Reply

Cname chain resolution using forward ( CNAME returned to client but no IP)

Member
Posts: 1
543     0

Hello Community,

 

I need for a problem observed on my infoblox DNS:
We have a central and internal DNS server (without external/internet acces) configured in our clients to resolve internal zone and forward some specific external zones (via forwarders ).
for the majority of external zones it works....
When my client needs for some reason resolve public domain ex: "DOMAIN.COM", we configure DOMAIN.COM as forward zone using forwarder (let call it forwarder1).
The steps followed are :
1- My client send request to the internal DNS (with recurs to 1)
2- My internal DNS forward the request to the forwarder1

3- forwarder1 resolves the query (using root DNS) and return the response to my internal DNS.

4- My internal DNS respond to the client .....and works like a charm....

But the problem i'm facing is only when my client needs to resolve CNAME of my forward zone(DOMAIN.COM) but this CNAME is chained to an other CNAME in an different zone than my DOMAIN.COM example ( "software.DOMAIN.COM" is a CNAME pointing "domain.cdnprovider.com" ) in this case my client receives only "domain.cdnprovider.com" as response to the query but never the A record....when i tried to troubleshoot this is what i observed on my traffic capture:

1- My client send request to the internal DNS (with recurs to 1)
2- My internal DNS forward the request to the forwarder1 (with recursivity requested)

3- forwarder1 resolves the query (using root DNS) and return the response to my internal DNS(both the CNAME and A Record) are returned to my internal DNS .

4- My internal DNS respond to the client only with the CNAME and remove the A Record.

So i suppose that my internal DNS, tried to resolve domain.cdnprovider.com but since there is no forward zone for "cdnprovider.com" the  in my config, he tried to resolve it (ignoring the A Record received from the forwarder1 -idk why?-) using the root DNS (since no forwarder is configured) but fail since he have no external access.(am i right with my guess?)

So my question now , is there any solution to make my internal DNS returns the all resolution (with A record ) without trying to resolve it itself? cause trying to add forward zone for all chained CNAME....and zones are just impossible to maintain...

Regards,

Showing results for 
Search instead for 
Did you mean: 

Recommended for You

Demo: Infoblox IPAM plug-in integration with OpenStack Newton