Put record.ourdomain.com as a CNAME in both your internal and external
views.
Internal user will query internal view and get CNAME record to
record.client.otherdomain.com. Your recursive name server will look up
record.client.otherdomain.com and get the CNAME record to
otherhost.otherdomain.com. It will look up that name and get the A
record. Address is returned to the DNS client.
External user queries your authoritative serve for record.ourdomain.com
and get CNAME to record.client.otherdomain.com. Their recursive name
server will look up record.client.otherdomain.com and get the CNAME record
to otherhost.otherdomain.com. It will look up that name and get the A
record. Address is returned to the external DNS client.
--
William Brown
Messaging and Core Hosted Application Technical Teams
Technology Services, WNYRIC, Erie 1 BOCES
(716) 821-7285
Samantha Steers sam.fait...@gmail.com wrote on 03/16/2012 03:09:52 PM:
From: Samantha Steers sam.fait...@gmail.com
To: wbr...@e1b.org,
Date: 03/16/2012 03:09 PM
Subject: Re: external view recursion issue
Thank you for getting back to me.
We have a set up with internal and external views. The internal
is handling all the internal/recursive queries and the external is
supposed to be authoritative without recursion. I am trying to
reverse engineer the existing setup so I can match it. I guess the
long and short of it is, if there are CNAMES looking for
otherdomain.com
then recursion has to = yes on the existing server, correct?
The existing server is giving the result mentioned previously
(below) while the new server is giving REFUSED.
host record.ourdomain.com
record.ourdomain.com is an alias for
record.client.otherdomain.com.
record.client.otherdomain.com is an alias for
otherhost.otherdomain.com.
otherhost.otherdomain.com has address x.x.x.x
My thought is that it is either one way or the other, recursive or
not, and that the record are going to have to be changed when they
are migrated to the new servers to be A records pointing to the IP
of the related, existing CNAMES.
On Fri, Mar 16, 2012 at 1:47 PM, wbr...@e1b.org wrote:
Who will be using this in-house DNS server? Your local users? If yes,
then you will need to enable recursion so they can look up outside
resources (google.com, etc.)
If this server will strictly be an authoritative server for your domain,
then it won't need recursion but queries that return a CNAME will cause
the recursive server to look up anything in otherdomain.com, CNAME or A.
Samantha wrote on 03/16/2012 10:13:30 AM:
I am getting prepped to migrate dns from one service to in-house
servers. While going through the zone file to ensure I got
everything, I found that we have CNAME in our domain pointing to a
CNAME in another domain that is pointing to the A record in the other
domain:
host record.ourdomain.com
record.ourdomain.com is an alias for record.client.otherdomain.com.
record.client.otherdomain.com is an alias for
otherhost.otherdomain.com.
otherhost.otherdomain.com has address x.x.x.x
To duplicate this exactly on our servers, it appears that I have to
enable recursion but the provider said that they are not doing that.
I get the feeling that I am not going to get the information from
them on how they are accomplishing this without recursion.
Right now I have replaced the CNAME with an A record pointing to the
IP directly and am getting the proper results, but feel that this
leaves me having to watch for changes that the otherdomain.com
administrator might make.
Am I missing something else that I can do to replicate? A separate
external view?
Confidentiality Notice:
This electronic message and any attachments may contain confidential or
privileged information, and is intended only for the individual or entity
identified above as the addressee. If you are not the addressee (or the
employee or agent responsible to deliver it to the addressee), or if this
message has been addressed to you in error, you are hereby notified that
you may not copy, forward, disclose or use any part of this message or any
attachments. Please notify the sender immediately by return e-mail or
telephone and delete this message from your system.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users