CNAME Definition

asenec at senechalle.net asenec at senechalle.net
Sat Feb 3 21:03:17 UTC 2001


We just upgraded to 8.2.3-REL from 8.2.2-P7,
in response to the recent, CERT advisory and
find that CNAME's with a zone construct of the
form below no longer resolve.  I find nothing
in RFC-1035 which would specifically prohibit
such a construct, but I do note that some
foreign registeries, such as deNIC, are now
rejecting domains with such CNAME definition.

$ORIGIN com.
myownjunk IN   SOA  ns.theaccount.com. hostmaster.theaccount.com. (
                2001020312 86400 7200 3600000 172800 )
                IN  NS  ns.theaccount.com
                IN  NS  ns2.theaccount.com
                IN  CNAME   asenec.com.
$ORIGIN myownjunk.com.  
mail            IN      CNAME   mail.asenec.com.
ftp             IN      CNAME   ftp.asenec.com.
www             IN      CNAME   www.asenec.com.

Simply omitting the 'IN CNAME asenec.com.' record
enables resolution of mail/ftp/www.myownjunk.com,
but with 8.2.3-REL it seems impossible to resolve
myownjunk.com when it is defined as a CNAME. 
Is it no longer possible to define a second-level
domain as a CNAME?  If so, is there some RFC which
declares doing so as illegal?

Annette


More information about the bind-users mailing list