CNAME as MX, NS, SOA

Barry Margolin barmar at alum.mit.edu
Mon Jan 19 22:41:57 UTC 2004


In article <buhc3a$13b9$1 at sf1.isc.org>, /dev/rob0 <rob0 at gmx.co.uk> 
wrote:

> I've seen numerous warnings against using a CNAME as MX, NS or SOA, but
> no explanation about why this is wrong. I think it would be useful, just
> as I use CNAMEs for all other services.

It may be useful, but it has overhead in a section of DNS processing 
that you want to be as efficient as possible.  It forces an extra step 
of quering to resolve the CNAME, and possibly multiple steps.  A records 
associated with MX or NS records will often be included in the 
Additional Records section of a reply, but this won't follow CNAME 
records.

> I previously was running a master and slave server on my home LAN, but
> since have come to my senses. :) The master was a virtual machine (user-
> mode Linux), and I would like to have changed its A record "ns.rob0.lan"
> into a CNAME pointing to the slave. (This hostname is also the SOA.)
> 
> What I did instead was to change the A record to point to the IP of the
> slave. So now I have 2 A records for that IP: ns and server. The reverse
> zone resolves to "server.rob0.lan". Is that the right way to do this, or
> should I change SOA to "server.rob0.lan."? Does the lack of reverse DNS
> for the SOA matter?

This is the proper way.  I've never heard of anything performing a 
reverse DNS check on the MNAME field of the SOA record (in fact, there's 
very little use of the SOA MNAME field at all, outside of dynamic 
updates).

-- 
Barry Margolin, barmar at alum.mit.edu
Arlington, MA


More information about the bind-users mailing list