1
I'm running BIND 9.9.4 in a master/slave configuration on Redhat 7.4 with chroot. The servers are set with the "recursion no;" option in the named.conf file. I have an entry in one of my zone files:
test IN CNAME server.outsidedomain.com.
When I query the dns server for test.mydomain.com I would like it to return the IP address of server.outsidedomain.com but not "recurse" any other lookups (actually I have a handful of CNAME records that refer to hosts outside my domain).
Zone file snippet: (sanitized)
$TTL 3h
@ IN SOA ns01.mydomain.com. admin.mydomain.com. (
2018032007 ; serial number
2h ; refresh
1h ; retry
4d ; expire
1d ; default TTL
)
@ NS ns01.mydomain.com.
@ NS ns02.mydomain.com.
test CNAME server.outsidedomain.com.
named.conf snippet: (sanitized)
options {
listen-on port 53 { any; };
directory "/var/named";
dump-file "/var/named/data/cache_dump.db";
statistics-file "/var/named/data/named_stats.txt";
memstatistics-file "/var/named/data/named_mem_stats.txt";
allow-query { any; };
allow-query-cache { 1.1.1.2; };
allow-transfer { key "ns02.mydomain.com"; };
recursion no;
dnssec-enable yes;
dnssec-lookaside auto;
dnssec-validation yes;
/* Path to ISC DLV key */
bindkeys-file "/etc/named.iscdlv.key";
managed-keys-directory "/var/named/dynamic";
pid-file "/run/named/named.pid";
session-keyfile "/run/named/session.key";
version "Unavailable";
};
nslookup output: (sanitized)
# nslookup test.mydomain.com
Server: 1.1.1.1
Address: ns01.mydomain.com
Name: server.outsidedomain.com
dig output: (sanitized)
dig test.mydomain.com
; <<>> DiG 9.11.3 <<>> test.mydomain.com
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36042
;; flags: qr aa rd; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1
;; WARNING: recursion requested but not available
;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;test.mydomain.com. IN A
;; ANSWER SECTION:
test.mydomain.com. 10800 IN CNAME server.outsidedomain.com.
I would like/expect to see: (sanitized)
# nslookup test.mydomain.com
Server: ns01.mydomain.com
Address: 1.1.1.1
Name: server.outsidedomain.com
Address: 5.5.5.5
Aliases: test.mydomain.com
This is kind of what recursion does. see the description here for how a remote-zone CNAME request is resolved: https://ns1.com/articles/comparing-alias-and-cname-records
– Frank Thomas – 2018-03-26T19:31:21.180Why do you want that it returns the IP address for the CNAME? This is contrary to how the DNS protocol works (if your nameserver is not authoritative on the zone where the CNAME target is). – Patrick Mevzek – 2018-03-26T21:49:34.827
Thank you. The article was helpful. You have confirmed how I thought things (should) work. I have a working knowledge of DNS and know enough to be dangerous. Thank you for sharing your knowledge!! – John Malia – 2018-03-28T14:36:44.017