[Pdns-dev] Possible bug in authoritative server CNAME toremote
domains?
Darren Gamble
Darren.Gamble at sjrb.ca
Tue Jun 2 12:38:37 CEST 2009
> Please look at:
>
http://mailman.powerdns.com/pipermail/pdns-users/2007-August/004666.html
>
http://mailman.powerdns.com/pipermail/pdns-users/2007-August/004667.html
>
> Your PowerDNS server is authoritative to wfdnstestscript.me but not to
> blogware.com, is it?
>
>
> > So it seems that even pdns comments thinks it shouldn't be sending
the
> > SERVFAIL response in the external CNAME redirection case, however it
is.
>
> Only if recursion is enabled.
Maybe there is something that I am missing here, but I'd otherwise have
to respectively disagree.
You can serve an out-of-balliwick CNAME data for an in-balliwick name.
If recursion is disabled, the server won't do any work for you, but
NOERROR should be returned. The cache won't believe anything you say
about that name, of course, but should still independently chase down
the applicable RR of the target. To my knowledge all DNS caches do
this, including pdns-recursor (yes, I did just test it now to be sure).
We do also have this setup for a handful of our own names, although we
don't use the auth PowerDNS server here, just the recursor. It works
fine - exactly as Mark Zealey is expecting it to.
Perhaps Bert can comment?
============================
Darren Gamble
Systems Architect, Regional Services
Shaw Cablesystems GP
630 - 3rd Avenue SW
Calgary, Alberta, Canada
T2P 4L4
(403) 781-4948
More information about the Pdns-dev
mailing list