CNAMEs pointing to outside domains
Simon Waters
Simon at wretched.demon.co.uk
Tue Jun 18 17:43:46 UTC 2002
Vincent Aniello wrote:
>
> If this is the case then I am
> going to get complaints from users that try nslookups on the CNAME records
> pointing to outside domains.
You shouldn't as your users are presumably on networks to which
you allow recursion?
DNS servers come in two types authoritative (answer queries) and
recursive (that ask them). Your users want a recursive server,
other recursive servers want only authoritative servers. BIND
can be both.
Ideally authoritative servers allow queries from everywhere, and
recursion from nowhere (you can't use them for arbitary queries
just what they know).
Recursive servers only allow queries and recursion from trusted
hosts.
So a server doing both allow queries from everywhere, but only
recursion from trusted hosts.
More information about the bind-users
mailing list