CNAME breaks NS delegation

Barry Margolin barmar at bbnplanet.com
Tue Feb 8 16:43:01 UTC 2000 

In article <389FB00D.CF411559 at megabytecoffee.com>,
Chris  <chris at megabytecoffee.com> wrote:
>I have an interesting problem where we have a domain  "mydomain.tld"
>with a subdomain handled by other nameservers "sub.mydomain.tld".
>
>The WWW record is to be served from the subdomain. So, we put in
>
>
>sub    IN    NS    ns1.sub.mydomain.tld.
>sub    IN    NS    ns2.sub.mydomain.tld.
>ns1.sub    IN    A    10.10.10.10
>ns2.sub    IN    A    10.10.10.11
>www    IN    CNAME    www.sub
>
>
>Now, ns1.sub and ns2.sub are not real nameservers. They are load
>balancing switches that can dish out A records, but that's about it.
>Now, everything looks ok until I try to look up www. mydomain.tld and it
>doesn't work. So, I do a quick nslookup and come up with this:

Your DNS records look right to me.

Are the real names and servers accessible from the Internet?  I'm sure
something got lost when you edited them all out.  If we could query the
real servers we could provide much better help.

>chris at chris:~$ nslookup
>Default Server:  localhost
>Address:  127.0.0.1
>
>> server ns1
>Default Server:  ns1.mydomain.tld
>Address:  10.0.0.1
>
>> set norec
>> set nodef
>> www.mydomain.tld.
>Server:  ns1.mydomain.tld
>Address:  10.0.0.1
>
>Non-authoritative answer:
>Name:    www.mydomain.tld
>Served by:
>- ns1.sub.mydomain.tld
>         10.10.10.10
>          sub.mydomain.tld
>- ns2.sub.mydomain.tld
>          10.10.10.11
>          sub.mydomain.tld

If this is the actual output (with domain names changed, obviously) then I
think nslookup isn't showing you everything.  I guess I'll have to keep
saying it until I'm blue in the face: don't try to use nslookup as a
degbugging tool, it sucks.  Use "dig".

>And of corse, ns1.sub and ns2.sub have no information on
>www.mydomain.tld.
>What I would dearly love to know is,  what the heck happened to my
>CNAME and how can I get this to work? I have to point the www record to

I have no idea what happened to the CNAME.  My guess is it was in there,
but nslookup isn't showing it.  Otherwise, there would be no reason for the
response to include the subdomain NS records.

>another domain. I can't have the world go to www.sub.mydomain.tld and I
>can't have the switches authoritative for mydomain.tld.  I'm also
>wondering why a server that is set to not be recursive is answering with
>
>Non-athoritative data.

Referrals are never authoritative, because the NS records are considered to
belong to the subdomain, not the parent domain.

-- 
Barry Margolin, barmar at bbnplanet.com
GTE Internetworking, Powered by BBN, Burlington, MA
*** DON'T SEND TECHNICAL QUESTIONS DIRECTLY TO ME, post them to newsgroups.
Please DON'T copy followups to me -- I'll assume it wasn't posted to the group.

More information about the bind-users mailing list