So I'm been having dns issues for a while, differing issues that pop up and I knock them down , but another just came to my attention which has me stumped.
My external zone config has allow-recursion ( none; ); However I have some 3rd party sites that I CNAME too. Akamai for example, yes CNAME to CNAME , i know I know :).. Well my primary NS servers will only provide the CNAME record: ;; QUESTION SECTION: ;cdn.domain.net. IN A ;; ANSWER SECTION: cdn.domain.net. 300 IN CNAME cdn.domain.net.edgesuite.net. This causes all types of failures if just using dig, or Linux built in lookup mechanism, or heck Perl or PHP methods as well. None of the stated methods, know that they should now query cdn.domain.net.edgesuite.net, so they provide the CNAME and SERVFAIL or whatever. Is there a way to allow any host to actually do a recursive lookup if the request starts out on my domain, in order to receive the A record? Or do I just have to enable recursion on my external zone? The problem there obviously, is now joe and frank can use my dns servers because it performs a bit better than their ISP's. I don't want that, but I do want to provide the extended information for that CNAME record. Oh ya still on "bind-9.7.2-P3" , fedora based system I'm missing something, but since it's gosh knows who that will be querying for cdn.domain.net there really is no ACL I can use, it has to be all. And based on some failures, I have to do the leg work for each client, i have to provide them the necessary information in that one request. Thanks again Tory _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
