Re: Allow recursion for esternal resources in a authoritative zone on a not open dns server
Hello Stefano, the standard query path for DNS is client - caching DNS - authoritative DNS Your BIND Server is probably on the very right of that picture, the authoritative (only) server. Such an authoritative only server only answers with data it is authoritative for (like you described). In case of the CNAME pointing to an domain-name the server is not authoritative for, the authoritative server will send the CNAME to the caching server. The caching server should be able to resolve any domain name that is reachable via the normal (iterative) name resolution, starting at the root-server system. On receiving the CNAME record, it is the task of the caching DNS Server to resolve the CNAME to an final record (A, or whatever has been requested by the client) and then return the full final answer (all CNAMEs + final record with data) to the client. There is nothing special to configure in BIND, only you need a BIND DNS Server acting as a cache server. A client should never directly talk to a authoritative (only) DNS Server. It should always go through an intermediate caching. Best regards Carsten Strotmann Chiesa Stefano stefano.chi...@wki.it writes: Hello all. I have a closed bind dns server. It answers only to queries related to zones it is authoritative for (a normal behaviour... right?). I have dns zones that contain cname that points to hostnames in domains not managed by that server. So it won't resolve that names returning the cname to the client. I'd like to know if there is a way to tell to BIND if the external resource is in a domain managed by you, resolve (do recourse) Do you know if it is possible? Thanks in advance, Stefano. Stefano Chiesa Wolters Kluwer Italia Network Specialist Strada 1, Palazzo F6 20090 Milanofiori Assago (Mi) - Italia Phone +39 0282476279 (20279 Voip) Fax +39 0282476815 ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Allow recursion for esternal resources in a authoritative zone on a not open dns server
Barry Margolin bar...@alum.mit.edu wrote: If the server is authoritative for both the CNAME and the target of the CNAME, no recursion should be necessary -- the target is already in its memory. Doesn't the server normally fill in the whole CNAME chain in this case? Yes - see the additional-from-auth configuration option. Tony. -- f.anthony.n.finch d...@dotat.at http://dotat.at/ Forties, Cromarty: East, veering southeast, 4 or 5, occasionally 6 at first. Rough, becoming slight or moderate. Showers, rain at first. Moderate or good, occasionally poor at first. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Allow recursion for esternal resources in a authoritative zone on a not open dns server
On 18.11.13 13:57, Chiesa Stefano wrote: I have a closed bind dns server. It answers only to queries related to zones it is authoritative for (a normal behaviour... right?). I have dns zones that contain cname that points to hostnames in domains not managed by that server. So it won't resolve that names returning the cname to the client. I'd like to know if there is a way to tell to BIND if the external resource is in a domain managed by you, resolve (do recourse) There is not. Either bind does recurse, or it does not. If a DNS server is authoritative-only, it is only contacted by other (recursive) DNS servers that would (or, at least should) not trust what it says in ADDITIONAL section of its responses (where the CNAME content in non-authoritative cases belongs to). -- Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/ Warning: I wish NOT to receive e-mail advertising to this address. Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu. Christian Science Programming: Let God Debug It!. ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Allow recursion for esternal resources in a authoritative zone on a not open dns server
In message e81ed6071f7e3e44a69bc960c04469250c1a2...@s-mi-mail2.milano.wkitaly.it, Chiesa Stefano writes: Hello all. I have a closed bind dns server. It answers only to queries related to zones it is authoritative for (a normal behaviour... right?). I have dns zones that contain cname that points to hostnames in domains not managed by that server. So it won't resolve that names returning the cname to the client. This is correct operation. Recursive/iterative servers talking to it do not need your server to resolve the target of the cname. They will go ask the nameservers for the target of the cname themselves then combine the two answers and return that to the caller. Stub resolvers need to talk to a recursive server so it can do this work on their behalf. I'd like to know if there is a way to tell to BIND if the external resource is in a domain managed by you, resolve (do recourse) Do you know if it is possible? No. Thanks in advance, Stefano. Stefano Chiesa Wolters Kluwer Italia Network Specialist Strada 1, Palazzo F6 20090 Milanofiori Assago (Mi) - Italia Phone +39 0282476279 (20279 Voip) Fax +39 0282476815 ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Allow recursion for esternal resources in a authoritative zone on a not open dns server
In article mailman.1694.1384820048.20661.bind-us...@lists.isc.org, Mark Andrews ma...@isc.org wrote: In message e81ed6071f7e3e44a69bc960c04469250c1a2...@s-mi-mail2.milano.wkitaly.it, Chiesa Stefano writes: I'd like to know if there is a way to tell to BIND if the external resource is in a domain managed by you, resolve (do recourse) Do you know if it is possible? No. If the server is authoritative for both the CNAME and the target of the CNAME, no recursion should be necessary -- the target is already in its memory. Doesn't the server normally fill in the whole CNAME chain in this case? -- Barry Margolin Arlington, MA ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Allow recursion for esternal resources in a authoritative zone on a not open dns server
In message barmar-90ddc3.19453818112...@news.eternal-september.org, Barry Margolin writes: In article mailman.1694.1384820048.20661.bind-us...@lists.isc.org, Mark Andrews ma...@isc.org wrote: In message e81ed6071f7e3e44a69bc960c04469250c1a2...@s-mi-mail2.milano.wkitaly.it, Chiesa Stefano writes: I'd like to know if there is a way to tell to BIND if the external resource is in a domain managed by you, resolve (do recourse) Do you know if it is possible? No. If the server is authoritative for both the CNAME and the target of the CNAME, no recursion should be necessary -- the target is already in its memory. Doesn't the server normally fill in the whole CNAME chain in this case? The targets of the CNAME records are not on the machine as per the original description of the problem. I have dns zones that contain cname that points to hostnames in domains not managed by that server. Mark -- Barry Margolin Arlington, MA ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users -- Mark Andrews, ISC 1 Seymour St., Dundas Valley, NSW 2117, Australia PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
Re: Allow recursion for esternal resources in a authoritative zone on a not open dns server
In article mailman.1696.1384823151.20661.bind-us...@lists.isc.org, Mark Andrews ma...@isc.org wrote: In message barmar-90ddc3.19453818112...@news.eternal-september.org, Barry Margolin writes: In article mailman.1694.1384820048.20661.bind-us...@lists.isc.org, Mark Andrews ma...@isc.org wrote: In message e81ed6071f7e3e44a69bc960c04469250c1a2...@s-mi-mail2.milano.wkitaly.it, Chiesa Stefano writes: I'd like to know if there is a way to tell to BIND if the external resource is in a domain managed by you, resolve (do recourse) Do you know if it is possible? No. If the server is authoritative for both the CNAME and the target of the CNAME, no recursion should be necessary -- the target is already in its memory. Doesn't the server normally fill in the whole CNAME chain in this case? The targets of the CNAME records are not on the machine as per the original description of the problem. I have dns zones that contain cname that points to hostnames in domains not managed by that server. I saw that, but the question says If the external resource is in a domain managed by you. The external resource is the target of the CNAME, and managed by you means the server is authoritative for it. I admit I found the question confusing, since it seems to start with one premise, but then ask a question about a different one. -- Barry Margolin Arlington, MA ___ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users