Forwarding Problem (was Re: Ambiguous def of multiple CNAME)

Wed Dec 1 16:28:17 UTC 1999

>I'm a little confused here: does "[1.2.3.4]" stand for your regular forwarder,
	[1.2.3.4] is my forwarder on the DMZ.

>What happens after this point in the process? 
	I get what looks like a referal back from the forwarder.  Look at the
	nsid number
	Response (USER NORMAL -) nsid=3597 id=13204
	;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 3597
	Then my internal server tries to follow the referral to finsys name
	server, but can't.

>It also looks like you already had the CNAME cached,
	Well, now you got me thinking, porttracker.foo.com has a default TTL 
	of 24H.  The target, porttracker.finsys.com has a TTL of 1H.  After 1H
	the finsys.com A RR will expire, but the foo.com CNAME RR will not.
	But the forwarder knows nothing about this CNAME relationship, the
	query to it is of type A only.  Oh, headaches!
	
>unless someone in your forwarding chain has recursion turned off
	No, it's all on.

>If your firewall is misconfigured to forward to an Internet root server
	No, forwarder uses hint file.

>if you do get a referral back, you shouldn't be trying to follow it if global >forwarding is in effect; 
	Well, forward only is broken in 8.2.  Default is forward first.