DNS Database CNAME entries

Question

We are testing DNS on a FGT 201E running FOSv6.0.8 and having issues with incorrect behaviour with CNAME entries. I am not finding a lot of discussion anywhere on FGT dns which leaves me to believe this is likely not a well used feature.

incorrect response from FGT:

> mail.sample.com

Server: destiny.sample.com Address: xxx.xxx.xxx.1

Name: mail.sample.com

Correct response from bind server

> mail.sample.com

Server: matthew.sample.com Address: xxx.xxx.xxx.11

Name: ghs.google.com Addresses: 2xxx:xxxx:xxx4:xxx::2013 xxx.xxx.xxx.xx3 Aliases: mail.sample.com

Packet captures show that the FGT is returning the CNAME of ghs.google.com but it is not resolved where bind returns the cname and the IPs.

FGT:

Protocol Length Info DNS 79 Standard query 0x0059 A mail.sample.com DNS 104 Standard query response 0x0059 A mail.sample.com CNAME ghs.google.com DNS 79 Standard query 0x005a AAAA mail.sample.com DNS 104 Standard query response 0x005a AAAA mail.sample.com CNAME ghs.google.com

Bind:

Protocol Length Info DNS 76 Standard query 0x0066 A mail.sample.com DNS 117 Standard query response 0x0066 A mail.sample.com CNAME ghs.google.com A xxx.xxx.xxx.xx3 DNS 76 Standard query 0x0067 AAAA mail.sample.com DNS 129 Standard query response 0x0067 AAAA mail.sample.com CNAME ghs.google.com AAAA 2xxx:xxxx:xxx4:xxx::2013

Any thoughts other than don't use CNAMEs?

Thanks

rwpatterson · Answer

I see that they resolve to different IP addresses. Are you sure something wasn't fat-fingered?

Sign up

Login with SSO

Login to the community

Login with SSO

Scanning file for viruses.

This file cannot be downloaded