Wandering Thoughts archives

2007-07-03

How not to set up your DNS (part 14)

In the traditional illustrated format:

; sdig cname scrubber2.dom1.com @ns1.dom1.com
mta1.otherdom.com
mta2.otherdom.com

This is a well-intentioned and noble attempt to do round-robin CNAMEs. Unfortunately it doesn't work, because you can't have multiple CNAME records; you can have either one CNAME record or any number of other sorts of records. For what this domain is trying to do, they need to get the other domain to set up an mta-cluster.otherdom.com record with all of the IP addresses of their MTAs, and then CNAME to that.

The effects on caching DNS servers are actually pretty interesting. Some DNS servers will refuse entirely to deal with this, returning server failure messages. Other DNS servers will give both CNAMEs on an initial query but only cache one of the two CNAME records (picking which one at random) and thereafter only give you that one back for the record's TTL.

(The domains involved have been anonymized at the request of the person who showed this to me.)

sysadmin/HowNotToDoDNSXIV written at 15:34:22; Add Comment


Page tools: See As Normal.
Search:
Login: Password:
Atom Syndication: Recent Pages, Recent Comments.

This dinky wiki is brought to you by the Insane Hackers Guild, Python sub-branch.