DNS loop issue

Hello,

I'd like to know how to prevent DNS loops in the following scenario:

There's an internal DNS domain called "mycompany.com", not resolvable from the Internet. It is hosted by a DNS server A. It is a critical central server, the nerve of the company. This server forwards to the Internet all the unsolved requests.

someentity.mycompany.com must be hosted by a separate DNS server B. The company has little control over DNS server B. This server has a conditional or default forward to DNS server A, for all unsolved requests.

The company doesn't have a "." internal domain.
"Disable Recursion" is configured on all the DNS servers.

My question: How would you configure the link from DNS server A to resolve DNS server B?

- Simple Delegation: Does it works? I mean, will DNS server A forward a request for "someentity.mycompany.com" to DNS server B knowing that recursion is disabled? Is so, are DNS loops prevented?

- Conditional Forwarding: If the zone someentity.mycompany.com is deleted from DNS server B, will it lead to an infinite DNS loop? How to prevent it?

Thanks.

Find more posts tagged with

Free for TechExams community: Cybersecurity salary guide

Compare cert salaries and plan your next career move

Button

Comments

RobertKaucher

devokris wrote: »

Hello,

I'd like to know how to prevent DNS loops in the following scenario:

There's an internal DNS domain called "mycompany.com", not resolvable from the Internet. It is hosted by a DNS server A. It is a critical central server, the nerve of the company. This server forwards to the Internet all the unsolved requests.

someentity.mycompany.com must be hosted by a separate DNS server B. The company has little control over DNS server B. This server has a conditional or default forward to DNS server A, for all unsolved requests.

The company doesn't have a "." internal domain.
"Disable Recursion" is configured on all the DNS servers.

My question: How would you configure the link from DNS server A to resolve DNS server B?

- Simple Delegation: Does it works? I mean, will DNS server A forward a request for "someentity.mycompany.com" to DNS server B knowing that recursion is disabled? Is so, are DNS loops prevented?

- Conditional Forwarding: If the zone someentity.mycompany.com is deleted from DNS server B, will it lead to an infinite DNS loop? How to prevent it?

Thanks.

Your post is a little hard to follow. But my first question is why are these servers configured this way to begin with? What was the logic behind using each server to forward requests to the other? Because it strikes me that yes, it could cause some sort of loop. And I think the best way to avoid it would be to configure the servers so that it is not possible.

devokris

Sorry if I'm not clear.

Here is a diagram:
http://img32.imageshack.us/img32/2598/testjr.th.png

DNS server A is a central "DNS aggregator" wich helps relaying requests to the right entity's server.

Of course, there's a kind of loop. Unlike the Internet, recursion is not used, which is, I think, the case in many companies. It helps preventing DoS attacks.