Define a domains addresses sole in terms of another

Clenna Lumina savagebeaste at yahoo.com
Wed Jul 11 09:14:53 UTC 2007 

Barry Margolin wrote:
> In article <f6u9f2$1uva$1 at sf1.isc.org>,
> Stephane Bortzmeyer <bortzmeyer at nic.fr> wrote:
>
>>> webmail                          IN CNAME   www
>>
>> Forbidden, you cannot have a CNAME going to a CNAME.
>
> Yes you can.  The RFC recommends against it for performance reasons,
> but doesn't prohibit it.  It even mentions that resolvers must follow
> CNAME chains, but may have limits on the number of CNAMEs that will be
> followed in order to avoid loops.
>
> All the web sites that use DNS-based load balancing like Akamai and
> Savvis ITM would be in big trouble if CNAME chains weren't allowed.
>
> $ dig download.microsoft.com
>
> ; <<>> DiG 9.3.4 <<>> download.microsoft.com
> ;; global options:  printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5269
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 0
>
> ;; QUESTION SECTION:
> ;download.microsoft.com.      IN A
>
> ;; ANSWER SECTION:
> download.microsoft.com. 2566  IN CNAME main.dl.ms.akadns.net.
> main.dl.ms.akadns.net.  52 IN CNAME dom.dl.ms.akadns.net.
> dom.dl.ms.akadns.net.   52 IN CNAME dl.ms.d4p.net.
> dl.ms.d4p.net.    3790  IN CNAME dl.ms.georedirector.akadns.net.
> dl.ms.georedirector.akadns.net.  1189 IN  CNAME a767.ms.akamai.net.


That's odd... my locla bind server gives me a completely different set 
of file A records:

; <<>> DiG 9.3.4 <<>> download.microsoft.com
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1912
;; flags: qr rd ra; QUERY: 1, ANSWER: 7, AUTHORITY: 9, ADDITIONAL: 0

;; QUESTION SECTION:
;download.microsoft.com.                IN      A

;; ANSWER SECTION:
download.microsoft.com. 3595    IN      CNAME   main.dl.ms.akadns.net.
main.dl.ms.akadns.net.  295     IN      CNAME   dom.dl.ms.akadns.net.
dom.dl.ms.akadns.net.   295     IN      CNAME   dl.ms.d4p.net.
dl.ms.d4p.net.          7195    IN      CNAME 
dl.ms.georedirector.akadns.net.
dl.ms.georedirector.akadns.net. 3595 IN CNAME   a767.ms.akamai.net.
a767.ms.akamai.net.     15      IN      A       64.128.203.39
a767.ms.akamai.net.     15      IN      A       64.128.203.15

;; AUTHORITY SECTION:
ms.akamai.net.          1795    IN      NS      n7ms.akamai.net.
ms.akamai.net.          1795    IN      NS      n8ms.akamai.net.
ms.akamai.net.          1795    IN      NS      n0ms.akamai.net.
ms.akamai.net.          1795    IN      NS      n1ms.akamai.net.
ms.akamai.net.          1795    IN      NS      n2ms.akamai.net.
ms.akamai.net.          1795    IN      NS      n3ms.akamai.net.
ms.akamai.net.          1795    IN      NS      n4ms.akamai.net.
ms.akamai.net.          1795    IN      NS      n5ms.akamai.net.
ms.akamai.net.          1795    IN      NS      n6ms.akamai.net.


> a767.ms.akamai.net.  8  IN A  204.1.5.153
> a767.ms.akamai.net.  8  IN A  204.1.5.155
> a767.ms.akamai.net.  8  IN A  204.1.5.170
> a767.ms.akamai.net.  8  IN A  204.1.5.161
> a767.ms.akamai.net.  8  IN A  204.1.5.152
> a767.ms.akamai.net.  8  IN A  204.1.5.179
> a767.ms.akamai.net.  8  IN A  204.1.5.185
> a767.ms.akamai.net.  8  IN A  204.1.5.160

And none of the IP's your lookup return a reverse lookup:

perl -e 'print `host 204.1.5.$_` for (qw/153 155 170 161 152 179 185 
160/)'
Host 153.5.1.204.in-addr.arpa not found: 3(NXDOMAIN)
Host 155.5.1.204.in-addr.arpa not found: 3(NXDOMAIN)
Host 170.5.1.204.in-addr.arpa not found: 3(NXDOMAIN)
Host 161.5.1.204.in-addr.arpa not found: 3(NXDOMAIN)
Host 152.5.1.204.in-addr.arpa not found: 3(NXDOMAIN)
Host 179.5.1.204.in-addr.arpa not found: 3(NXDOMAIN)
Host 185.5.1.204.in-addr.arpa not found: 3(NXDOMAIN)
Host 160.5.1.204.in-addr.arpa not found: 3(NXDOMAIN)


I find this quite strange. My Bind 9.3.4 server is setup i na straight 
foward fashion, with root hints and all, so it gets it's data straight 
from the roots, down, so I'm not dealing with my ISP's dns, as they give 
me different asnwers, for whatever reason...

; <<>> DiG 9.3.4 <<>> a767.ms.akamai.net @64.85.239.21
; (1 server found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5539
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;a767.ms.akamai.net.            IN      A

;; ANSWER SECTION:
a767.ms.akamai.net.     20      IN      A       64.128.203.15
a767.ms.akamai.net.     20      IN      A       64.128.203.39

;; Query time: 28 msec
;; SERVER: 64.85.239.21#53(64.85.239.21)
;; WHEN: Wed Jul 11 02:08:04 2007
;; MSG SIZE  rcvd: 68



; <<>> DiG 9.3.4 <<>> a767.ms.akamai.net @64.146.192.16
; (1 server found)
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48342
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 9, ADDITIONAL: 9

;; QUESTION SECTION:
;a767.ms.akamai.net.            IN      A

;; ANSWER SECTION:
a767.ms.akamai.net.     20      IN      A       66.119.205.13
a767.ms.akamai.net.     20      IN      A       66.119.205.6

;; AUTHORITY SECTION:
ms.akamai.net.          937     IN      NS      n1ms.akamai.net.
ms.akamai.net.          937     IN      NS      n2ms.akamai.net.
ms.akamai.net.          937     IN      NS      n3ms.akamai.net.
ms.akamai.net.          937     IN      NS      n4ms.akamai.net.
ms.akamai.net.          937     IN      NS      n5ms.akamai.net.
ms.akamai.net.          937     IN      NS      n6ms.akamai.net.
ms.akamai.net.          937     IN      NS      n7ms.akamai.net.
ms.akamai.net.          937     IN      NS      n8ms.akamai.net.
ms.akamai.net.          937     IN      NS      n0ms.akamai.net.

;; ADDITIONAL SECTION:
n0ms.akamai.net.        1577    IN      A       66.119.205.1
n1ms.akamai.net.        2477    IN      A       72.246.51.3
n2ms.akamai.net.        3377    IN      A       204.2.160.31
n3ms.akamai.net.        1577    IN      A       72.246.51.12
n4ms.akamai.net.        2477    IN      A       72.246.51.18
n5ms.akamai.net.        3377    IN      A       72.246.51.3
n6ms.akamai.net.        1577    IN      A       72.246.51.5
n7ms.akamai.net.        2477    IN      A       72.246.51.11
n8ms.akamai.net.        1577    IN      A       72.246.51.3

;; Query time: 60 msec
;; SERVER: 64.146.192.16#53(64.146.192.16)
;; WHEN: Wed Jul 11 02:08:17 2007
;; MSG SIZE  rcvd: 383



Where as my local bind server gives me this, which gives one IP 
different then the first query using ' dig download.microsoft.com' (see 
my first dig output), also against my local server:

; <<>> DiG 9.3.4 <<>> a767.ms.akamai.net
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1236
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 9, ADDITIONAL: 0

;; QUESTION SECTION:
;a767.ms.akamai.net.            IN      A

;; ANSWER SECTION:
a767.ms.akamai.net.     12      IN      A       64.128.203.15
a767.ms.akamai.net.     12      IN      A       64.128.203.17

;; AUTHORITY SECTION:
ms.akamai.net.          1031    IN      NS      n6ms.akamai.net.
ms.akamai.net.          1031    IN      NS      n7ms.akamai.net.
ms.akamai.net.          1031    IN      NS      n8ms.akamai.net.
ms.akamai.net.          1031    IN      NS      n0ms.akamai.net.
ms.akamai.net.          1031    IN      NS      n1ms.akamai.net.
ms.akamai.net.          1031    IN      NS      n2ms.akamai.net.
ms.akamai.net.          1031    IN      NS      n3ms.akamai.net.
ms.akamai.net.          1031    IN      NS      n4ms.akamai.net.
ms.akamai.net.          1031    IN      NS      n5ms.akamai.net.

;; Query time: 15 msec
;; SERVER: 192.168.0.4#53(192.168.0.4)
;; WHEN: Wed Jul 11 02:07:10 2007
;; MSG SIZE  rcvd: 239

Is this some sort of crazy load balancing akamai.net is doing? Seeing 
all those CNAMEs when doing the lookup for 'akamai.net' seems VERY 
inefficient.

-- 
CL

More information about the bind-users mailing list