[Date Prev][Date Next][Thread Prev][Thread Next][Date Index][Thread Index]

DNS status (fwd)




===============================================================================
Robb Kambic                                Unidata Program Center
Software Engineer III                      Univ. Corp for Atmospheric Research
address@hidden             WWW: http://www.unidata.ucar.edu/
===============================================================================

---------- Forwarded message ----------
Date: Wed, 6 Sep 2000 14:46:48 -0600 (MDT)
From: Greg Woods <address@hidden>
To: address@hidden
Subject: DNS status

The upgrade of the DNS servers on ncar, phoenix, fl-phx, and bubby has been
largely successful. The named crashes have stopped.

One difference between the old and new versions that has bit us is even
stricter enforcement of DNS rules. In particular, if a name is found
that has both a CNAME and other records, the entire zone will not
load.  This has never been legal but the old DNS server would simply
log a warning.  The new version refuses to load the zone at all.  There
is supposed to be a "check-names" option for the new version that will
either ignore this check or only log warnings, but I cannot get this to
work. The external DNS server on ncar still refuses to load the
ucar.edu zone if there is a "CNAME and other data" error. Therefore, I
have modified the dns_update script that updates the external DNS
server from the data in the divisional subdomain servers to check for
this. The divisional subzone will not be updated if one of these errors
is found. Therefore, if you are one of the divisions that I have
already notified of this type of error, your DNS updates *will not
propogate* outside of UCAR until the problem is fixed. I am sorry to
have to do this but the alternative is that the entire ucar.edu zone
won't propogate when this occurs.

To be specific: what is not allowed is to have a name on the LEFT HAND SIDE
of a CNAME record, which also appears on the LEFT HAND SIDE of any other
record. If a name appears on the LHS of a CNAME, it cannot appear on the LHS
anywhere else in your zone. You can't have a CNAME and also an MX for
the same name (the most common error I have seen). It *is* legal to have
a CNAME and an MX *pointing* to the same name (on the RHS of the record).

Example 1: This is not legal

www     in      cname   server
www     in      mx      10      server

(In example 1, the MX record is superfluous)

Example 2: This is legal

www     in      cname   server
mailhost        in      mx      10      server

Example 3: This is legal but not recommended

www     in      cname   mailhost
mailhost        in      cname   server

(Some large sites, e.g. aol.com, use this kind of setup to do load balancing
between mail servers,  but the DNS spec says that CNAMEs should not point
to other CNAMEs. This is not currently enforced by default. In the above
example, just make the www cname point directly to server).

The divisions that currently have "CNAME and other data" errors are MMM and
CGD. Your zones will not update in the external server until these errors
are corrected.

--Greg