Pointing a domain name at a host through some sort of alias/CNAME

Kevin Darcy kcd at daimlerchrysler.com
Wed Jan 19 00:44:34 UTC 2005

sdean at ulster.net wrote:

>Some domains will resolve to an actual host (like yale.edu), others
>(like harvard.edu) do not or do a sort of halfway resolution (that
>doesn't work in reverse), like ibm.com (whose numeric IP reverse
>resolves to www.ibm.com, tsk, tsk).
>Myself, I think it's a Bad Idea to have an actual host that answers to
>the same symbolic name as the domain....but our college's former
>administrator did so ages ago.
>Now I wish transfer the services of the old wombat.edu
>host-with-the-same-name-as-the-domain (domain is wombat.edu, and there
>is a host wombat.edu...it's a login server) to a new server, named
>shell.wombat.edu.  Everything is set to go, but I find I can't have a
>CNAME record like this:
>wombat.edu   CNAME     shell.wombat.edu
>Seems BIND finds this illegal, and I can sortkinda see why
>Is there some way to finesse this, some unugly way to do this.  I would
>really rather NOT have two A records with the same numeric IP
>(wombat.edu and shell.wombat.edu); that's ugly and illegal and causes
>problems with spoofing protection.  I don't want to give the A record
>for the numeric to wombat.edu and have shell.wombat.edu be a CNAME,
>though that is less ugly to my sensibilities.
>I mean, you can have a domain name with MX records and no A record, why
>not a domain name with CNAME and no A record or some equivalent
There's nothing illegal about having two different names point to the 
same IP address. There's nothing illegal even with having a given 
reverse (in-addr.arpa) name resolve to multiple PTRs, although most if 
not all implementations of gethostbyaddr() only look at the first 
record, i.e. it's legal, but fairly useless. For that matter, there's 
nothing enforceably illegal about having a forward without a reverse, or 

One thing that *is* illegal, however, is a CNAME with the same owner 
name as that of a zone. The owner of a CNAME record cannot own records 
of any other type, and by definition, the name of a zone owns an SOA 
record and at least 2 NS records.

Just take the easy way out and CNAME the non-zone-apex names to the 
zone-apex name.

                              - Kevin

More information about the bind-users mailing list