From AWS route 53 to Bind9

Mark Andrews marka at isc.org
Sat Feb 4 21:30:57 UTC 2017 

In message <1983df90-f101-afe4-2fbd-6cb243d6057d at gmail.com>, Conconscious writes:
> 
> Sorry I'm blocked in the other email account:
> Remote host said: 554 mail server permanently rejected message (#5.3.0)
> 
> I want to keep the 3 web servers and www.domain.com and only domain.com
> reference.
> 
> With current config:
> 
> www.domain.com.   CNAME   
> dualstack.ap-ulb-traffic-2039629984.ap-southeast-1.elb.amazonaws.com.
> domain.com.            CNAME   
> dualstack.ap-ulb-traffic-2039629984.ap-southeast-1.elb.amazonaws.com.
> www.domain.com.   CNAME   
> dualstack.ulb-traffic-eu-136029011.eu-central-1.elb.amazonaws.com.
> domain.com.            CNAME   
> dualstack.ulb-traffic-eu-136029011.eu-central-1.elb.amazonaws.com.
> www.domain.com.   CNAME   
> dualstack.ulb-traffic-1103250353.us-east-1.elb.amazonaws.com.
> domain.com.            CNAME   
> dualstack.ulb-traffic-1103250353.us-east-1.elb.amazonaws.com.
> 
> Feb  4 named[27974]: dns_master_load: /etc/bind/db.domain.com:26:
> www.domain.com: CNAME and other data
> Feb  4 named[27974]: zone domain.com/IN: loading from master file
> /etc/bind/db.domain.com failed: CNAME and other data

You can't have a CNAME with any other data at the same owner name.
This means you cannot have a CNAME at the apex of a zone as there
is always a SOA record and a NS RRset there.  CNAME is also a
singleton record which means that there can only be one CNAME at a
name.

> with DNAME:
> 
> www.domain.com.   DNAME   
> dualstack.ap-ulb-traffic-2039629984.ap-southeast-1.elb.amazonaws.com.
> domain.com.            DNAME   
> dualstack.ap-ulb-traffic-2039629984.ap-southeast-1.elb.amazonaws.com.
> www.domain.com.   DNAME   
> dualstack.ulb-traffic-eu-136029011.eu-central-1.elb.amazonaws.com.
> domain.com.            DNAME   
> dualstack.ulb-traffic-eu-136029011.eu-central-1.elb.amazonaws.com.
> www.domain.com.   DNAME   
> dualstack.ulb-traffic-1103250353.us-east-1.elb.amazonaws.com.
> domain.com.            DNAME   
> dualstack.ulb-traffic-1103250353.us-east-1.elb.amazonaws.com.
> 
> Feb  4 named[28045]: dns_master_load: /etc/bind/db.domain.com:28:
> www.domain.com: multiple RRs of singleton type
> Feb  4 named[28045]: zone domain.com/IN: loading from master file
> /etc/bind/db.domain.com failed: multiple RRs of singleton type


Two DNAME record at the same name are illegal.  You are attempting
to add 3 DNAME records at www.domain.com and domain.com.

It has been suggested many times that there should be a record which
says which server(s) serve a zone for HTTP and HTTPS.  We could do
this with SRV (_http._tcp.example.com and _https._tcp.example.com)
or we could come up with a new record example.com HTTP <server>.

Browser vendors refuse to accept either of these solutions because
they don't want to do a second DNS lookup for the server's addresses
when the addresses are not included in the initial response.  It
doesn't matter to them that recursive servers could be make to
always complete the address chain in the additional section for
either of these solutions.  There is nothing preventing recursive
server vendors from doing this.

Mark

> Thanks.
> 
> 
> On 02/04/2017 04:56 PM, Graham Clinch wrote:
> 
> >> [...]
> >> But I'm getting errors in bind9.
> > What do the errors say?  Perhaps the text will point either you or us
> > to the cause.
> >
> > Graham
> 
> --------------B52CEBE361218F6D5E15BE4D
> Content-Type: text/html; charset=utf-8
> Content-Transfer-Encoding: 7bit
> 
> <html>
>   <head>
> 
>     <meta http-equiv="content-type" content="text/html; charset=utf-8">
>   </head>
>   <body bgcolor="#FFFFFF" text="#000000">
>     <p> </p>
>     <pre wrap="">Sorry I'm blocked in the other email account:
> Remote host said: 554 mail server permanently rejected message (#5.3.0)
> 
> I want to keep the 3 web servers and <a class="moz-txt-link-abbreviated" href="http://ww
> w.domain.com">www.domain.com</a> and only domain.com
> reference.
> 
> With current config:
> 
> <a class="moz-txt-link-abbreviated" href="http://www.domain.com">www.domain.com</a>.   C
> NAME   
> dualstack.ap-ulb-traffic-2039629984.ap-southeast-1.elb.amazonaws.com.
> domain.com.            CNAME   
> dualstack.ap-ulb-traffic-2039629984.ap-southeast-1.elb.amazonaws.com.
> <a class="moz-txt-link-abbreviated" href="http://www.domain.com">www.domain.com</a>.   C
> NAME   
> dualstack.ulb-traffic-eu-136029011.eu-central-1.elb.amazonaws.com.
> domain.com.            CNAME   
> dualstack.ulb-traffic-eu-136029011.eu-central-1.elb.amazonaws.com.
> <a class="moz-txt-link-abbreviated" href="http://www.domain.com">www.domain.com</a>.   C
> NAME   
> dualstack.ulb-traffic-1103250353.us-east-1.elb.amazonaws.com.
> domain.com.            CNAME   
> dualstack.ulb-traffic-1103250353.us-east-1.elb.amazonaws.com.
> 
> Feb  4 named[27974]: dns_master_load: /etc/bind/db.domain.com:26:
> <a class="moz-txt-link-abbreviated" href="http://www.domain.com">www.domain.com</a>: CNA
> ME and other data
> Feb  4 named[27974]: zone domain.com/IN: loading from master file
> /etc/bind/db.domain.com failed: CNAME and other data
> 
> with DNAME:
> 
> <a class="moz-txt-link-abbreviated" href="http://www.domain.com">www.domain.com</a>.   D
> NAME   
> dualstack.ap-ulb-traffic-2039629984.ap-southeast-1.elb.amazonaws.com.
> domain.com.            DNAME   
> dualstack.ap-ulb-traffic-2039629984.ap-southeast-1.elb.amazonaws.com.
> <a class="moz-txt-link-abbreviated" href="http://www.domain.com">www.domain.com</a>.   D
> NAME   
> dualstack.ulb-traffic-eu-136029011.eu-central-1.elb.amazonaws.com.
> domain.com.            DNAME   
> dualstack.ulb-traffic-eu-136029011.eu-central-1.elb.amazonaws.com.
> <a class="moz-txt-link-abbreviated" href="http://www.domain.com">www.domain.com</a>.   D
> NAME   
> dualstack.ulb-traffic-1103250353.us-east-1.elb.amazonaws.com.
> domain.com.            DNAME   
> dualstack.ulb-traffic-1103250353.us-east-1.elb.amazonaws.com.
> 
> Feb  4 named[28045]: dns_master_load: /etc/bind/db.domain.com:28:
> <a class="moz-txt-link-abbreviated" href="http://www.domain.com">www.domain.com</a>: mul
> tiple RRs of singleton type
> Feb  4 named[28045]: zone domain.com/IN: loading from master file
> /etc/bind/db.domain.com failed: multiple RRs of singleton type
> 
> Thanks.
> 
> 
> On 02/04/2017 04:56 PM, Graham Clinch wrote:
> </pre>
>     <blockquote type="cite" style="color: #000000;">
>       <blockquote type="cite" style="color: #000000;">
>         <pre wrap="">[...]
> But I'm getting errors in bind9.
> </pre>
>       </blockquote>
>       <pre wrap="">What do the errors say?  Perhaps the text will point either you or us
> to the cause.
> 
> Graham
> </pre>
>     </blockquote>
>   </body>
> </html>
> 
> --------------B52CEBE361218F6D5E15BE4D--
> 
> --===============4890822871737312709==
> Content-Type: text/plain; charset="us-ascii"
> MIME-Version: 1.0
> Content-Transfer-Encoding: 7bit
> Content-Disposition: inline
> 
> _______________________________________________
> Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this 
> list
> 
> bind-users mailing list
> bind-users at lists.isc.org
> https://lists.isc.org/mailman/listinfo/bind-users
> --===============4890822871737312709==--
-- 
Mark Andrews, ISC
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742                 INTERNET: marka at isc.org

More information about the bind-users mailing list