In message <1401468033.15948.1445459552099.javamail.vpopm...@atl4oxapp02pod1.mg
t.hosting.qts.netsol.com>, Steve Arntzen writes:
Why does named perform a lookup for the A record when its IP is returned with
the CNAME in the first answer?
On 22.10.15 08:01, Mark Andrews wrote:
To prevent cache poisoning via cnames. It it simpler to always
lookup the target of the cname that to figure out if we would
accepted the following data.
server A has zones foo.example and bar.example configured
server B has zone bar.example configured
bar.example is only delegated to server B of the two server above.
The is a cname from www.foo.example -> www.bar.example
Server A return a complete answer but the www.bar.example data is
from the wrong zone instance. This happens accidentally in real
life.
I wonder if it's not enough to verify that the first response was received
from proper server.
Since play.l.google.com is a subdomain of play.google.com, the lookup would
go throuth google.com nameservers again...
when servers for bar.example are the same as servers for foo.example, the
already accepted answer for foo.example is expected to contain valid answer
for bar.example too...
--
Matus UHLAR - fantomas, uh...@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Depression is merely anger without enthusiasm.
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe
from this list
bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users
