CNAMES across zones

Kevin Darcy kcd at daimlerchrysler.com
Wed Oct 25 22:23:54 UTC 2000


If different organizations own the CNAME's zone versus the CNAME target's
zone, then there is a bit of a co-ordination issue in order to avoid dangling
CNAMEs, chained CNAMEs or looped CNAMEs. Also, if a server has a CNAME entry
in its cache or authoritative data, but no entry for the CNAME's target, then
it will have to perform at least one extra query of its own to resolve the
query for its recursive clients, which can be slightly inefficient.

But in a reasonably-configured environment, where the same organization
controls both zones, or has maintenance tools which perform sanity checks to
avoid CNAME loops and/or chains, or dangling CNAMEs, and where all of the
authoritative servers for the CNAMEs' zones are also authoritative for the
CNAMEs' targets' zones, cross-zone CNAMEs shouldn't be a problem at all. And,
in almost all infrastructures, the benefit of having only 1 A record to
change instead of potentially dozens or even hundreds, greatly outweighs the
cost.



- Kevin

josephc at etards.net wrote:

> OK, I have somehow managed to start a holy war between sysadmins here
> regarding CNAMES across zones.
>
> On the oneside you have people that believe that is a terrible thing to
> do,
> and others that see nothing wrong with it.
>
> For example: (assuming this is fubars zone file)
>
> www.fubar.net.          IN      CNAME   www.fubar.com.
>
> The best example would be if a company had fubar.com, fubar.net, and
> fubar.org as well as 100 other domains that they all wanted to point to
> the
> same host.
>
> While 'a' records pointint to x.x.x.x would work, should that IP ever
> change, or if it changes often, it would be a pain to update every zone
> with the new IP. But if say fubar.com was the only domain that pointed www
> to the IP via an 'a' record, then all the other domains could CNAME www
> to
> www.fubar.com. There would be no CNAME's pointing to other CNAME's.
>
> The only consequence I can see is a higher load on the DNS server. Are
> there any other known porblems with this setup?
>
> thanks
>
> -joe






More information about the bind-users mailing list