Ambiguous def of multiple CNAME

Kevin Darcy kcd at daimlerchrysler.com
Tue Nov 30 21:42:02 UTC 1999 

Christine.Tran at east.sun.com wrote:

> >> server.foo.com.      IN      CNAME   server.blat.com.
> >> I am almost sure it's not kosher, but so far it's worked.  I'm on BIND8.2p1.
> >
> >You certainly can.  we've done that for web.domain.com vs. www.domain.com vs.
> >www.domain.net, etc.
>
> Sure, we do the same for our .com, .net and .org but I thought I read somewhere that stuck in my mind that to CNAME to a target outside of your control is to invite trouble because that target can move without you knowing.  If I CNAME frame.foo.com to frame.cnn.com., and one day they decide to change it to frameserver.cnn.com., I'm doomed.

Strictly speaking, that's an administrative problem, not a technical problem. You shouldn't really be creating permanent aliases to other people's machines without them knowing about it, and, if they know about it, they shouldn't really be moving names around without informing everyone who is dependent on those names.

> I have an internal server authoritative for foo.com
>
> frame.foo.com.  IN      CNAME   frame.cnn.com.
>
> I use a forwarder.  When I look up frame.foo.com., I time out.  My debug shows me finding frame.foo.com as frame.cnn.com. and the query is forwarded.  I expect an A RR back, but instead, I get a referal to the NS RR of cnn.com.  So my internal server tries to contact ns.cnn.com, which it can't, being internal and roped off from the world.
>
> However, if I first lookup frame.cnn.com. my query is forwarded and answered, and I cache the response.  Now if I look up frame.foo.com, I get an answer.  The repeats when the TTL for frame.cnn.com times out.  Why this disparate behavior?

Strange, but this works fine for me. I defined "blah.chrysler.com" in a bogus version of the chrysler.com zone, as an alias to www.sun.com. When I queried it, it translated the CNAME, then used the forwarder to fetch the A record. This is just using a generic global-forward-and-master-for-chrysler.com type of configuration. Is yours different
somehow?

                                                                                                                                                - Kevin

More information about the bind-users mailing list