DNS loop issue
devokris
Member Posts: 2 ■□□□□□□□□□
Hello,
I'd like to know how to prevent DNS loops in the following scenario:
There's an internal DNS domain called "mycompany.com", not resolvable from the Internet. It is hosted by a DNS server A. It is a critical central server, the nerve of the company. This server forwards to the Internet all the unsolved requests.
someentity.mycompany.com must be hosted by a separate DNS server B. The company has little control over DNS server B. This server has a conditional or default forward to DNS server A, for all unsolved requests.
The company doesn't have a "." internal domain.
"Disable Recursion" is configured on all the DNS servers.
My question: How would you configure the link from DNS server A to resolve DNS server B?
- Simple Delegation: Does it works? I mean, will DNS server A forward a request for "someentity.mycompany.com" to DNS server B knowing that recursion is disabled? Is so, are DNS loops prevented?
- Conditional Forwarding: If the zone someentity.mycompany.com is deleted from DNS server B, will it lead to an infinite DNS loop? How to prevent it?
Thanks.
I'd like to know how to prevent DNS loops in the following scenario:
There's an internal DNS domain called "mycompany.com", not resolvable from the Internet. It is hosted by a DNS server A. It is a critical central server, the nerve of the company. This server forwards to the Internet all the unsolved requests.
someentity.mycompany.com must be hosted by a separate DNS server B. The company has little control over DNS server B. This server has a conditional or default forward to DNS server A, for all unsolved requests.
The company doesn't have a "." internal domain.
"Disable Recursion" is configured on all the DNS servers.
My question: How would you configure the link from DNS server A to resolve DNS server B?
- Simple Delegation: Does it works? I mean, will DNS server A forward a request for "someentity.mycompany.com" to DNS server B knowing that recursion is disabled? Is so, are DNS loops prevented?
- Conditional Forwarding: If the zone someentity.mycompany.com is deleted from DNS server B, will it lead to an infinite DNS loop? How to prevent it?
Thanks.
Comments
-
RobertKaucher Member Posts: 4,299 ■■■■■■■■■■Hello,
I'd like to know how to prevent DNS loops in the following scenario:
There's an internal DNS domain called "mycompany.com", not resolvable from the Internet. It is hosted by a DNS server A. It is a critical central server, the nerve of the company. This server forwards to the Internet all the unsolved requests.
someentity.mycompany.com must be hosted by a separate DNS server B. The company has little control over DNS server B. This server has a conditional or default forward to DNS server A, for all unsolved requests.
The company doesn't have a "." internal domain.
"Disable Recursion" is configured on all the DNS servers.
My question: How would you configure the link from DNS server A to resolve DNS server B?
- Simple Delegation: Does it works? I mean, will DNS server A forward a request for "someentity.mycompany.com" to DNS server B knowing that recursion is disabled? Is so, are DNS loops prevented?
- Conditional Forwarding: If the zone someentity.mycompany.com is deleted from DNS server B, will it lead to an infinite DNS loop? How to prevent it?
Thanks.
Your post is a little hard to follow. But my first question is why are these servers configured this way to begin with? What was the logic behind using each server to forward requests to the other? Because it strikes me that yes, it could cause some sort of loop. And I think the best way to avoid it would be to configure the servers so that it is not possible. -
devokris Member Posts: 2 ■□□□□□□□□□Sorry if I'm not clear.
Here is a diagram:
http://img32.imageshack.us/img32/2598/testjr.th.png
DNS server A is a central "DNS aggregator" wich helps relaying requests to the right entity's server.
Of course, there's a kind of loop. Unlike the Internet, recursion is not used, which is, I think, the case in many companies. It helps preventing DoS attacks.