All about CNAME record

Jim Reid jim at rfc1035.com
Wed May 31 17:59:13 UTC 2000 

    >>   1) Why we can't associate an alias at NS, SOA, CNAME, MX
    >> records ?  It's because, it's recommended by the RFC or it's a
    >> piece of advice to simplify DNS administrator's life.

First of all, it's because of mandatory requirements (not
recommendations!) in RFC1034 and RFC1035 - at least as far as the
targets of NS and MX records are concerned. There are many reasons for
this. [BTW you're wrong to assume that CNAMEs can't point at
CNAMEs. And a CNAME which points at a SOA record makes no sense at
all. The target of a CNAME should be the canonical name - ie a
hostname with an A record - of the system that has the CNAME's
nickname.] NS and MX records should point at hostnames so that loops
can't happen when resolving these important record types. Since it's
OK for a CNAME to point at a non-existent name, allowing them to be
used in MX and NS records presents a very obvious problem. It also
avoids the overheads of extra lookups if name servers had to resolve
possibly arbitrarily nested CNAMEs. [The hostname (A record) for an NS
or MX record is usually piggy-backed in the additional information
section of the reply, which can save them from being looked up
separately.] And mail systems need to know that the target of some MX
record is the canonical host name so that they can identify when they
should attempt delivery to the local message store instead of
mistakenly sending mail to themselves.

Oh and these requirements probably make life harder for DNS
administrators who don't have a good understanding of these fundamental
resource record types.

    >>   2) What are the problems generated by this use of CNAME ?

Too many to enumerate here. It all depends on the fussiness of the
world's DNS and mail implementations. Some will let you off with
protocol murder, others are much more picky. Just do things right. If
you do that, you can rest easy knowing that if someone can't talk to
you - or you to them - it's probably their fault. After all it only
takes a little more effort to set up zone files correctly as it does
to populate them with nonsense. Follow the networking proverb of being
conservative about what you send and liberal about what you
receive. In oher words, make your name servers and zone files 100%
protocol conformant, but tolerate errors in other people's setups.

More information about the bind-users mailing list