Put record.ourdomain.com as a CNAME in both your internal and external 

Internal user will query internal view and get CNAME record to 
record.client.otherdomain.com.  Your recursive name server will look up 
record.client.otherdomain.com and get the CNAME record to 
otherhost.otherdomain.com.  It will look up that name and get the A 
record.  Address is returned to the DNS client.

External user queries your authoritative serve for record.ourdomain.com 
and get CNAME to record.client.otherdomain.com.  Their recursive name 
server will look up record.client.otherdomain.com and get the CNAME record 
to otherhost.otherdomain.com.  It will look up that name and get the A 
record.  Address is returned to the external DNS client.


William Brown
Messaging and Core Hosted Application Technical Teams
Technology Services, WNYRIC, Erie 1 BOCES
(716) 821-7285

Samantha Steers <sam.fait...@gmail.com> wrote on 03/16/2012 03:09:52 PM:

> From: Samantha Steers <sam.fait...@gmail.com>
> To: wbr...@e1b.org, 
> Date: 03/16/2012 03:09 PM
> Subject: Re: external view recursion issue
> Thank you for getting back to me. 
> We have a set up with "internal" and "external" views. The internal 
> is handling all the internal/recursive queries and the external is 
> supposed to be authoritative without recursion. I am trying to 
> reverse engineer the existing setup so I can match it. I guess the 
> long and short of it is, if there are  CNAMES looking for 
> then recursion has to  = yes on the existing server, correct?
> The existing server is giving the result mentioned previously 
> (below) while the new server is giving REFUSED. 
>               host record.ourdomain.com
>               record.ourdomain.com is an alias for 
> record.client.otherdomain.com.
>               record.client.otherdomain.com is an alias for 
> otherhost.otherdomain.com.
>               otherhost.otherdomain.com has address x.x.x.x
> My thought is that it is either one way or the other, recursive or 
> not, and that the record are going to have to be changed when they 
> are migrated to the new servers to be A records pointing to the IP 
> of the related, existing CNAMES. 
> On Fri, Mar 16, 2012 at 1:47 PM, <wbr...@e1b.org> wrote:
> Who will be using this in-house DNS server?  Your local users?  If yes,
> then you will need to enable recursion so they can look up outside
> resources (google.com, etc.)
> If this server will strictly be an authoritative server for your domain,
> then it won't need recursion but queries that return a CNAME will cause
> the recursive server to look up anything in otherdomain.com, CNAME or A.
> Samantha  wrote on 03/16/2012 10:13:30 AM:
> > I am getting prepped to migrate dns from one service to in-house
> > servers. While going through the zone file to ensure I got
> > everything, I found that we have CNAME in our domain pointing to a
> > CNAME in another domain that is pointing to the A record in the other
> domain:
> >
> > host record.ourdomain.com
> > record.ourdomain.com is an alias for record.client.otherdomain.com.
> > record.client.otherdomain.com is an alias for 
> > otherhost.otherdomain.com has address x.x.x.x
> >
> > To duplicate this exactly on our servers, it appears that I have to
> > enable recursion but the provider said that they are not doing that.
> > I get the feeling that I am not going to get the information from
> > them on how they are accomplishing this without recursion.
> >
> > Right now I have replaced the CNAME with an A record pointing to the
> > IP directly and am getting the proper results, but feel that this
> > leaves me having to watch for changes that the otherdomain.com
> > administrator might make.
> >
> > Am I missing something else that I can do to replicate? A separate
> > external view?

Confidentiality Notice: 
This electronic message and any attachments may contain confidential or 
privileged information, and is intended only for the individual or entity 
identified above as the addressee. If you are not the addressee (or the 
employee or agent responsible to deliver it to the addressee), or if this 
message has been addressed to you in error, you are hereby notified that 
you may not copy, forward, disclose or use any part of this message or any 
attachments. Please notify the sender immediately by return e-mail or 
telephone and delete this message from your system.
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe 
from this list

bind-users mailing list

Reply via email to