Why two lookups for a CNAME?
Matus UHLAR - fantomas
uhlar at fantomas.sk
Thu Oct 22 12:01:53 UTC 2015
>In message <1401468033.15948.1445459552099.JavaMail.vpopmail at atl4oxapp02pod1.mg
>t.hosting.qts.netsol.com>, Steve Arntzen writes:
>> Why does named perform a lookup for the A record when its IP is returned with
>> the CNAME in the first answer?
On 22.10.15 08:01, Mark Andrews wrote:
>To prevent cache poisoning via cnames. It it simpler to always
>lookup the target of the cname that to figure out if we would
>accepted the following data.
>
>server A has zones foo.example and bar.example configured
>server B has zone bar.example configured
>
>bar.example is only delegated to server B of the two server above.
>
>The is a cname from www.foo.example -> www.bar.example
>
>Server A return a complete answer but the www.bar.example data is
>from the wrong zone instance. This happens accidentally in real
>life.
I wonder if it's not enough to verify that the first response was received
from proper server.
Since play.l.google.com is a subdomain of play.google.com, the lookup would
go throuth google.com nameservers again...
when servers for bar.example are the same as servers for foo.example, the
already accepted answer for foo.example is expected to contain valid answer
for bar.example too...
--
Matus UHLAR - fantomas, uhlar at fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Depression is merely anger without enthusiasm.
More information about the bind-users
mailing list