Introducing SOC Insights for BloxOne Threat Defense: Boost your SOC efficiency with AI-driven insights to eliminate manual work and accelerate investigation and response times. Read the blog announcement here.

NIOS DNS DHCP IPAM

Reply

Cname chain resolution using forward ( CNAME returned to client but no IP)

New Member
Posts: 1
3245     0

Hello Community,

 

I need for a problem observed on my infoblox DNS:
We have a central and internal DNS server (without external/internet acces) configured in our clients to resolve internal zone and forward some specific external zones (via forwarders ).
for the majority of external zones it works....
When my client needs for some reason resolve public domain ex: "DOMAIN.COM", we configure DOMAIN.COM as forward zone using forwarder (let call it forwarder1).
The steps followed are :
1- My client send request to the internal DNS (with recurs to 1)
2- My internal DNS forward the request to the forwarder1

3- forwarder1 resolves the query (using root DNS) and return the response to my internal DNS.

4- My internal DNS respond to the client .....and works like a charm....

But the problem i'm facing is only when my client needs to resolve CNAME of my forward zone(DOMAIN.COM) but this CNAME is chained to an other CNAME in an different zone than my DOMAIN.COM example ( "software.DOMAIN.COM" is a CNAME pointing "domain.cdnprovider.com" ) in this case my client receives only "domain.cdnprovider.com" as response to the query but never the A record....when i tried to troubleshoot this is what i observed on my traffic capture:

1- My client send request to the internal DNS (with recurs to 1)
2- My internal DNS forward the request to the forwarder1 (with recursivity requested)

3- forwarder1 resolves the query (using root DNS) and return the response to my internal DNS(both the CNAME and A Record) are returned to my internal DNS .

4- My internal DNS respond to the client only with the CNAME and remove the A Record.

So i suppose that my internal DNS, tried to resolve domain.cdnprovider.com but since there is no forward zone for "cdnprovider.com" the  in my config, he tried to resolve it (ignoring the A Record received from the forwarder1 -idk why?-) using the root DNS (since no forwarder is configured) but fail since he have no external access.(am i right with my guess?)

So my question now , is there any solution to make my internal DNS returns the all resolution (with A record ) without trying to resolve it itself? cause trying to add forward zone for all chained CNAME....and zones are just impossible to maintain...

Regards,

Re: Cname chain resolution using forward ( CNAME returned to client but no IP)

New Member
Posts: 1
3246     0

Hey,

 

did you get this resolved? We face the same issue.

 

Thanks!

Re: Cname chain resolution using forward ( CNAME returned to client but no IP)

Superuser
Posts: 105
3246     0

Hi,

 

Usually when we talk about forward zone, things need to check doest the allow recursive was checked or not?

 

Thanks

Re: Cname chain resolution using forward ( CNAME returned to client but no IP)

Authority
Posts: 9
3246     0

I was facing same issue too, apparently it seems enabled recursion and allow the Internal DNS to have internet connection would solve this issue of multiple CNAME chain resolution. However, i would like to seek if anyone has alternative solution to this.

Showing results for 
Search instead for 
Did you mean: 

Recommended for You

NIOS 8.6.3 – What’s New in DDI