Makes sense. Better safe than sorry.
Thanks, Steve. > > On October 21, 2015 at 4:01 PM Mark Andrews <ma...@isc.org> wrote: > > > > To prevent cache poisoning via cnames. It it simpler to always > lookup the target of the cname that to figure out if we would > accepted the following data. > > server A has zones foo.example and bar.example configured > server B has zone bar.example configured > > bar.example is only delegated to server B of the two server above. > > The is a cname from www.foo.example -> www.bar.example > > Server A return a complete answer but the www.bar.example data is > from the wrong zone instance. This happens accidentally in real > life. > > Mark > > In message > <1401468033.15948.1445459552099.javamail.vpopm...@atl4oxapp02pod1.mg > t.hosting.qts.netsol.com>, Steve Arntzen writes: > > > > I'm sure there's a good, simple reason for this, I just can't seem to > > find th > > e > > answer searching on the Internet. > > > > > > Why does named perform a lookup for the A record when its IP is returned > > with > > the CNAME in the first answer? > > > > > > Using dig, I find play.google.com is a CNAME for play.l.google.com. > > > > > > When asked to resolve it, named will first look for play.google.com. The > > res > > ult > > will include the CNAME and the IP of the A record. > > > > > > Named then makes a second request to resolve the A record. > > > > > > Thanks in advance, > > > > > > Steve. > > ------=_Part_15947_1241356502.1445459552087 > > MIME-Version: 1.0 > > Content-Type: text/html; charset=UTF-8 > > Content-Transfer-Encoding: 7bit > > > > <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" > > "http://www.w3.org/T > > R/xhtml1/DTD/xhtml1-strict.dtd"> > > > > <html xmlns="http://www.w3.org/1999/xhtml";><head> > > <meta http-equiv="Content-Type" content="text/html; charset=UTF-8"/> > > </head><body><p>I'm sure there's a good, simple reason for this, I j > > ust can't seem to find the answer searching on the > > Internet.</p><p><br></ > > p><p>Why does named perform a lookup for the A record when its IP is > > returned > > with the CNAME in the first answer?</p><p><br></p><p>Using dig, I find > > play. > > google.com is a CNAME for play.l.google.com.</p><p><br></p><p>When asked > > to r > > esolve it, named will first look for play.google.com. The result will i > > nclude the CNAME and the IP of the A record.</p><p><br></p><p>Named then > > make > > s a second request to resolve the A record.</p><p><br></p><p>Thanks in > > advanc > > e,</p><p><br></p><p>Steve.</p></body></html> > > ------=_Part_15947_1241356502.1445459552087-- > > > > --===============7115022951714415033== > > Content-Type: text/plain; charset="us-ascii" > > MIME-Version: 1.0 > > Content-Transfer-Encoding: 7bit > > Content-Disposition: inline > > > > _______________________________________________ > > Please visit https://lists.isc.org/mailman/listinfo/bind-users to > > unsubscribe > > from this list > > > > bind-users mailing list > > bind-users@lists.isc.org > > https://lists.isc.org/mailman/listinfo/bind-users > > --===============7115022951714415033==-- > -- > Mark Andrews, ISC > 1 Seymour St., Dundas Valley, NSW 2117, Australia > PHONE: +61 2 9871 4742 INTERNET: ma...@isc.org >
_______________________________________________ Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
