Parent is a CNAME
Sam.Wilson at ed.ac.uk
Wed Dec 2 12:47:08 UTC 2009
In article <mailman.1153.1259725836.14796.bind-users at lists.isc.org>,
Joseph S D Yao <jsdy at tux.org> wrote:
> On Tue, Dec 01, 2009 at 04:59:16PM -0800, Hans Jacobsen wrote:
> > If a.stanford.edu is a cname (say to b.stanford.edu)
> > can I delegate subdomain.a.stanford.edu? Are there documents that
> > point to this being an ok or bad practice?
> > I know all records for a.stanford.edu are relegated to records for
> > b.stanford.edu
> > What about subdomains?
> The domain that has a CNAME must never appear on the left-hand side of
> another record.
Not true. CNAME chains - CNAMEs pointing to other CNAMEs - are
inefficient and discouraged but the DNS spec is built to ensure that
they work. Check out www.google.com sometime (or www.google.co.uk) and
wonder at how many people would be annoyed if they didn't.
> If you delegate, the domain appears on the left side of NS records.
If you delegate there is ambiguity because there are CNAME and other
records. A CNAME says "all the information about this name can be found
attached to that other name over there".
> If you include the domain in a declaration in the same zone, it still is
> on the left side of a record - just not alone.
> a CNAME b
> ; Delegate a - WRONG
> a NS ns1 [WRONG]
> ; Use a on LHS - WRONG
> subdomain.a A 18.104.22.168 [WRONG]
> subdomain.a NS ns1.subdomain.a [WRONG]
> ns1.subdomain.a A 22.214.171.124 [WRONG]
As Chris Buxton points out, these will actually work though not in the
form you've given them. The A record for subdomain.a needs to be in the
subdomain.a child zone and the A record for ns1 must be in the child
zone but may also need to be in the current zone as glue.
We use the same kind of convention Chris describes for naming our
routers - look up kb6.net.ed.ac.uk, say. We've been doing it for years.
> Why not do this?
> subdomain.b A 126.96.36.199
> subdomain.b NS ns1.subdomain.b
> ns1.subdomain.b A 188.8.131.52
If b was itself delegated the CNAME would be problematical again.
More information about the bind-users