CNAME Definition

Kevin Darcy kcd at daimlerchrysler.com
Wed Feb 14 23:52:08 UTC 2001 

Just don't do it. Add an A record instead.


- Kevin

digest at cihost.com wrote:

> So what is the proper way to define a CNAME zone for such an entry?
>
> Thanks,
> Digest
>
> >RFC1034 3.6.2:
> >
> >"The domain system provides such a feature using the canonical name
> >(CNAME) RR.  A CNAME RR identifies its owner name as an alias, and
> >specifies the corresponding canonical name in the RDATA section of the
> >RR.  If a CNAME RR is present at a node, no other data should be
> >present; this ensures that the data for a canonical name and its aliases
> >cannot be different.  This rule also insures that a cached CNAME can be
> >used without checking with an authoritative server for other RR types."
> >
> >In your example, its not rejecting the 'foreign' CNAMES, its rejecting the
> >@ CNAME, as you have the myownjunk.com record containing a CNAME RR but
> >also SOA and NS RR's, which is verboten.
> >
> >This has (as you can see) always been a violation of the RFC's as well.
> >
> >D
> >
> >At 3:03 PM -0600 2/3/01, asenec at senechalle.net wrote:
> >>We just upgraded to 8.2.3-REL from 8.2.2-P7,
> >>in response to the recent, CERT advisory and
> >>find that CNAME's with a zone construct of the
> >>form below no longer resolve.  I find nothing
> >>in RFC-1035 which would specifically prohibit
> >>such a construct, but I do note that some
> >>foreign registeries, such as deNIC, are now
> >>rejecting domains with such CNAME definition.
> >>
> >>$ORIGIN com.
> >>myownjunk IN   SOA  ns.theaccount.com. hostmaster.theaccount.com. (
> >>                2001020312 86400 7200 3600000 172800 )
> >>                IN  NS  ns.theaccount.com
> >>                IN  NS  ns2.theaccount.com
> >>                IN  CNAME   asenec.com.
> >>$ORIGIN myownjunk.com.
> >>mail            IN      CNAME   mail.asenec.com.
> >>ftp             IN      CNAME   ftp.asenec.com.
> >>www             IN      CNAME   www.asenec.com.
> >>
> >>Simply omitting the 'IN CNAME asenec.com.' record
> >>enables resolution of mail/ftp/www.myownjunk.com,
> >>but with 8.2.3-REL it seems impossible to resolve
> >>myownjunk.com when it is defined as a CNAME.
> >>Is it no longer possible to define a second-level
> >>domain as a CNAME?  If so, is there some RFC which
> >>declares doing so as illegal?
> >>
> >>Annette
> >>
> >>--
> >>+---------------------+-----------------------------------------+
> >>| dredd at megacity.org  | "Conan! What is best in life?"          |
> >>|  Derek J. Balling   | "To crush your enemies, see them        |
> >>|                     |    driven before you, and to hear the   |
> >>|                     |    lamentation of their women!"         |
> >>+---------------------+-----------------------------------------+

More information about the bind-users mailing list