On Mar 4, 2013, at 15.26, Verne Britton <ve...@wvnet.edu> wrote: > > On 3/4/2013 2:45 PM, Barry Margolin wrote: >> In article <mailman.1592.1362422631.11945.bind-us...@lists.isc.org>, >> Verne Britton <ve...@wvnet.edu> wrote: >> >>> I have been testing and testing and either just don't see what I'm doing >>> wrong, or have a learning block :-) >>> >>> current thinking is that a open recursion DNS server is bad, so we want to >>> implement an allow-recursion clause; perhaps even make some views so our >>> local users still recurse while the general public cannot ... >>> >>> but I am running into a roadblock with our Google Apps cname: >>> >>> gmail.wvstateu.edu is a cname to ghs.google.com >>> >>> and bind wants recursion turned on in order to translate it. >> >> What's the problem? >> >> If the query comes from a local user, recursion will be allowed, and the >> CNAME will be resolved. >> >> If the query comes from a remote resolver, recursion shouldn't even be >> requested. You'll respond with the CNAME, and the remote resolver will >> then do its own lookup of that. >> > > Barry asks whats my problem ... > > > ***** it doesn't work :-) :-)
"it doesn't work" is not a helpful problem description. where is the demonstration of "it doesn't work"? at this stage, that would likely be more useful than pages of configs. also, given a reasonably current version of bind, named-checkconf -p would probably be a more effective way to share your config. > for some reason my server wants to do the CNAME resolution itself instead of > just returning the CNAME alone ... perhaps I have something configured wrong. > Don't know if I'm being hit with queries from other DNS servers or from end > users ... this is easy to determine by inspecting the logs. it may be necessary to enable query logging. > HEY ... maybe thats the answer ... perhaps all my testing and all my > complaints are from staff who go home and use their campus configs at home > ... and try to use the public authoritative server as their personal > resolving (recursing) server are dns servers being statically set on clients rather than via dhcp [or such]? -ben _______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
