domain name entries in a zone
Jim Reid
jim at rfc1035.com
Fri May 28 17:09:17 UTC 2004
>>>>> "Preston" == Preston Wade <Preston_Wade at hilton.com> writes:
Preston> Some customers would even like a CNAME record for the
Preston> domain name, so = that they could have a primary domain
Preston> and have other domains CNAME to = the primary domain.
If you're trying to do what I think you're trying to do, CNAMEs don't
work that way.
Preston> I have tested this in BIND 9 and it doesn't seem to = like
Preston> the CNAME record for a domain. I have found very little
Preston> about this = topic on the web so I figured this list
Preston> could provide me some direction.
RFC1034 is very clear about this. I quote: If a CNAME RR is present at
a node, no other data should be present. This means that if a name
exists as some other resource record, the name cannot also exist as a
CNAME. [For any pedants, this restriction has been eased for DNSSEC so
that a CNAME can also have DNSKEY, RRSIG and NSEC records: the new
names for the DNSSEC record types.] RFC2181 makes the issue about
CNAME usage more explicit. BIND9 enforces what the DNS protocol says
about CNAMEs, as you have found out from your tests. Your customer's
domain name will have a SOA record, at least 2 NS records and maybe
some MX and A records. Therefore that name cannot also be a CNAME.
So save you looking up RFC2181, here's the start of what it has to say
about CNAMEs:
10.1. CNAME resource records
The DNS CNAME ("canonical name") record exists to provide the
canonical name associated with an alias name. There may be only one
such canonical name for any one alias. That name should generally be
a name that exists elsewhere in the DNS, though there are some rare
applications for aliases with the accompanying canonical name
undefined in the DNS. An alias name (label of a CNAME record) may,
if DNSSEC is in use, have SIG, NXT, and KEY RRs, but may have no
other data. That is, for any label in the DNS (any domain name)
exactly one of the following is true:
+ one CNAME record exists, optionally accompanied by SIG, NXT, and
KEY RRs,
+ one or more records exist, none being CNAME records,
+ the name exists, but has no associated RRs of any type,
+ the name does not exist at all.
More information about the bind-users
mailing list