CNAME FAQ
Joseph S D Yao
jsdy at cospo.osis.gov
Wed Sep 15 21:29:21 UTC 1999
After I opened my big mouth [or, more accurately, typed with my big
fingers], Bill Larson asked me to explain what I had written for the
FAQ. I figured I'd post it and let more knowledgable heads correct
anything I'd gotten wrong or omitted. [BILL - slightly re-formatted;
use either version.]
=======================================================================
There are about three questions that can be answered at once:
2.1.a Why can't I have multiple CNAME records for the same name?
2.1.b Why can't I have a CNAME record that translates my domain name
to one of the host names, so references to the domain name go
to that host?
2.1.c Why can't I have a CNAME record for a name and, say, an MX
record for the same name?
The word "CNAME" comes from "canonical name". The name on the left-hand
side is an alias, with no other attributes of its own. The name on the
right-hand side is expected to be the REAL name of a host:
web IN CNAME yost.ined.ministry.org.
The REAL name is supposed to have the MX, NS, A, or any other records.
Therefore, if a name appears on the left-hand side of a CNAME record,
it MUST NOT appear in the left-hand side of ANY other record.
RFC 1034, "DOMAIN NAMES - CONCEPTS AND FACILITIES," says (in part):
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
... If a CNAME RR is present at a node, no other data should be
present; this ensures that the data for a canonical name and its aliases
cannot be different. This rule also insures that a cached CNAME can be
used without checking with an authoritative server for other RR types.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
RFC 2181, "Clarifications to the DNS Specification," further clarifies:
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
10.1. CNAME resource records
The DNS CNAME ("canonical name") record exists to provide the
canonical name associated with an alias name. There may be only one
such canonical name for any one alias. That name should generally be
a name that exists elsewhere in the DNS, though there are some rare
applications for aliases with the accompanying canonical name
undefined in the DNS. An alias name (label of a CNAME record) may,
if DNSSEC is in use, have SIG, NXT, and KEY RRs, but may have no
other data. That is, for any label in the DNS (any domain name)
exactly one of the following is true:
+ one CNAME record exists, optionally accompanied by SIG, NXT, and
KEY RRs,
+ one or more records exist, none being CNAME records,
+ the name exists, but has no associated RRs of any type,
+ the name does not exist at all.
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -
Specifically:
(1) You may NOT have multiple CNAMEs - too much possibility of
confusion because the targets may have different other records
(NS, MX, et al.).
If you want to do a DNS round-robin, use multiple "A" records.
(2) You may NOT make your zone name an alias in a CNAME record. In
your zone record, you will already have at least an SOA and an NS
record, and possibly an NS record.
What you MAY do is have an "A" record, and another name aliased
to the domain name:
$ORIGIN cricket.games.edu
$TTL 1d
@ IN SOA ... ( ... )
IN NS bat.cricket.games.edu.
IN A 10.9.8.7
IN MX wicket.cricket.games.edu.
web IN CNAME cricket.games.edu.
...
in this example, "web.cricket.games.edu" has the same IP address
that was assigned to "cricket.games.edu". But the former name
can have no other records of its own.
(3) The only other records you may use with an alias in a CNAME
record are the DNSSEC records mentioned above - SIG, NXT, and
KEY.
=======================================================================
--
Joe Yao jsdy at cospo.osis.gov - Joseph S. D. Yao
COSPO/OSIS Computer Support EMT-B
-----------------------------------------------------------------------
This message is not an official statement of COSPO policies.
More information about the bind-users
mailing list