domain name entries in a zone

Jim Reid jim at rfc1035.com
Fri May 28 17:09:17 UTC 2004 

>>>>> "Preston" == Preston Wade <Preston_Wade at hilton.com> writes:

    Preston> Some customers would even like a CNAME record for the
    Preston> domain name, so = that they could have a primary domain
    Preston> and have other domains CNAME to = the primary domain. 

If you're trying to do what I think you're trying to do, CNAMEs don't
work that way.

    Preston> I have tested this in BIND 9 and it doesn't seem to = like
    Preston> the CNAME record for a domain.  I have found very little
    Preston> about this = topic on the web so I figured this list
    Preston> could provide me some direction.

RFC1034 is very clear about this. I quote: If a CNAME RR is present at
a node, no other data should be present. This means that if a name
exists as some other resource record, the name cannot also exist as a
CNAME. [For any pedants, this restriction has been eased for DNSSEC so
that a CNAME can also have DNSKEY, RRSIG and NSEC records: the new
names for the DNSSEC record types.] RFC2181 makes the issue about
CNAME usage more explicit. BIND9 enforces what the DNS protocol says
about CNAMEs, as you have found out from your tests. Your customer's
domain name will have a SOA record, at least 2 NS records and maybe
some MX and A records.  Therefore that name cannot also be a CNAME.

So save you looking up RFC2181, here's the start of what it has to say
about CNAMEs:


10.1. CNAME resource records
   
   The DNS CNAME ("canonical name") record exists to provide the
   canonical name associated with an alias name.  There may be only one
   such canonical name for any one alias.  That name should generally be
   a name that exists elsewhere in the DNS, though there are some rare
   applications for aliases with the accompanying canonical name
   undefined in the DNS.  An alias name (label of a CNAME record) may,
   if DNSSEC is in use, have SIG, NXT, and KEY RRs, but may have no
   other data.  That is, for any label in the DNS (any domain name)
   exactly one of the following is true:

     + one CNAME record exists, optionally accompanied by SIG, NXT, and
       KEY RRs,
     + one or more records exist, none being CNAME records,
     + the name exists, but has no associated RRs of any type,
     + the name does not exist at all.

More information about the bind-users mailing list