Re: external view recursion issue

[Ben Croswell]

If you are authoritative for a cname that points to an A elsewhere, your
server will resolve the cname and leave it to the client dns server to go
get the A from the server that hosts it.
On Mar 16, 2012 10:14 AM, Samantha Steers sam.fait...@gmail.com wrote:

 Hi,

 I am getting prepped to migrate dns from one service to in-house servers.
 While going through the zone file to ensure I got everything, I found that
 we have CNAME in our domain pointing to a CNAME in another domain that is
 pointing to the A record in the other domain:

 host record.ourdomain.com
 record.ourdomain.com is an alias for record.client.otherdomain.com.
 record.client.otherdomain.com is an alias for otherhost.otherdomain.com.
 otherhost.otherdomain.com has address x.x.x.x

 To duplicate this exactly on our servers, it appears that I have to enable
 recursion but the provider said that they are not doing that. I get the
 feeling that I am not going to get the information from them on how they
 are accomplishing this without recursion.

 Right now I have replaced the CNAME with an A record pointing to the IP
 directly and am getting the proper results, but feel that this leaves me
 having to watch for changes that the otherdomain.com administrator might
 make.

 Am I missing something else that I can do to replicate? A separate
 external view?

 Thanks.

 ___
 Please visit https://lists.isc.org/mailman/listinfo/bind-users to
 unsubscribe from this list

 bind-users mailing list
 bind-users@lists.isc.org
 https://lists.isc.org/mailman/listinfo/bind-users

___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: external view recursion issue

[WBrown]

Who will be using this in-house DNS server?  Your local users?  If yes, 
then you will need to enable recursion so they can look up outside 
resources (google.com, etc.)

If this server will strictly be an authoritative server for your domain, 
then it won't need recursion but queries that return a CNAME will cause 
the recursive server to look up anything in otherdomain.com, CNAME or A.

Samantha  wrote on 03/16/2012 10:13:30 AM:

 I am getting prepped to migrate dns from one service to in-house 
 servers. While going through the zone file to ensure I got 
 everything, I found that we have CNAME in our domain pointing to a 
 CNAME in another domain that is pointing to the A record in the other 
domain: 
 
 host record.ourdomain.com
 record.ourdomain.com is an alias for record.client.otherdomain.com.
 record.client.otherdomain.com is an alias for otherhost.otherdomain.com.
 otherhost.otherdomain.com has address x.x.x.x
 
 To duplicate this exactly on our servers, it appears that I have to 
 enable recursion but the provider said that they are not doing that.
 I get the feeling that I am not going to get the information from 
 them on how they are accomplishing this without recursion. 
 
 Right now I have replaced the CNAME with an A record pointing to the
 IP directly and am getting the proper results, but feel that this 
 leaves me having to watch for changes that the otherdomain.com 
 administrator might make. 
 
 Am I missing something else that I can do to replicate? A separate 
 external view? 




Confidentiality Notice: 
This electronic message and any attachments may contain confidential or 
privileged information, and is intended only for the individual or entity 
identified above as the addressee. If you are not the addressee (or the 
employee or agent responsible to deliver it to the addressee), or if this 
message has been addressed to you in error, you are hereby notified that 
you may not copy, forward, disclose or use any part of this message or any 
attachments. Please notify the sender immediately by return e-mail or 
telephone and delete this message from your system.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Re: external view recursion issue

[WBrown]

Put record.ourdomain.com as a CNAME in both your internal and external 
views.

Internal user will query internal view and get CNAME record to 
record.client.otherdomain.com.  Your recursive name server will look up 
record.client.otherdomain.com and get the CNAME record to 
otherhost.otherdomain.com.  It will look up that name and get the A 
record.  Address is returned to the DNS client.

External user queries your authoritative serve for record.ourdomain.com 
and get CNAME to record.client.otherdomain.com.  Their recursive name 
server will look up record.client.otherdomain.com and get the CNAME record 
to otherhost.otherdomain.com.  It will look up that name and get the A 
record.  Address is returned to the external DNS client.

-- 

William Brown
Messaging and Core Hosted Application Technical Teams
Technology Services, WNYRIC, Erie 1 BOCES
(716) 821-7285


Samantha Steers sam.fait...@gmail.com wrote on 03/16/2012 03:09:52 PM:

 From: Samantha Steers sam.fait...@gmail.com
 To: wbr...@e1b.org, 
 Date: 03/16/2012 03:09 PM
 Subject: Re: external view recursion issue
 
 Thank you for getting back to me. 
 
 We have a set up with internal and external views. The internal 
 is handling all the internal/recursive queries and the external is 
 supposed to be authoritative without recursion. I am trying to 
 reverse engineer the existing setup so I can match it. I guess the 
 long and short of it is, if there are  CNAMES looking for 
otherdomain.com
 then recursion has to  = yes on the existing server, correct?
 
 The existing server is giving the result mentioned previously 
 (below) while the new server is giving REFUSED. 
 
   host record.ourdomain.com
   record.ourdomain.com is an alias for 
 record.client.otherdomain.com.
   record.client.otherdomain.com is an alias for 
 otherhost.otherdomain.com.
   otherhost.otherdomain.com has address x.x.x.x
 
 My thought is that it is either one way or the other, recursive or 
 not, and that the record are going to have to be changed when they 
 are migrated to the new servers to be A records pointing to the IP 
 of the related, existing CNAMES. 
 
 On Fri, Mar 16, 2012 at 1:47 PM, wbr...@e1b.org wrote:
 Who will be using this in-house DNS server?  Your local users?  If yes,
 then you will need to enable recursion so they can look up outside
 resources (google.com, etc.)
 
 If this server will strictly be an authoritative server for your domain,
 then it won't need recursion but queries that return a CNAME will cause
 the recursive server to look up anything in otherdomain.com, CNAME or A.
 
 Samantha  wrote on 03/16/2012 10:13:30 AM:
 
  I am getting prepped to migrate dns from one service to in-house
  servers. While going through the zone file to ensure I got
  everything, I found that we have CNAME in our domain pointing to a
  CNAME in another domain that is pointing to the A record in the other
 domain:
 
  host record.ourdomain.com
  record.ourdomain.com is an alias for record.client.otherdomain.com.
  record.client.otherdomain.com is an alias for 
otherhost.otherdomain.com.
  otherhost.otherdomain.com has address x.x.x.x
 
  To duplicate this exactly on our servers, it appears that I have to
  enable recursion but the provider said that they are not doing that.
  I get the feeling that I am not going to get the information from
  them on how they are accomplishing this without recursion.
 
  Right now I have replaced the CNAME with an A record pointing to the
  IP directly and am getting the proper results, but feel that this
  leaves me having to watch for changes that the otherdomain.com
  administrator might make.
 
  Am I missing something else that I can do to replicate? A separate
  external view?
 




Confidentiality Notice: 
This electronic message and any attachments may contain confidential or 
privileged information, and is intended only for the individual or entity 
identified above as the addressee. If you are not the addressee (or the 
employee or agent responsible to deliver it to the addressee), or if this 
message has been addressed to you in error, you are hereby notified that 
you may not copy, forward, disclose or use any part of this message or any 
attachments. Please notify the sender immediately by return e-mail or 
telephone and delete this message from your system.
___
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users