CNAMEs and subdomains

Kevin Darcy kcd at daimlerchrysler.com
Thu Jan 13 23:20:40 UTC 2000 

Scott Bertilson wrote:

>   Wondering about this issue because we have
> lots of entries in our top level domain like:
>
> $ORIGIN umn.edu
> www.altdept             IN CNAME        www.dept.umn.edu.
>
> $ORIGIN dept.umn.edu
> @                       IN      SOA     ns.nts.umn.edu. hostmaster.nts.umn.edu. (
>                                 1000113143 50400 3600 604800 50400 )
> www                     IN A            192.168.0.1
>
> We'd like to provide the perception of a subdomain
> ("altdept") without actually having to create one.
> Barry Margolin sent a note which seemed to imply
> that this was legit:
>
> > There's no problem with having sub as a CNAME.  It's a subdomain, but it's
> > *not* a subzone, so it doesn't violate the rule against CNAME and other
> > data.  We do this extensively for the domain that contains all our routers;
>
> His verbiage seems to imply that what we've done is
> OK, but his example was different from ours.
>
> Are we able to do this?

Yup. Your CNAMEs, e.g. www.altdept.umn.edu, don't match any zone names. If they did,
then they would conflict with (at a minimum) the NS and SOA records defining the
zone. The no-CNAME-matching-a-zonename rule is just a special case of a more general
no-CNAME-matching-any-record-name rule.

What Barry was referring to, I think, was a situation where someone created, e.g. a
hairy.ape.com CNAME, where big.hairy.ape.com already existed as an A record. This is
okay as long as hairy.ape.com has no records associated with it. If it were a
subzone of ape.com, it would have NS and SOA records, therefore the CNAME would be
illegal. Also, if it were the name of an MX record, an SRV record, or whatever, that
would also make the CNAME illegal.

> If so, can someone give me a reference to where this is in the RFCs?

Everything not forbidden is permitted. A restriction which *doesn't* apply to you
is:RFC 1034, Section 3.6.2, page 14:

     If a CNAME RR is present at a node, no other data should be
     present; this ensures that the data for a canonical name and its aliases
     cannot be different.


- Kevin

More information about the bind-users mailing list