Forwarding Problem (was Re: Ambiguous def of multiple CNAME)
Christine.Tran at east.sun.com
Christine.Tran at east.sun.com
Wed Dec 1 16:28:17 UTC 1999
>I'm a little confused here: does "[1.2.3.4]" stand for your regular forwarder,
[1.2.3.4] is my forwarder on the DMZ.
>What happens after this point in the process?
I get what looks like a referal back from the forwarder. Look at the
nsid number
Response (USER NORMAL -) nsid=3597 id=13204
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3597
Then my internal server tries to follow the referral to finsys name
server, but can't.
>It also looks like you already had the CNAME cached,
Well, now you got me thinking, porttracker.foo.com has a default TTL
of 24H. The target, porttracker.finsys.com has a TTL of 1H. After 1H
the finsys.com A RR will expire, but the foo.com CNAME RR will not.
But the forwarder knows nothing about this CNAME relationship, the
query to it is of type A only. Oh, headaches!
>unless someone in your forwarding chain has recursion turned off
No, it's all on.
>If your firewall is misconfigured to forward to an Internet root server
No, forwarder uses hint file.
>if you do get a referral back, you shouldn't be trying to follow it if global >forwarding is in effect;
Well, forward only is broken in 8.2. Default is forward first.
More information about the bind-users
mailing list