Allowing resolution of off-server CNAMEs
Joseph S D Yao
jsdy at tux.org
Wed Jul 13 21:36:57 UTC 2011
On Fri, Jul 08, 2011 at 10:26:16AM -0700, Chris Buxton wrote:
> On Jul 8, 2011, at 9:11 AM, Joseph S D Yao wrote:
> > I'd rather that recursion controls only control recursion.
> > And not forwarding - have separate forwarding controls, says I.
>
> Forwarding is a response to a recursive query. For an iterative query, even if you have recursion enabled, the server won't forward the query. Therefore, it is logical that it be controlled with the same settings as recursion.
>
> What problem are you trying to solve? A dangling CNAME such as you describe is a normal behavior that caching resolvers are easily able to follow.
Thanks to those who responded.
The real problem is not with sub.tld.example, but with
otherzone.faraway.example which works most of the time in most of the
world. When it fails, people do an MSW 'nslookup' targeted at my
system, and see nothing until I have described to them several times how
to get a CNAME record with MSW 'nslookup' and what it means.
Yes, not as secure. But less time explaining why.
And I realize I have gotten sloppy about the difference between
recursive and iterative - bad me!
--
/*********************************************************************\
**
** Joe Yao jsdy at tux.org - Joseph S. D. Yao
**
\*********************************************************************/
More information about the bind-users
mailing list