CNAME and other data -vs- could not find NS and/or SOA records

phil-news-nospam at ipal.net phil-news-nospam at ipal.net
Wed Jun 2 04:33:52 UTC 2004 

On Tue, 01 Jun 2004 19:10:43 +0100 Jim Reid <jim at rfc1035.com> wrote:
|>>>>> "Phil" == phil-news-nospam  <phil-news-nospam at ipal.net> writes:
| 
|    Phil> I have a domain (several of them, actually) in which I need
|    Phil> to CNAME them to another domain (which is under someone
|    Phil> else's authority).
| 
| The DNS does not allow domains to be CNAMEd, to use your terminology.
| I believe you've been told this already.

But it has been done before.  Obviously it was in violation of the RFC,
but when it was done, it had the desired (and I think quite obvious)
effect.


|    Phil> The only other records were SOA and NS.  So when I remove
|    Phil> them, BIND gives this message in syslog and fails to load
|    Phil> the zone:
| 
|    Phil>     could not find NS and/or SOA records
| 
| That's right. Every zone MUST have exactly 1 SOA and at least 1 NS
| record.
| 
|    Phil> So how do I bypass this conundrum?
| 
| There's no conundrum to bypass. The DNS just doesn't work the way
| you think it does. Or ought to work.

But it needs to be done.


| If you want anyone to help you, try telling us what *exactly* you're
| trying to do. ie "I have a zone called ipal.net. Here it is. I want
| anyone sending mail to ipal.net to have it sent to the ipal.com mail
| server. And anyone looking up www.ipal.net should be directed to the
| web server at www.ipal.org. I need to do this for ipal2.net and
| ipal3.net too. Here are their zone files. What's the solution?"

Users with registered domains need to CNAME to another (third level)
domain, which has dynamic DNS information supplied.  It's basic, and
simple, and with some DNS servers that are not strict, it works.  It
even used to in BIND many versions ago (but I don't recall which).
I just know I've done it before.

One other alternative: ICANN require every registrar to allow CNAME as an
owner choosable alternative to NS delegation for registered domains (then
I won't have to worry about it, won't have to hack it in, and things will
work a lot smoother).

In case you haven't noticed, this is something that thousands of people
have needed to use for years.  Why the RFC hasn't been revised I cannot
say.  Maybe you can.  Just update it to say that a CNAME can accompany
an SOA and NS.  Specify that if query type is SOA or NS, return those,
but if any other, return CNAME instead.  If I have the time, I might
generalize my patch so that it allows CNAME with any record, and answers
the CNAME if specific requested records are not present, or for ANY.
I think that will maximize the workability.

-- 
-----------------------------------------------------------------------------
| Phil Howard KA9WGN       | http://linuxhomepage.com/      http://ham.org/ |
| (first name) at ipal.net | http://phil.ipal.org/   http://ka9wgn.ham.org/ |
-----------------------------------------------------------------------------

More information about the bind-users mailing list