Define a domains addresses sole in terms of another
Clenna Lumina
savagebeaste at yahoo.com
Wed Jul 11 09:14:53 UTC 2007
Barry Margolin wrote:
> In article <f6u9f2$1uva$1 at sf1.isc.org>,
> Stephane Bortzmeyer <bortzmeyer at nic.fr> wrote:
>
>>> webmail IN CNAME www
>>
>> Forbidden, you cannot have a CNAME going to a CNAME.
>
> Yes you can. The RFC recommends against it for performance reasons,
> but doesn't prohibit it. It even mentions that resolvers must follow
> CNAME chains, but may have limits on the number of CNAMEs that will be
> followed in order to avoid loops.
>
> All the web sites that use DNS-based load balancing like Akamai and
> Savvis ITM would be in big trouble if CNAME chains weren't allowed.
>
> $ dig download.microsoft.com
>
> ; <<>> DiG 9.3.4 <<>> download.microsoft.com
> ;; global options: printcmd
> ;; Got answer:
> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5269
> ;; flags: qr rd ra; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL: 0
>
> ;; QUESTION SECTION:
> ;download.microsoft.com. IN A
>
> ;; ANSWER SECTION:
> download.microsoft.com. 2566 IN CNAME main.dl.ms.akadns.net.
> main.dl.ms.akadns.net. 52 IN CNAME dom.dl.ms.akadns.net.
> dom.dl.ms.akadns.net. 52 IN CNAME dl.ms.d4p.net.
> dl.ms.d4p.net. 3790 IN CNAME dl.ms.georedirector.akadns.net.
> dl.ms.georedirector.akadns.net. 1189 IN CNAME a767.ms.akamai.net.
That's odd... my locla bind server gives me a completely different set
of file A records:
; <<>> DiG 9.3.4 <<>> download.microsoft.com
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1912
;; flags: qr rd ra; QUERY: 1, ANSWER: 7, AUTHORITY: 9, ADDITIONAL: 0
;; QUESTION SECTION:
;download.microsoft.com. IN A
;; ANSWER SECTION:
download.microsoft.com. 3595 IN CNAME main.dl.ms.akadns.net.
main.dl.ms.akadns.net. 295 IN CNAME dom.dl.ms.akadns.net.
dom.dl.ms.akadns.net. 295 IN CNAME dl.ms.d4p.net.
dl.ms.d4p.net. 7195 IN CNAME
dl.ms.georedirector.akadns.net.
dl.ms.georedirector.akadns.net. 3595 IN CNAME a767.ms.akamai.net.
a767.ms.akamai.net. 15 IN A 64.128.203.39
a767.ms.akamai.net. 15 IN A 64.128.203.15
;; AUTHORITY SECTION:
ms.akamai.net. 1795 IN NS n7ms.akamai.net.
ms.akamai.net. 1795 IN NS n8ms.akamai.net.
ms.akamai.net. 1795 IN NS n0ms.akamai.net.
ms.akamai.net. 1795 IN NS n1ms.akamai.net.
ms.akamai.net. 1795 IN NS n2ms.akamai.net.
ms.akamai.net. 1795 IN NS n3ms.akamai.net.
ms.akamai.net. 1795 IN NS n4ms.akamai.net.
ms.akamai.net. 1795 IN NS n5ms.akamai.net.
ms.akamai.net. 1795 IN NS n6ms.akamai.net.
> a767.ms.akamai.net. 8 IN A 204.1.5.153
> a767.ms.akamai.net. 8 IN A 204.1.5.155
> a767.ms.akamai.net. 8 IN A 204.1.5.170
> a767.ms.akamai.net. 8 IN A 204.1.5.161
> a767.ms.akamai.net. 8 IN A 204.1.5.152
> a767.ms.akamai.net. 8 IN A 204.1.5.179
> a767.ms.akamai.net. 8 IN A 204.1.5.185
> a767.ms.akamai.net. 8 IN A 204.1.5.160
And none of the IP's your lookup return a reverse lookup:
perl -e 'print `host 204.1.5.$_` for (qw/153 155 170 161 152 179 185
160/)'
Host 153.5.1.204.in-addr.arpa not found: 3(NXDOMAIN)
Host 155.5.1.204.in-addr.arpa not found: 3(NXDOMAIN)
Host 170.5.1.204.in-addr.arpa not found: 3(NXDOMAIN)
Host 161.5.1.204.in-addr.arpa not found: 3(NXDOMAIN)
Host 152.5.1.204.in-addr.arpa not found: 3(NXDOMAIN)
Host 179.5.1.204.in-addr.arpa not found: 3(NXDOMAIN)
Host 185.5.1.204.in-addr.arpa not found: 3(NXDOMAIN)
Host 160.5.1.204.in-addr.arpa not found: 3(NXDOMAIN)
I find this quite strange. My Bind 9.3.4 server is setup i na straight
foward fashion, with root hints and all, so it gets it's data straight
from the roots, down, so I'm not dealing with my ISP's dns, as they give
me different asnwers, for whatever reason...
; <<>> DiG 9.3.4 <<>> a767.ms.akamai.net @64.85.239.21
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5539
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;a767.ms.akamai.net. IN A
;; ANSWER SECTION:
a767.ms.akamai.net. 20 IN A 64.128.203.15
a767.ms.akamai.net. 20 IN A 64.128.203.39
;; Query time: 28 msec
;; SERVER: 64.85.239.21#53(64.85.239.21)
;; WHEN: Wed Jul 11 02:08:04 2007
;; MSG SIZE rcvd: 68
; <<>> DiG 9.3.4 <<>> a767.ms.akamai.net @64.146.192.16
; (1 server found)
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48342
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 9, ADDITIONAL: 9
;; QUESTION SECTION:
;a767.ms.akamai.net. IN A
;; ANSWER SECTION:
a767.ms.akamai.net. 20 IN A 66.119.205.13
a767.ms.akamai.net. 20 IN A 66.119.205.6
;; AUTHORITY SECTION:
ms.akamai.net. 937 IN NS n1ms.akamai.net.
ms.akamai.net. 937 IN NS n2ms.akamai.net.
ms.akamai.net. 937 IN NS n3ms.akamai.net.
ms.akamai.net. 937 IN NS n4ms.akamai.net.
ms.akamai.net. 937 IN NS n5ms.akamai.net.
ms.akamai.net. 937 IN NS n6ms.akamai.net.
ms.akamai.net. 937 IN NS n7ms.akamai.net.
ms.akamai.net. 937 IN NS n8ms.akamai.net.
ms.akamai.net. 937 IN NS n0ms.akamai.net.
;; ADDITIONAL SECTION:
n0ms.akamai.net. 1577 IN A 66.119.205.1
n1ms.akamai.net. 2477 IN A 72.246.51.3
n2ms.akamai.net. 3377 IN A 204.2.160.31
n3ms.akamai.net. 1577 IN A 72.246.51.12
n4ms.akamai.net. 2477 IN A 72.246.51.18
n5ms.akamai.net. 3377 IN A 72.246.51.3
n6ms.akamai.net. 1577 IN A 72.246.51.5
n7ms.akamai.net. 2477 IN A 72.246.51.11
n8ms.akamai.net. 1577 IN A 72.246.51.3
;; Query time: 60 msec
;; SERVER: 64.146.192.16#53(64.146.192.16)
;; WHEN: Wed Jul 11 02:08:17 2007
;; MSG SIZE rcvd: 383
Where as my local bind server gives me this, which gives one IP
different then the first query using ' dig download.microsoft.com' (see
my first dig output), also against my local server:
; <<>> DiG 9.3.4 <<>> a767.ms.akamai.net
;; global options: printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1236
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 9, ADDITIONAL: 0
;; QUESTION SECTION:
;a767.ms.akamai.net. IN A
;; ANSWER SECTION:
a767.ms.akamai.net. 12 IN A 64.128.203.15
a767.ms.akamai.net. 12 IN A 64.128.203.17
;; AUTHORITY SECTION:
ms.akamai.net. 1031 IN NS n6ms.akamai.net.
ms.akamai.net. 1031 IN NS n7ms.akamai.net.
ms.akamai.net. 1031 IN NS n8ms.akamai.net.
ms.akamai.net. 1031 IN NS n0ms.akamai.net.
ms.akamai.net. 1031 IN NS n1ms.akamai.net.
ms.akamai.net. 1031 IN NS n2ms.akamai.net.
ms.akamai.net. 1031 IN NS n3ms.akamai.net.
ms.akamai.net. 1031 IN NS n4ms.akamai.net.
ms.akamai.net. 1031 IN NS n5ms.akamai.net.
;; Query time: 15 msec
;; SERVER: 192.168.0.4#53(192.168.0.4)
;; WHEN: Wed Jul 11 02:07:10 2007
;; MSG SIZE rcvd: 239
Is this some sort of crazy load balancing akamai.net is doing? Seeing
all those CNAMEs when doing the lookup for 'akamai.net' seems VERY
inefficient.
--
CL
More information about the bind-users
mailing list