CNAME Definition

digest at cihost.com digest at cihost.com
Wed Feb 14 19:15:10 UTC 2001 

So what is the proper way to define a CNAME zone for such an entry?

Thanks,
Digest

>RFC1034 3.6.2:
>
>"The domain system provides such a feature using the canonical name
>(CNAME) RR.  A CNAME RR identifies its owner name as an alias, and
>specifies the corresponding canonical name in the RDATA section of the
>RR.  If a CNAME RR is present at a node, no other data should be
>present; this ensures that the data for a canonical name and its aliases
>cannot be different.  This rule also insures that a cached CNAME can be
>used without checking with an authoritative server for other RR types."
>
>In your example, its not rejecting the 'foreign' CNAMES, its rejecting the
>@ CNAME, as you have the myownjunk.com record containing a CNAME RR but
>also SOA and NS RR's, which is verboten.
>
>This has (as you can see) always been a violation of the RFC's as well.
>
>D
>
>At 3:03 PM -0600 2/3/01, asenec at senechalle.net wrote:
>>We just upgraded to 8.2.3-REL from 8.2.2-P7,
>>in response to the recent, CERT advisory and
>>find that CNAME's with a zone construct of the
>>form below no longer resolve.  I find nothing
>>in RFC-1035 which would specifically prohibit
>>such a construct, but I do note that some
>>foreign registeries, such as deNIC, are now
>>rejecting domains with such CNAME definition.
>>
>>$ORIGIN com.
>>myownjunk IN   SOA  ns.theaccount.com. hostmaster.theaccount.com. (
>>                2001020312 86400 7200 3600000 172800 )
>>                IN  NS  ns.theaccount.com
>>                IN  NS  ns2.theaccount.com
>>                IN  CNAME   asenec.com.
>>$ORIGIN myownjunk.com.
>>mail            IN      CNAME   mail.asenec.com.
>>ftp             IN      CNAME   ftp.asenec.com.
>>www             IN      CNAME   www.asenec.com.
>>
>>Simply omitting the 'IN CNAME asenec.com.' record
>>enables resolution of mail/ftp/www.myownjunk.com,
>>but with 8.2.3-REL it seems impossible to resolve
>>myownjunk.com when it is defined as a CNAME.
>>Is it no longer possible to define a second-level
>>domain as a CNAME?  If so, is there some RFC which
>>declares doing so as illegal?
>>
>>Annette
>>
>>-- 
>>+---------------------+-----------------------------------------+
>>| dredd at megacity.org  | "Conan! What is best in life?"          |
>>|  Derek J. Balling   | "To crush your enemies, see them        |
>>|                     |    driven before you, and to hear the   |
>>|                     |    lamentation of their women!"         |
>>+---------------------+-----------------------------------------+

More information about the bind-users mailing list