How to alias a domain
Tony Finch
dot at dotat.at
Sat Jan 17 20:11:37 UTC 2015
> On 16 Jan 2015, at 15:36, John <john at klam.ca> wrote:
>
> DNAME will not work with DNSSEC.
Other people have already corrected this statement, but I want to point out there are situations where DNAME makes DNSSEC easier. We use it extensively in our reverse DNS to delegate 128.232.128.0/17 from one part of Cambridge to another. Instead of having 128 sub-zones from 128.232.128.in-addr.arpa to 255.232.128.in-addr.arpa, we have 128 DNAME records[*] that redirect to subdomains of the slightly weirdly named in-addr.arpa.cam.ac.uk zone. This means we only need to manage one secure delegation (which does not cross organizational boundaries) instead of 128 secure delegations (which do).
[*] Actually, 127 DNAMEs and 256 CNAMEs. There is a mail server in one of the /24s and some recipient servers choke on DNAMEs when checking reverse DNS. Sigh.
Tony.
--
f.anthony.n.finch <dot at dotat.at> http://dotat.at
More information about the bind-users
mailing list