DNS loop
Simon Waters
Simon at wretched.demon.co.uk
Thu May 20 23:35:28 UTC 2004
Jeffrey Keil wrote:
>
> The SOA line reads:
>
> @ IN SOA mail.gcs-usa.com. dalton.gcs-usa.com.
>
> The same machine is listed as one of the DNS servers with the
> following line:
>
> IN NS ns1.gcs-usa.com.
>
> He has the different machine names and the same IP address listed
> three times in the list of addresses for canonical names:
>
> mail IN A 192.168.1.32 ; Mail Server
> for GCS
> osx IN A 192.168.1.32 ; Mail Server
> for GCS
> ns1 IN A 192.168.1.32 ; DNS Primary
> Server
>
> I didn't think you were allowed to use the same IP address more than
> once. I'm a little surprised that BIND allows something like this in
> the configuration file. Wouldn't this create a DNS look?
No this is perfectly valid as far as I can see.
How would it create a loop, DNS looks up the left hand side and returns
the right, and A records are always a terminal node, only CNAMEs (or
similar) can lead to problems which is why they are so restricted in
their use.
> I think the best way to fix this would be to change the DNS server
> designation from ns1.gcs-usa.com to mail.gcs-usa.com with a line like
> this:
>
> IN NS mail.gcs-usa.com.
>
> I could then list the two other names (osx and ns1) as aliases with
> lines that look like this:
>
> osx IN CNAME mail
> ns1 IN CNAME mail
ns1 is a delegated name server from the .com servers, so you should
update them to delegate to "mail" if you did this, to avoid delegating
to something that is a CNAME.
> Does anyone have a better suggestion?
I'd be tempted to leave it as is, or maybe change the SOA record to
refer to NS1, CNAMEs are evil(ish)
-- Attached file included as plaintext by Ecartis --
-- File: signature.asc
-- Desc: OpenPGP digital signature
-----BEGIN PGP SIGNATURE-----
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iD8DBQFArUDAGFXfHI9FVgYRAkqbAJ43H3r8wvgH7aS5uWJsBVCmuBAkFwCeKP3F
CNK5swkQMR96sBvHRosbdMk=
=nYe9
-----END PGP SIGNATURE-----
More information about the bind-users
mailing list