HPE Community
Operating System - Linux
1822430 Members
3179 Online
109642 Solutions
New Discussion юеВ

Is there a workaround to the DNS option 'multiple-cnames'?

 
viseth
Occasional Advisor

тАО12-22-2005 03:29 AM

тАО12-22-2005 03:29 AM

Is there a workaround to the DNS option 'multiple-cnames'?

Hi all,

I've be chasing the internet for a workaround regarding 'multiple-cnames' no more being "supporte" by BIND 9.2x (actually multiple-cnames has never been DNS compliant as stated in the RFC 1034 - but RFC 1034 has been loosen up to meet RFC 2181 for DNSSEC... ).

My customer is using BIND 8.x thus the option 'multiple-cnames' can still be used. But we are migrating towards BIND 9.2.3 which does not support that option any more thus leading to failed zones transferts...

How can I get things working... I can change the CNAME to A RRs but I not quite sure if it is the best solution. Can anyone help me out!

Many thanks and by the way happy Xmas!

Regards,

\Viseth
0 Kudos
Reply
7 REPLIES 7
Ivan Ferreira
Honored Contributor

тАО12-22-2005 05:01 AM

тАО12-22-2005 05:01 AM

Re: Is there a workaround to the DNS option 'multiple-cnames'?

You can safely change CNAME to A records. Anyway, when you use CNAME, the CNAME is resolved to another name, and then the another name to the A record. So, you could even reduce que number of queries by specifying directly an A record instead of CNAME.

Happy Xmas for you also!
Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?
0 Kudos
Reply
Geoff Wild
Honored Contributor

тАО12-22-2005 08:47 AM

тАО12-22-2005 08:47 AM

Re: Is there a workaround to the DNS option 'multiple-cnames'?

I need to understand more what the client wants.

Yes 'multiple-cnames' is no longer an option - but what are they trying to do with cnames?

Are they trying to point say blue to the a records of hosta and hostb?

Are they trying "poor mans" round robin?

You can create an A record for blue twice - pointing to the ip address of hosta and hostb.

Not a good thing to do really:

By being A records - there is no true round robin - only hit and miss├в ┬ж..

Example - if say hosta is down├в ┬жand a server does a ping to blue - there is a 50% chance that it will resolve to hosta - and if it does - it will fail - 100% packet loss...

The correct way to do round robin for example email - is to create MX records├в ┬ж


blue.cliendomain.net. 3600 IN MX 10 hosta.cliendomain.net.
smtpcal1.pcacorp.net. 3600 IN MX 10 hostb.cliendomain.net.

Rgds...Geoff


Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.
0 Kudos
Reply
viseth
Occasional Advisor

тАО12-22-2005 07:59 PM

тАО12-22-2005 07:59 PM

Re: Is there a workaround to the DNS option 'multiple-cnames'?

Hi Geoff!

First, thanks for your answer. But can you explain how you can do round-robin with your MX example?

I agree with you that it can fail if we set this configuration:

Replace faulty configuration using multiple-cnames:
foo1.bar.baz. 60 IN A 192.168.1.1
foo2.bar.baz. 60 IN A 192.168.1.2
foo3.bar.baz. 60 IN A 192.168.1.3
foo.bar.baz. 60 IN CNAME foo1.bar.baz.
foo.bar.baz. 60 IN CNAME foo2.bar.baz.
foo.bar.baz. 60 IN CNAME foo3.bar.baz.


by that one:

foo1.bar.baz. 60 IN A 192.168.1.1
foo2.bar.baz. 60 IN A 192.168.1.2
foo3.bar.baz. 60 IN A 192.168.1.3
foo.bar.baz. 60 IN A 192.168.1.1
foo.bar.baz. 60 IN A 192.168.1.2
foo.bar.baz. 60 IN A 192.168.1.3


I think true round-robin will occur. Maybe it is better to set the TTL to 0 (no caching)?


Regards,

\Viseth
0 Kudos
Reply
Geoff Wild
Honored Contributor

тАО12-23-2005 12:57 AM

тАО12-23-2005 12:57 AM

Re: Is there a workaround to the DNS option 'multiple-cnames'?

Sure - by setting the MX value the same on both servers (10 in my case) - when another server wants to send me mail - it looks up the MX record - chooses the lowest route - in this case - both are the same - so it just picks one - and sends the email.

Benefit is - if hosta is busy (or down) then the mail goes directly to hostb.

How to add with nsupdate:

# nsupdate
> update add blue.cliendomain.net. 3600 IN MX 10 hosta.cliendomain.net.
> update add blue.cliendomain.net. 3600 IN MX 10 hostb.cliendomain.net.
>

Even with a TTL of 0 in your last post - you still risk if hosta is down or doesn't respond - it will not go to hostb...

Rgds...Geoff
Proverbs 3:5,6 Trust in the Lord with all your heart and lean not on your own understanding; in all your ways acknowledge him, and he will make all your paths straight.
0 Kudos
Reply
Ivan Ferreira
Honored Contributor

тАО12-23-2005 01:13 AM

тАО12-23-2005 01:13 AM

Re: Is there a workaround to the DNS option 'multiple-cnames'?

Remember that nsupdate is only for Dynamic DNS.

Now, what do you really want to do? You can get a better load balancing system by using LVS.
Por que hacerlo dificil si es posible hacerlo facil? - Why do it the hard way, when you can do it the easy way?
0 Kudos
Reply
viseth
Occasional Advisor

тАО01-02-2006 01:01 AM

тАО01-02-2006 01:01 AM

Re: Is there a workaround to the DNS option 'multiple-cnames'?

Hello Everyone!
Happy new year 2006! May the success be round the corner! Hope that everyone has spent a good time at Xmas'eve and new year's eve!

Well, back to work! Does someone kown about a workaround of the DNS option 'multiple-cnames'. My customer is using that option to avoid DNS reply in round-robin fashion. By using multiple CNAMES, the answer sent from the DNS server is the same during the TTL time attached to the CNAME records thus no real round-robin, if you see what I mean.

Many thanks for your reply!

regards,

\Viseth

0 Kudos
Reply
Bill Thorsteinson
Honored Contributor

тАО01-04-2006 04:28 AM

тАО01-04-2006 04:28 AM

Re: Is there a workaround to the DNS option 'multiple-cnames'?

Bind will rotate the order on each request.
Try querying one of the authorative servers.
Downstream servers may not rotate the IP
address.
Bind9 allows you to sey cyclic or random
ordering.
Non-rotation is likely a problem with one or
more intermediate DNS servers.
0 Kudos
Reply
The opinions expressed above are the personal opinions of the authors, not of Hewlett Packard Enterprise. By using this site, you accept the Terms of Use and Rules of Participation.