MA
More information about the bind-users
mailing list