rejected due to CNAME and OTHER data error

[Kevin Darcy]

Marten Lehmann wrote:

> > The errors are correct - you need to decide what you are doing with
> > this zone, as the zone data that you have included below contradicts
> > many BIND rules that BIND 8.2.3 enforces very strictly, and it's not
> > clear what you are trying to do with that zone at all.
>
> I still don't understand, what's wrong with it? It's not one zone just
> for testing, it's one of some thousand zones mainly for .de-domains.
> Most presences are hosted at our servers, so we don't need CNAMEs. But
> some customer want to use the services of dyndns.org, so one or more
> subdomains are CNAMEed to the correspondig subdomain of dyndns.org.
>
> So, if someone resolves the domain name, it will resolv first .de at the
> root-nameservers, miabdo.de at dns.denic.de, and then ns.cnm.de, looking
> for an a or cname-Record. While it's working the same way with
> subdomains e.g. config.variomedia.de CNAMEed to vm2.variomedia.de,
> what's the problem with miabdo.de to miabdo.dyndns.org? Because it
> CNAMEs to an external source? How else can I configure the above
> described requirements?

As others have pointed out, "CNAME and other data" violates a basic rule of
DNS. A corollary of this rule is that a name can be an alias or a zone, but
it can't be *both* at the same time.

If you could convince DENIC to put a CNAME for miabdo.de in the .de zone,
pointing to miabdo.dyndns.org, then this would work fine. But in that case,
miabdo.de wouldn't be a zone, and so you wouldn't be able to put anything
*underneath* miabdo.de (e.g. the www.miabdo.de A record), unless you could
also convince DENIC to put those entries in the .de zone as well, which
seems unlikely. And you wouldn't be able to have a miabdo.de wildcard
record at all, since wildcards are zone-wide in scope.


- Kevin