[Pdns-users] CNAME record to an external domain

bert hubert bert.hubert at netherlabs.nl
Tue Sep 4 19:42:13 UTC 2007 

Marko, 

Now actually try if the domain resolves. It will. Nslookup is a very
confusing tool, and this is how DNS works.

	Bert

On Tue, Sep 04, 2007 at 09:37:54PM +0200, Marko Kobal wrote:
> Hi,
> 
> bert hubert pravi:
> >On Tue, Sep 04, 2007 at 06:47:05PM +0200, Marko Kobal wrote:
> >>However, I do have another question. If I want such a domain to be 
> >>resolvable (like www.urad.si CNAME urad.blogspot.com) I need to open 
> >>(allow) my recursor for the whole world. Would it not be better to 
> >
> >No, that is not needed. Resolvers will follow the CNAME chain regardless.
> 
> Hmmm ...
> 
> 
> In recursor.conf:
> 
> allow-from=127.0.0.1
> 
> In pdns.conf:
> 
> allow-recursion=127.0.0.1, 193.77.181.76
> 
> - 193.77.181.76 is the public IP of the DNS server we are talking about
> - urad.si is hosted on 193.77.181.76
> - www.urad.si CNAME urad.blogspot.com
> - urad.blogspot.com is an external domain
> 
> +++
> 
> Now, exec "nslookup www.urad.si dns1.arctur.si" on 193.77.124.79 host:
> 
> ---
> nslookup www.urad.si dns1.arctur.si
> Server:         dns1.arctur.si
> Address:        193.77.181.76#53
> 
> ** server can't find www.urad.si: SERVFAIL
> ---
> 
> ... from log:
> Not authoritative for 'urad.blogspot.com', sending servfail to 
> 193.77.124.79 (recursion was desired)
> 
> Now, exec "nslookup www.urad.si dns1.arctur.si" on the DNS server itself 
> (193.77.181.76):
> 
> ---
> nslookup www.urad.si dns1.arctur.si
> Server:         dns1.arctur.si
> Address:        193.77.181.76#53
> 
> Non-authoritative answer:
> www.urad.si     canonical name = urad.blogspot.com.
> urad.blogspot.com       canonical name = blogspot.l.google.com.
> Name:   blogspot.l.google.com
> Address: 72.14.207.191
> ---
> 
> +++
> 
> So I can limit recursor to not be available for external servers as an 
> service (this I have already done by putting it on the 5300 port and 
> closing into the firewall), but can NOT limit the PDNS to only "internaly" 
> recurse? Am I right or not?
> 
> What I want to do is that urad.blogspot.com would NOT be directly 
> resolvable from the whole world through my DNS server, that is:
> 
> nslookup urad.blogspot.com dns1.arctur.si
> Server:         dns1.arctur.si
> Address:        193.77.181.76#53
> 
> ** server can't find urad.blogspot.com: SERVFAIL
> 
> --> OK
> 
> But I want that www.urad.si woudl be resolvable ... Are we understanding 
> each other here? Is this possible to achieve or not?
> 
> 
> -- 
> Kind regards, Marko Kobal.
> 
> 
> !DSPAM:46ddb41d132731156014651!

-- 
http://www.PowerDNS.com      Open source, database driven DNS Software 
http://netherlabs.nl              Open and Closed source services

More information about the Pdns-users mailing list