the one A record that must be in a Zone

Chris Thompson cet1 at cam.ac.uk
Tue Jun 15 19:36:45 UTC 2010 

On Jun 15 2010, Martin McCormick wrote:

>	We have our main domain of okstate.edu plus a ton of
>non-okstate.edu names that we serve because someone purchased
>the name. Each of these small zones has per haps one or two A
>records and 99.9% of the time, the A records are redundant A
>records that are the same as some host on our okstate.edu zone.
>This is because one appears to need at least 1 A record in a
>given zone. Example:
>
>	If we have orange.com and the server is
>web27.okstate.edu, I must create an A record for orange.com
>using web27's IP address rather than using a CNAME record to
>point to web27. If I try that, we get the error that orange.com
>has no A record.

I bet you don't, because there is no such requirement.

What you *are* encountering is the restriction that you cannot
have a CNAME at a zone apex (i.e. with the same name as the zone).
This in turn follows from the fact that a CNAME cannot share a
name with records of any other type (absent some DNSSEC peculiars).
There are always SOA and NS records at the zone apex, so you can't
have a CNAME there.

Which is a pain only (well, mostly) because users want to use
the (short) zone name in URLs, and web browsers don't use SRV
records as they would have done in a better world, but just try
to resolve the name directly to an IP address. You wouldn't have
any problem with a zone

@    SOA    ... usual stuff ...
     NS     ... more stuff ...
www  CNAME  web27.okstate.edu.

but then the user would have to use http://www.whatsit.com/
instead of http://whatsit.com/ (Some browsers have fixup code
to add the "www." if the lookup of "whatsit.com" doesn't give
an IP address, but this varies a lot with the software, how it
has been configured, and the URL itself.)

There isn't any good solution to the problem. One possibility
is to have the apex A records all point to an http redirecting
service that adds the "www." (this assumes HTTP/1.1, but that's
surely safe these days). Then you only have one IP address you
have to keep fixed.

-- 
Chris Thompson
Email: cet1 at cam.ac.uk

More information about the bind-users mailing list