Do CNAME records result in a second DNS lookup

Hi,

I am trying (with no luck) to find out if Windows 8 client receives a CNAME record, Does Windows 8 understand how to deal with this record ? I mean, Does the CNAME record results in a second DNS lookup ?

Thanks,

Rami

February 25th, 2015 11:29am

DNS lookups which point to a CNAME record only result in a single lookup from the client end, but technically they're an A record lookup (since the client doesn't know before hand whether it's an A record or CNAME record they're querying).

Say you have a CNAME record for cname.mydomain.com which points to www.otherdomain.com and that in turn has an A record pointing to 123.123.123.123.

The client queries DNS requesting the A record for cname.mydomain.com. The DNS resolver does the lookup, and discovers that it's a CNAME record. At this point it does a second lookup (without going back to the client) for the IP address of www.otherdomain.com, and then finally once it has that information it passes those details back to the client which it then uses to connect to the relevant resource.

You can see it for yourself. In a cmd prompt if you run nslookup, then type "set q=a", then enter the full CNAME address you're trying to resolve. You'll see the output will appear as :

Name:      www.otherdomain.com
Address:   123.123.123.123
Aliases:    cname.mydomain.com

  • Proposed as answer by Deason Wu 9 hours 16 minutes ago
Free Windows Admin Tool Kit Click here and download it now
February 25th, 2015 11:53am

I understand that. Assume that the client try to resolve www.otherdomain.com that has a CNAME cname.otherdomain.com. Instead of letting the resolver to do the second lookup, I want to return the CNAME back to the client so it issues a second lookup for that CNAME. Is that possible? Does the CNAME in this case results in issuing a second DNS lookup ?

I am trying to work in such scenario for research purpose.

Thanks.

February 25th, 2015 12:11pm

Not sure there's any way to prevent the DNS resolver from doing the second step. Using nslookup you can use :

set q=cname

which will then return the actual CNAME value, but if you try it you'll also see that it returns the resulting A record details as well.

So I guess it depends on how you're doing the query and how you're processing the result. If you explicitly query for the CNAME then yes you can return that, but if you're simply querying the address then it will always automatically handle that at the DNS resolver end. If you're checking the results returned you can determine whether it was an A record of CNAME record since only a CNAME result will include the Aliases entry.

Free Windows Admin Tool Kit Click here and download it now
February 25th, 2015 12:20pm

I am sorry, I might have to state the whole picture. I am doing a change to DNS resolver so that it returns the CNAME to the client instead on issuing another query to get the A record.

In this case, the client will receive the CNAME record as an answer to the first query, and I am wondering if the client will be able in such case to issue another query to resolve the CNAME !

February 25th, 2015 12:28pm

Ahhh, right I see where you're coming from now. I'm afraid I don't know in that case, since it's not the standard expected behaviour from a DNS resolver. Since windows can manually do a CNAME lookup via nslookup my GUESS would be that the client is capable of doing the second lookup, but whether it will do so or whether the application making the query uses the same mechanism are a different matter, and I don't know.

Since it's not the standard DNS resolver behaviour I imagine this may be a case you'd need to test it and see if it works.

Free Windows Admin Tool Kit Click here and download it now
February 25th, 2015 12:35pm

DNS lookups which point to a CNAME record only result in a single lookup from the client end, but technically they're an A record lookup (since the client doesn't know before hand whether it's an A record or CNAME record they're querying).

Say you have a CNAME record for cname.mydomain.com which points to www.otherdomain.com and that in turn has an A record pointing to 123.123.123.123.

The client queries DNS requesting the A record for cname.mydomain.com. The DNS resolver does the lookup, and discovers that it's a CNAME record. At this point it does a second lookup (without going back to the client) for the IP address of www.otherdomain.com, and then finally once it has that information it passes those details back to the client which it then uses to connect to the relevant resource.

You can see it for yourself. In a cmd prompt if you run nslookup, then type "set q=a", then enter the full CNAME address you're trying to resolve. You'll see the output will appear as :

Name:      www.otherdomain.com
Address:   123.123.123.123
Aliases:    cname.mydomain.com

February 25th, 2015 4:53pm

Ahhh, right I see where you're coming from now. I'm afraid I don't know in that case, since it's not the standard expected behaviour from a DNS resolver. Since windows can manually do a CNAME lookup via nslookup my GUESS would be that the client is capable of doing the second lookup, but whether it will do so or whether the application making the query uses the same mechanism are a different matter, and I don't know.

Since it's not the standard DNS resolver behaviour I imagine this may be a case you'd need to test it and see if it works.

Free Windows Admin Tool Kit Click here and download it now
February 25th, 2015 5:35pm

DNS lookups which point to a CNAME record only result in a single lookup from the client end, but technically they're an A record lookup (since the client doesn't know before hand whether it's an A record or CNAME record they're querying).

Say you have a CNAME record for cname.mydomain.com which points to www.otherdomain.com and that in turn has an A record pointing to 123.123.123.123.

The client queries DNS requesting the A record for cname.mydomain.com. The DNS resolver does the lookup, and discovers that it's a CNAME record. At this point it does a second lookup (without going back to the client) for the IP address of www.otherdomain.com, and then finally once it has that information it passes those details back to the client which it then uses to connect to the relevant resource.

You can see it for yourself. In a cmd prompt if you run nslookup, then type "set q=a", then enter the full CNAME address you're trying to resolve. You'll see the output will appear as :

Name:      www.otherdomain.com
Address:   123.123.123.123
Aliases:    cname.mydomain.com

  • Proposed as answer by Deason Wu Thursday, February 26, 2015 2:30 AM
February 25th, 2015 7:53pm

I think this actually is standard behaviour. There is no requirement in the DNS definition for a DNS server to resolve the CNAME, it is authoritative for, to the A record held on a different system. (i.e. a recursive query).  If it does return the CNAME and A records, it's just being polite.

As recursive queries aren't a required part of DNS, all clients have the ability to start a new query when it receives a CNAME as the authoritative answer. 

Windows DNS has recursion turned on by default but it creates a risk of DoS and DNS poisoning attacks. You should turn it off on DNS servers that do not explicitly need it, especially internet-facing systems.

Free Windows Admin Tool Kit Click here and download it now
March 26th, 2015 3:28pm

This topic is archived. No further replies will be accepted.

Other recent topics Other recent topics