> -----Original Message----- > From: Chris Buxton [mailto:cbux...@menandmice.com] > Sent: 16 June 2009 15:40 > To: Braebaum, Neil > Cc: Bind Mailing > Subject: Re: Questions about DNAME records > > On Jun 16, 2009, at 1:37 AM, Braebaum, Neil wrote: > > What I was getting at - probably worded poorly - was say I > wanted to > > provide resolution for something like:- > > > > _service._tcp.example.com. > > > > if I'd previously created the DNAME record (example.com. IN > > DNAME example2.com.), would creating a SRV RR > record in > > example2.com.:- > > > > _service._tcp.example2.com. > > > > work as resolution for it? > > Yes. The final and complete answer will be: > > _service._tcp.example.com. IN CNAME > _service._tcp.example2.com. > _service._tcp.example2.com. IN SRV ... 4 fields here ... > > > As to the forwarding thing, what I was thinking of, is that > > example2.com. forwards out to internet DNS servers for external > > resolution > > Unfortunately, that's a nonsensical assertion. A domain does > not forward. A DNS server forwards.
OK, the DNS servers that are authoritative for example2.com. > > and it just so happens that example.com. is a namespace we use > > externally. So would it work in the scenario I've given, that if I > > wanted to provide resolution for _service._tcp.example.com. (if it > > works with the DNAME scenario I've described above), would other > > records for example.com. that aren't catered for in > example2.com., be > > obtained by merit of example2.com. forwarding? Or would the DNAME > > configuration not allow it? > > A DNAME record precludes child names. That is, you cannot > have any names of the form "foo.example.com" and also have a > DNAME record named "example.com". > > > I guess what I'm wondering is that if example.com. is DNAMEd to > > example2.com. and the records aren't in example2.com. does > the enquiry > > end there, or could / would the question be dealt with by merit of > > example2.com. forwarding to internet DNS servers? > > If you have a DNAME record named example.com, then aside from > other records named example.com, there cannot be any other > records in the example.com zone. No subdomains are allowed. I think this is why I'm struggling to fully understand the DNAME usage - the example I gave above:- _service._tcp.example.com. would (effectively) be subdomain records from example.com. that I'm hoping to be able to provide responses for by using:- example.com. IN DNAME example2.com. and creating:- _service._tcp.example2.com. SRV resource records in example2.com., which you said would work above. > So if example.com is hosted on the outside, and example2.com > is internal, an internal resolver will see the external DNAME > record (and related, synthesized CNAME records) and be able > to resolve them inside example2.com (assuming it can find > example2.com). What I was hoping to do was create, or perhaps more correctly, cater for a specific and small number of records for example.com. (by DNAME'ing to example2.com.) internally, by creating a very simple zone with the DNAME to example2.com. - merely to provide answers for these resource records, that I don't want - nor are relevant - to the external use of example.com. example.com. is known on the internet, provided by a managed service DNS provided, and hosts some ecom related DNS records. I'm kind of being forced down the track of providing some resolution for some specific records (the resource records I've given examples for) internally (because of the domain name used for some email addresses), but I don't want to provide a fully authoritative zone for example.com. internally, because I don't want to have to maintain duplicate records in an internal example.com. authoritative zone, and for the external example.com. zone, and because I don't want to have to maintain or expose these resource records in my external example.com. zone. So what I was wondering was, by merit of using a DNAME record, is whether I could host the small number of resource records (that really are subdomain records from example.com.), and using a DNAME record internally, provide them in example2.com., and because the nameservers that are authoritative for example2.com. forward to internet DNS servers, whether they would in the scenario that the internal name enquired on in example.com. isn't present in example2.com. (eg say, some of the ecom related records in the external example.com. that I don't really want to have to cater for internally, too). > If there is no external version of example2.com, then you're > creating problems, because a DNAME record from a public zone > to a strictly private zone will cause resolution for the > public for names in the example.com domain (except > example.com itself) to fail. example2.com. is purely an internal namespace, and I wasn't thinking of creating a DNAME record in my external example.com. domain. I was thinking of creating an internal zone for example.com., creating the DNAME record, so hopefully providing the resource records that are subdomain values for example.com., by creating them in my (internal) example2.com. (not known externally). What I was really driving at, was whether - by merit of the DNAME record - internal DNS questions for names in example.com. (assuming I setup an internal zone for example.com. simply with the DNAME to example2.com.) that were entries not created in example2.com. (so ecom DNS entries that are present in the external example.com.) would get no answer because the entries hadn't been created for them in the internal example2.com., or whether they could potentially be resolved because example2.com. (internal) nameservers forward to internet DNS servers, and would then find the external example.com. domain? > Unfortunately, if this explanation isn't clear, I would need > to know exactly what you're trying to accomplish, probably > including real names, in order to help further. My employer > offers confidential DNS consulting service for a fee, if that > would be useful to you. Thanks. I'm not sure I truly need that, yet - I was just trying to establish what would happen if I try and create a zone internally for example.com. merely using a DNAME (pointing to example2.com. internally), for the internal resource records I want, and whether, then, example2.com. nameservers would then forward (as normal) for any names requested in example.com. that it didn't have, or whether the question would get refused, there. Because of the subversion of namespaces, it's not a terrible easy scenario for me to test, without having some potential impact, but I'm sure that you and other gurus will know the answer to the DNAME questions I have. Neil ***************************************************************************** This email and its attachments are confidential to the intended recipient. If this has come to you in error, please notify the sender immediately and delete this email from your system. You must take no action based on this email, nor must you copy or disclose it or any part of its contents to any person or organisation. Please note that email communications may be monitored. The registered office of Shop Direct Limited is First Floor, Skyways House, Speke Road, Speke, Liverpool, L70 1AB, registered number 04730752. Subsidiary companies of Shop Direct Limited include: Shop Direct Group Financial Services Limited (SDGFS), Shop Direct Financial Services Limited (SDFS) and Shop Direct Finance Company Limited (SDFC). The registered office of SDGFS, SDFS and SDFC is Aintree Innovation Centre, Park Lane, Netherton, Bootle, L30 1SL, registered numbers 05200103 (SDGFS), 04730706 (SDFS) and 04660974 (SDFC). SDFS and SDFC are authorised and regulated by the Financial Services Authority in respect of arranging insurance products. Shop Direct Contact Centres Limited (SDCC) and Shop Direct Home Shopping Limited (SDHS). The registered office of SDCC and SDHS is First Floor, Skyways House, Speke Road, Speke, Liverpool, L70 1AB, registered numbers 05330323 (SDCC), 04663281 (SDHS). All companies registered in England. ***************************************************************************** _______________________________________________ bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
