additional-from-cache and CNAME records
Jeremie Le Hen
jeremie.le-hen at epita.fr
Fri Aug 20 14:21:56 UTC 2004
> > Whatever the value of "additional-from-cache yes", ``a-name.example.com''
> > and ``point-inside.example.com'' are always answered but this is not the
> > case for ``point-outside.example.com''. But when "additional-from-cache"
> > is disabled, then the latter won't be answered any longer when queried with
> > an A record. In this case, it would indeed normally answers with the CNAME
> > record, despite the query is an A, AFAIK. Unfortunatelly, I must
> > explicitly ask for a CNAME here.
>
> Isn't that what you want to happen? You said you want to "disable
> exposure of cached private informations". Since your server is not
> authoritative for another-domain.com, this A record would have to come
> from the cache. So your server just responds with the CNAME record, and
> the server that's querying it is expected to follow the alias itself.
I agree that my name server is not authoritative for ``another-domain.com.'',
but I see ``another-name.at.another-domain.com.'' as only *data* of the
CNAME record. I thought this has nothing to do with the name server cache.
Furthermore, as Ronan Flood pointed out (see my previous mail), the server
will respond correctly when queried *non-recursively* for an A record
with "additional-from-cache" disabled.
The question is ``Why does the server refuse to answer when queried
recursively for an A record with "additional-from-cache" disabled, while
the real record is a CNAME pointing to a record which we are not
authoritave on ?
--
Jeremie LE HEN aka TtZ/TataZ jeremie.le-hen at epita.fr
ttz at epita.fr
Hi! I'm a .signature virus! Copy me into your ~/.signature to help me spread!
More information about the bind-users
mailing list