<html>
<head>
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
</head>
<body>
<p>That is because forwarder is supposed to handle only zone
"bd.baidubce.com.", but addresses response is from bd.bcebos.com
zone. Therefore it queries contents of that according to global
forwarders or iteratively. BIND9 attempts to deliver the most
authoritative answer it can, so it ignores hints from server not
authoritative for it. I do not know a way to disable such
behavior. Dns caches such as dnsmasq would forward the reply as it
is, but bind uses zones with authoritative servers preferred. It
does so to prevent unrelated servers pushing invalid answers into
your cache.<br>
</p>
<p>Workaround might be to forward also bd.bcebos.com. zone to the
same server. Can you share why should it return different
addresses than the authoritative servers offers?</p>
<p>I think if you need to override some addresses, RPZ might help
you. At least you would have a list of rules where the answer is
modified. I think most proper servers do it this way without
ability to change the behavior.</p>
<p>Just my 2 cents.</p>
<p>Regards,<br>
Petr<br>
</p>
<div class="moz-cite-prefix">On 04. 04. 23 8:08, Yang via bind-users
wrote:<br>
</div>
<blockquote type="cite"
cite="mid:tencent_C25BC3159EC54765F7BB74CECAB95E0E4B09@qq.com">
<meta http-equiv="Content-Type" content="text/html; charset=UTF-8">
<div>
<p data-sourcepos="1:1-7:2" dir="auto">hi bind admin,</p>
<p data-sourcepos="1:1-7:2" dir="auto"> when i use bind-9.11 for
my interdns, deviceip is 10.1.1.1, </p>
<p data-sourcepos="1:1-7:2" dir="auto">i config </p>
<p data-sourcepos="1:1-7:2" dir="auto">zone "bd.baidubce.com." </p>
<p data-sourcepos="1:1-7:2" dir="auto"> in<span
style="font-family: var(--default-regular-font,
-apple-system),BlinkMacSystemFont,"Segoe
UI",Roboto,"Noto
Sans",Ubuntu,Cantarell,"Helvetica
Neue",sans-serif,"Apple Color
Emoji","Segoe UI Emoji","Segoe UI
Symbol","Noto Color Emoji"; font-size:
inherit;"> {
type forward ;
forward only;
forwarders { 10.10.10.10; };
};</span></p>
<p data-sourcepos="1:1-7:2" dir="auto"><span style="font-family:
var(--default-regular-font,
-apple-system),BlinkMacSystemFont,"Segoe
UI",Roboto,"Noto
Sans",Ubuntu,Cantarell,"Helvetica
Neue",sans-serif,"Apple Color
Emoji","Segoe UI Emoji","Segoe UI
Symbol","Noto Color Emoji"; font-size:
inherit;"><br>
</span></p>
<p data-sourcepos="9:1-12:100" dir="auto">1、when i dig @10.1.1.1
x.bd.bcebos.com. </p>
<p data-sourcepos="9:1-12:100" dir="auto">2、10.10.10.10 return
record "CNAME bd.bcebos.com., A 100.67.96.26, A 100.67.96.27"
to device10.1.1.1 </p>
<p data-sourcepos="9:1-12:100" dir="auto">3、but device10.1.1.1
not return A 100.67.96.26, A 100.67.96.27 to me </p>
<p data-sourcepos="9:1-12:100" dir="auto">4、device10.1.1.1 go to
qurey bd.bcebos.com. recursive itself,and get another record
110.242.70.8</p>
<p data-sourcepos="14:1-16:6" dir="auto">i have questions </p>
<p data-sourcepos="14:1-16:6" dir="auto">1、why config is forward
only, but bind get CNAME & A,bind do not return A to
me,and query cname again itself?</p>
<p data-sourcepos="14:1-16:6" dir="auto"> thanks</p>
</div>
<div style="position: relative;">
<div class="footer" style="margin-top: 10px;">
</div>
</div>
<style data-premailer="ignore" type="text/css">a { color: #1068bf; }</style>
<style>img {
max-width: 100%; height: auto;
}body {
font-size: 0.875rem;
}body {
-webkit-text-shadow: rgba(255,255,255,0.01) 0 0 1px;
}body {
font-family: var(--default-regular-font, -apple-system),BlinkMacSystemFont,"Segoe UI",Roboto,"Noto Sans",Ubuntu,Cantarell,"Helvetica Neue",sans-serif,"Apple Color Emoji","Segoe UI Emoji","Segoe UI Symbol","Noto Color Emoji"; font-size: inherit;</style><br>
</blockquote>
<pre class="moz-signature" cols="72">--
Petr Menšík
Software Engineer, RHEL
Red Hat, <a class="moz-txt-link-freetext" href="http://www.redhat.com/">http://www.redhat.com/</a>
PGP: DFCF908DB7C87E8E529925BC4931CA5B6C9FC5CB</pre>
</body>
</html>