Define a domains addresses sole in terms of another
Barry Margolin
barmar at alum.mit.edu
Wed Jul 11 23:32:09 UTC 2007
In article <f727at$1er6$1 at sf1.isc.org>,
"Clenna Lumina" <savagebeaste at yahoo.com> wrote:
> Barry Margolin wrote:
> > In article <f6u9f2$1uva$1 at sf1.isc.org>,
> > Stephane Bortzmeyer <bortzmeyer at nic.fr> wrote:
> >
> >>> webmail IN CNAME www
> >>
> >> Forbidden, you cannot have a CNAME going to a CNAME.
> >
> > Yes you can. The RFC recommends against it for performance reasons,
> > but doesn't prohibit it. It even mentions that resolvers must follow
> > CNAME chains, but may have limits on the number of CNAMEs that will be
> > followed in order to avoid loops.
> >
> > All the web sites that use DNS-based load balancing like Akamai and
> > Savvis ITM would be in big trouble if CNAME chains weren't allowed.
> >
> > $ dig download.microsoft.com
> >
> > ; <<>> DiG 9.3.4 <<>> download.microsoft.com
> > ;; global options: printcmd
> > ;; Got answer:
> > ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5269
> > ;; flags: qr rd ra; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 0
> >
> > ;; QUESTION SECTION:
> > ;download.microsoft.com. IN A
> >
> > ;; ANSWER SECTION:
> > download.microsoft.com. 2566 IN CNAME main.dl.ms.akadns.net.
> > main.dl.ms.akadns.net. 52 IN CNAME dom.dl.ms.akadns.net.
> > dom.dl.ms.akadns.net. 52 IN CNAME dl.ms.d4p.net.
> > dl.ms.d4p.net. 3790 IN CNAME dl.ms.georedirector.akadns.net.
> > dl.ms.georedirector.akadns.net. 1189 IN CNAME a767.ms.akamai.net.
>
>
> That's odd... my locla bind server gives me a completely different set
> of file A records:
That's what Akamai (and other CDNs) does -- we have thousands of servers
around the Internet, and use them to balance load and send you to the
closest or least loaded server. Different users will likely get
different responses, and even a single user may get different responses
if they wait 5-10 minutes between lookups.
> Is this some sort of crazy load balancing akamai.net is doing? Seeing
> all those CNAMEs when doing the lookup for 'akamai.net' seems VERY
> inefficient.
Yes, it's crazy load balancing. It allows us to react quickly to down
or overloaded servers, network congestion, routing problems, etc. Note
that the first level of CNAMEs has reasonably long TTLs, and only the A
records have very short TTLs, so you don't have to look up the entire
CNAME chain every time.
It works well enough that we were one of the top-growing companies in
Massachusetts in the past few years and were just added to the S&P 500.
Disclaimer: I work for Akamai, but I am not a spokesman.
--
Barry Margolin, barmar at alum.mit.edu
Arlington, MA
*** PLEASE post questions in newsgroups, not directly to me ***
*** PLEASE don't copy me on replies, I'll read them in the group ***
More information about the bind-users
mailing list