Define a domains addresses sole in terms of another

Kevin Darcy kcd at daimlerchrysler.com
Thu Jul 12 21:25:19 UTC 2007 

Clenna Lumina wrote:
> Barry Margolin wrote:
>   
>> In article <f727at$1er6$1 at sf1.isc.org>,
>> "Clenna Lumina" <savagebeaste at yahoo.com> wrote:
>>
>>     
>>> Barry Margolin wrote:
>>>       
>>>> In article <f6u9f2$1uva$1 at sf1.isc.org>,
>>>> Stephane Bortzmeyer <bortzmeyer at nic.fr> wrote:
>>>>
>>>>         
>>>>>> webmail                          IN CNAME   www
>>>>>>             
>>>>> Forbidden, you cannot have a CNAME going to a CNAME.
>>>>>           
>>>> Yes you can.  The RFC recommends against it for performance reasons,
>>>> but doesn't prohibit it.  It even mentions that resolvers must
>>>> follow CNAME chains, but may have limits on the number of CNAMEs
>>>> that will be followed in order to avoid loops.
>>>>
>>>> All the web sites that use DNS-based load balancing like Akamai and
>>>> Savvis ITM would be in big trouble if CNAME chains weren't allowed.
>>>>
>>>> $ dig download.microsoft.com
>>>>
>>>> ; <<>> DiG 9.3.4 <<>> download.microsoft.com
>>>> ;; global options:  printcmd
>>>> ;; Got answer:
>>>> ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5269
>>>> ;; flags: qr rd ra; QUERY: 1, ANSWER: 13, AUTHORITY: 0, ADDITIONAL:
>>>> 0
>>>>
>>>> ;; QUESTION SECTION:
>>>> ;download.microsoft.com.      IN A
>>>>
>>>> ;; ANSWER SECTION:
>>>> download.microsoft.com. 2566  IN CNAME main.dl.ms.akadns.net.
>>>> main.dl.ms.akadns.net.  52 IN CNAME dom.dl.ms.akadns.net.
>>>> dom.dl.ms.akadns.net.   52 IN CNAME dl.ms.d4p.net.
>>>> dl.ms.d4p.net.    3790  IN CNAME dl.ms.georedirector.akadns.net.
>>>> dl.ms.georedirector.akadns.net.  1189 IN  CNAME a767.ms.akamai.net.
>>>>         
>>> That's odd... my locla bind server gives me a completely different
>>> set of file A records:
>>>       
>> That's what Akamai (and other CDNs) does -- we have thousands of
>> servers around the Internet, and use them to balance load and send
>> you to the closest or least loaded server.  Different users will
>> likely get different responses, and even a single user may get
>> different responses if they wait 5-10 minutes between lookups.
>>     
>
> While this can be a good thing, especially for an entity as large as 
> Google.
>
>   
>>> Is this some sort of crazy load balancing akamai.net is doing? Seeing
>>> all those CNAMEs when doing the lookup for 'akamai.net' seems VERY
>>> inefficient.
>>>       
>> Yes, it's crazy load balancing.  It allows us to react quickly to down
>> or overloaded servers, network congestion, routing problems, etc.
>> Note that the first level of CNAMEs has reasonably long TTLs, and
>> only the A records have very short TTLs, so you don't have to look up
>> the entire CNAME chain every time.
>>     
>
> Ok, but still, having tiny TTL's in the A records means there's going to 
> be a LOT of activity between any slaves. While I understand that it's 
> all in the name of load balancing, I still find it strange, as  I always 
> understood having so many inconsistencies between slaves was something a 
> good dns admin wants to avoid :)
>
>   
They're not "slaves" in the regular sense, they're just DNS responders 
that give out geographically- and/or topologically-customized responses. 
"Inconsistency", as per the classic model, is not just a side-effect of 
their technology, it's actually the whole *point* of it.

                                                                         
               - Kevin

More information about the bind-users mailing list