+ Reply to Thread
Results 1 to 3 of 3

Thread: DNS loop issue

  1. Junior Member
    Join Date
    Sep 2009
    Posts
    2
    #1

    Unhappy DNS loop issue

    Hello,

    I'd like to know how to prevent DNS loops in the following scenario:

    There's an internal DNS domain called "mycompany.com", not resolvable from the Internet. It is hosted by a DNS server A. It is a critical central server, the nerve of the company. This server forwards to the Internet all the unsolved requests.

    someentity.mycompany.com must be hosted by a separate DNS server B. The company has little control over DNS server B. This server has a conditional or default forward to DNS server A, for all unsolved requests.

    The company doesn't have a "." internal domain.
    "Disable Recursion" is configured on all the DNS servers.

    My question: How would you configure the link from DNS server A to resolve DNS server B?

    - Simple Delegation: Does it works? I mean, will DNS server A forward a request for "someentity.mycompany.com" to DNS server B knowing that recursion is disabled? Is so, are DNS loops prevented?

    - Conditional Forwarding: If the zone someentity.mycompany.com is deleted from DNS server B, will it lead to an infinite DNS loop? How to prevent it?

    Thanks.
    Reply With Quote Quote  

  2. SS -->
  3. BOBBY_TABLES RobertKaucher's Avatar
    Join Date
    Dec 2007
    Location
    Lebanon, Ohio - USA
    Posts
    4,274

    Certifications
    MCSD Web Apps/SharePoint Applications, MCITP: DBA 2005/2008, EA, EDA7, Linux+, Sec+, MCSE, MCDST, MCTS
    #2
    Quote Originally Posted by devokris View Post
    Hello,

    I'd like to know how to prevent DNS loops in the following scenario:

    There's an internal DNS domain called "mycompany.com", not resolvable from the Internet. It is hosted by a DNS server A. It is a critical central server, the nerve of the company. This server forwards to the Internet all the unsolved requests.

    someentity.mycompany.com must be hosted by a separate DNS server B. The company has little control over DNS server B. This server has a conditional or default forward to DNS server A, for all unsolved requests.

    The company doesn't have a "." internal domain.
    "Disable Recursion" is configured on all the DNS servers.

    My question: How would you configure the link from DNS server A to resolve DNS server B?

    - Simple Delegation: Does it works? I mean, will DNS server A forward a request for "someentity.mycompany.com" to DNS server B knowing that recursion is disabled? Is so, are DNS loops prevented?

    - Conditional Forwarding: If the zone someentity.mycompany.com is deleted from DNS server B, will it lead to an infinite DNS loop? How to prevent it?

    Thanks.
    Your post is a little hard to follow. But my first question is why are these servers configured this way to begin with? What was the logic behind using each server to forward requests to the other? Because it strikes me that yes, it could cause some sort of loop. And I think the best way to avoid it would be to configure the servers so that it is not possible.
    Reply With Quote Quote  

  4. Junior Member
    Join Date
    Sep 2009
    Posts
    2
    #3
    Sorry if I'm not clear.

    Here is a diagram:
    http://img32.imageshack.us/img32/2598/testjr.th.png

    DNS server A is a central "DNS aggregator" wich helps relaying requests to the right entity's server.

    Of course, there's a kind of loop. Unlike the Internet, recursion is not used, which is, I think, the case in many companies. It helps preventing DoS attacks.
    Reply With Quote Quote  

+ Reply to Thread

Social Networking & Bookmarks