CNAMEs and non-recursive name servers

Simpson, John R john_simpson at reyrey.com
Thu Mar 15 22:36:21 UTC 2001 

Greetings,

	Our public name servers have recursion turned off for security and
performance reasons.  Some of our customers have asked us to add CNAME
records to their domains with right-hand-sides that are in external domains
(a web server from a web-hosting service).  These entries work fine on our
internal, recursive name servers, but fail on the public, non-recursive name
servers.  Queries for the CNAME record type work fine on both.

	It seems pretty clear what's happening -- the lookup of the outside
name is failing.  This synchs with Cricket's book, "When a name server looks
up a name and finds a CNAME record, it replaces the name with the canonical
name and looks up the new name."

	Is this normal, and if so, what are the preferred work arounds?
It'd be nice, at least for this specific problem, if it'd use the local
resolver config which points to the internal name servers to resolve the
outside name, but if that's not the standard behavior I'm sure it's for good
reasons.  I'm just looking for my options.

	Right now we're using an A record and the customer's systems are
working fine.  Using the CNAME would be nice for us because we wouldn't be
caught in the middle when the web server's IP addresses change (we've got a
lot of customers who use this hosting service).  And the customer would be
happier because "that's the way we've always done it."

	We're running BIND 8.2.3 on Solaris 7, the name servers are
ns01.reyrey.net and ns02.reyrey.net, and the test zone file below
demonstrates the problem.   The record for www.carsrus.reyrey.net
demonstrates the problem.  Test.carsrus.reyrey.net works fine, since
gw.reyrey.net is in a zone where we're authoritative.

Regards,

John Simpson	

$TTL 1d
$ORIGIN carsrus.reyrey.net.
@               IN      SOA     ns01.reyrey.net. hostmaster.reyrey.net. (
                        2001031503
                        21600
                        3600
                        604800
                        86400 )

                IN      NS      ns01.reyrey.net.
                IN      NS      ns02.reyrey.net.

carsrus.reyrey.net.     IN      MX 10   mailrtr01.reyrey.net.

test.carsrus.reyrey.net.        IN      CNAME   gw.reyrey.net.
www.carsrus.reyrey.net.         IN      CNAME   www.redhat.com.

--
John R. Simpson							The Reynolds
and Reynolds Co.
Sr. Network Engineer						800
Germantown Street OH10
Network Services, Network Architecture Team			Dayton, OH
45407
Voice (937) 485-2269 Fax (937) 485-2427
mailto:John_Simpson at reyrey.com

More information about the bind-users mailing list