CNAME and other data -vs- could not find NS and/or SOA records

phil-news-nospam at ipal.net phil-news-nospam at ipal.net
Thu Jun 3 23:21:25 UTC 2004 

On Thu, 3 Jun 2004 23:39:54 +0200 Edvard Tuinder <listbind at lunytune.nl> wrote:

| Though the real problem has still not been specified (*why* do you actually
| need this, or think you need this), you may want to take a look at the
| DNAME record. Up to a certain extent, it might do what you need.

It looks like it might.  If it can load as the root of a zone, and do what
CNAME does for that domain name, it should.  Fortunately, having it rename
the entire hierarchy is not a problem.


| Alternatively, if you are the authoritatively nameserver for both domains,
| you could always include the same source file for both domains. The end
| result is that which you seem to desire.

I'm not authoritative for the target domain, hence the problem.


| Do note that you may be right that it did work in past versions of bind.

I saw it working for what I was trying to access.  Someone else had a zone
doing it.  I'm fuzzy on the memory of it, but I think they had an SOA
record but no NS record accompanying it.  At the time I just dismissed it
as "lazy" because both domains were authoritative to the same server (same
administrator).  Until now I've simply avoided all use of CNAME for myself
(except for a few in-addr.arpa delegation tricks).

I can't say if it breaks in other ways I didn't look at.  Other posts have
pointed at problems with zone transfers (which I am not doing) and
accompanying A or AAAA records (which I am not doing).  I'm guessing the
real problem will be that the SOA record is the issue.  I was thinking of
trying to get around it by not providing an SOA record.  But if DNAME
works, I won't go that route at all.


| There have been bugs and protocol violations in bind. One of the reasons
| why development continues. If you do want to change the protocol, visit
| the namedroppers mailing list.

At this time, I'm not interested in changing the protocol.  We'll see what
DNAME can do later on.


| Also note that patching your nameserver may appear to achieve your goal,
| but has absolutely zero guarantee that it will work at all. Other nameservers
| tend to adhere to the protocol and if you sent out 'garbage' they may decide
| to ignore your data and declare the zone (domain) lame.

That's why I would test it.  Of course, someone who knows DNS and BIND
could have figured what it would do, and replied "You're data won't be
accepted by other recursive name servers because ...".  No one did; some
seem to just prefer telling people "you're wrong, go away" (I have seen
this in other newsgroups and if I know the real answer the asker was
soliciting, I go ahead and help out).

-- 
-----------------------------------------------------------------------------
| Phil Howard KA9WGN       | http://linuxhomepage.com/      http://ham.org/ |
| (first name) at ipal.net | http://phil.ipal.org/   http://ka9wgn.ham.org/ |
-----------------------------------------------------------------------------

More information about the bind-users mailing list