DNS Database CNAME entries

Author
Nicklebon
New Member
  • Total Posts : 7
  • Scores: 0
  • Reward points: 0
  • Joined: 2014/12/07 15:39:13
  • Status: offline
2020/01/09 11:48:39 (permalink)
0

DNS Database CNAME entries

We are testing DNS on a FGT 201E running FOSv6.0.8 and having issues with incorrect behaviour with CNAME entries.  I am not finding a lot of discussion anywhere on FGT dns which leaves me to believe this is likely not a well used feature. 
 
incorrect response from FGT:
> mail.sample.com
Server: destiny.sample.com
Address: xxx.xxx.xxx.1
Name: mail.sample.com
 
Correct response from bind server
> mail.sample.com
Server: matthew.sample.com
Address: xxx.xxx.xxx.11
Name: ghs.google.com
Addresses: 2xxx:xxxx:xxx4:xxx::2013
xxx.xxx.xxx.xx3
Aliases: mail.sample.com
 
Packet captures show that the FGT is returning the CNAME of ghs.google.com but it is not resolved where bind returns the cname and the IPs.
 
FGT:
Protocol Length Info
DNS 79 Standard query 0x0059 A mail.sample.com
DNS 104 Standard query response 0x0059 A mail.sample.com CNAME ghs.google.com
DNS 79 Standard query 0x005a AAAA mail.sample.com
DNS 104 Standard query response 0x005a AAAA mail.sample.com CNAME ghs.google.com
 
Bind:
Protocol Length Info
DNS 76 Standard query 0x0066 A mail.sample.com
DNS 117 Standard query response 0x0066 A mail.sample.com CNAME ghs.google.com A xxx.xxx.xxx.xx3
DNS 76 Standard query 0x0067 AAAA mail.sample.com
DNS 129 Standard query response 0x0067 AAAA mail.sample.com CNAME ghs.google.com AAAA 2xxx:xxxx:xxx4:xxx::2013
 
Any thoughts other than don't use CNAMEs?
 
Thanks
#1

3 Replies Related Threads

    rwpatterson
    Expert Member
    • Total Posts : 8424
    • Scores: 197
    • Reward points: 0
    • Joined: 2006/08/08 10:08:18
    • Location: Long Island, New York, USA
    • Status: offline
    Re: DNS Database CNAME entries 2020/01/09 12:51:44 (permalink)
    0
    I see that they resolve to different IP addresses. Are you sure something wasn't fat-fingered?

    -Bob - self proclaimed posting junkie!
    See my Fortigate related scripts at: http://fortigate.camerabob.com

    -4.3.19-b0694
    FWF60B
    FWF80CM (4)
    FWF81CM (2)
     
    #2
    Nicklebon
    New Member
    • Total Posts : 7
    • Scores: 0
    • Reward points: 0
    • Joined: 2014/12/07 15:39:13
    • Status: offline
    Re: DNS Database CNAME entries 2020/01/09 13:44:12 (permalink)
    0
    I'm not sure what you're talking about other than perhaps the fact I am using two different name server destiny and matthew/1 and 11/FGT and bind. Nothing has been fat fingered. The FGT is not resolving the cname as it should be as evidenced in the packet capture.
    #3
    Nicklebon
    New Member
    • Total Posts : 7
    • Scores: 0
    • Reward points: 0
    • Joined: 2014/12/07 15:39:13
    • Status: offline
    Re: DNS Database CNAME entries 2020/01/14 11:54:28 (permalink)
    0
    So no one is using CNAME then? Guess I'll try running this up the official channels then.
    #4
    Jump to:
    © 2020 APG vNext Commercial Version 5.5