CNAME record and a MX record in 8.2.3?
Kevin Darcy
kcd at daimlerchrysler.com
Mon Feb 12 23:04:10 UTC 2001
Erik, we've been over this. RFC 1034 **explicitly** says: "If a CNAME RR is present at a node, no other data should be present" (section 3.6.2). How much more explicitness do you need?
Obviously, an SOA record is "data" at a "node", therefore it is forbidden when "a CNAME RR is present at [that] node". Conversely, the CNAME is illegal when the SOA exists. Simply put,
they cannot co-exist. Furthermore, RFC 1035 specifies: "When a master file is used to load a zone, the operation should be
suppressed if any errors are encountered in the master file." (Section 5.2). Since "CNAME and other data" is an error, then BIND is in lockstep with RFC 1035 when it rejects the entire
zone because of that condition. All of this follows directly from the rules of logic and of the English language.
Yes, of course, we all know that an exception to the rule was recently carved out for some of the DNSSEC record types. But I've already explained how applying the "CNAME and other
data" rule to them would fail to achieve any of the stated of objectives of the rule. Regardless, the rule was never *repealed* by the DNSSEC RFCs: it still applies to all other record
types, including SOA.
Why do you insist on continuing to tilt at this windmill? If you choose to do so, however, please do so on namedroppers. BIND obviously interprets and follows the RFCs as I have presented
above. If you think the RFC language is subject to multiple interpretations or the rule should be repealed, then that is clearly a discussion which belongs on namedroppers rather than a
BIND-specific list.
- Kevin
Erik Aronesty wrote:
> This whole issue is whacked.
>
> CNAME's should not conflict with SOA RR's. There's absolutely nothing *explicit* in the RFC that says they must "conflict with SOA records" or get rejected.
>
> BIND 8.2.3 implements this - but it's easy to comment out the ++errs code in load_db.c in the right places. All browsers and resolver libraries already support CNAME's at the zone-top.
>
> - Erik
>
> -----Original Message-----
> From: Mark.Andrews at nominum.com [SMTP:Mark.Andrews at nominum.com]
> Sent: Sunday, February 11, 2001 9:37 PM
> To: Tien Nguyen
> Cc: comp-protocols-dns-bind at moderators.isc.org
> Subject: Re: CNAME record and a MX record in 8.2.3?
>
> > I was fighting the same problem and I finally using the A record and it
> > works fine for us now. The funny thing is this method works fine under 8.2.2
> > and we only get this problem after update to 8.2.3 for security reasons.
>
> It didn't work under 8.2.2. You just ignored the error messages.
>
> >
> > Is there any RFC explaining about these CNAME rules?
>
> Yes. RFC 1034 Section 3.6.2. Aliases and canonical names.
>
> >
> > The useful thing about using a CNAME to point MY-DOMAIN.COM to
> > WWW.OTHERHOST.COM is I will never have to remember to change the A record
> > for MY-DOMAIN.COM if the IP of WWW.OTHERHOST.COM changed.
>
> There is a draft-rfc saying how to do this with SRV records.
> All it requires is for the brower and cache writers it implement
> support.
>
> >
> > Thanks,
> > Tien Nguyen,
> >
> > "Bill Larson" <wllarso at swcp.com> wrote in message
> > news:9613f3$hee at pub3.rc.vix.com...
> > >
> > > I am assuming that the zone that this file is for is "wtul.fm". If not,
> > > everything that I say is most likely wrong.
> > >
> > > What it sounds like you are asking is that http;//www.wtul.fm and
> > > http://wtul.fm both get redirected to the machine pulse.tcs.tulane.edu.
> > >
> > > You CANNOT use a CNAME record to redirect traffic for "wtul.fm" to
> > > "pulse.tcs.tulane.edu". The basic rule is that the left hand side domain
> > > name that is identified with a CNAME record cannot have any other DNS
> > > information associated with it. I.e., since "wtul.fm" has SOA and
> > > NS records associated with it, you cannot have a CNAME record also.
> > >
> > > The easiest solution is to have an "A" record for "wtul.fm" which
> > > has the sam IP address as "pulse.tcs.tulane.edu". Using a CNAME
> > > record for "www.wtul.fm" is completely correct.
> > >
> > > You have an "A" record for "wtul.fm" which identifies
> > "pulse.tcs.tulane.edu"
> > > on the right hand side. This line is commented out, so I don't know
> > > if this is just a comment for yourself, but I hope so. If you
> > > were to uncomment this, you should receive an error when loading.
> > > An "A" record must have an IP address on the right hand side.
> > >
> > > Bill Larson
> > >
> > > > I had a configuration file for that worked under 8.2.2-P7 . But wouldn't
> > > > work in 8.2.3. I am hoping someone can suggest the correct configuration
> > > > under 8.2.3.
> > > > A CNAME to pulse (see below) fails, as does an A reference to pulse.
> > Should
> > > > I use an A record to pulse's IP address?
> > > >
> > > > The server currently resolves http://www.wtul.fm correctly, and sends
> > the
> > > > mail correctly. However, it is desired that http://wtul.fm resolve also.
> > > >
> > > > -------file: wtul.fm----------
> > > >
> > > > ;Start of our authoritative zone
> > > >
> > > > @ IN SOA ns1.tcs.tulane.edu. hostmaster.tulane.edu. (
> > > > 2001020801 ; serial number
> > > > 86400 ; refresh once a day
> > > > 3600 ; retry every 60 min
> > > > 604800 ; expire after 1 week
> > > > 86400 ) ; TTL min 1 day
> > > >
> > > > ;Nameservers for this zone
> > > >
> > > > IN NS ns1.tcs.tulane.edu.
> > > > IN NS ns2.tcs.tulane.edu.
> > > >
> > > > ;OwnerName TTL Class Type RData
> > > > @ IN MX 0 majestic.tcs.tulane.edu.
> > > > ; IN A pulse.tcs.tulane.edu.
> > > > www IN CNAME pulse.tcs.tulane.edu.
> > >
> > >
> >
> >
> --
> Mark Andrews, Nominum Inc.
> 1 Seymour St., Dundas Valley, NSW 2117, Australia
> PHONE: +61 2 9871 4742 INTERNET: Mark.Andrews at nominum.com
More information about the bind-users
mailing list