Parent is a CNAME

Sam Wilson Sam.Wilson at ed.ac.uk
Wed Dec 2 12:47:08 UTC 2009 

In article <mailman.1153.1259725836.14796.bind-users at lists.isc.org>,
 Joseph S D Yao <jsdy at tux.org> wrote:

> On Tue, Dec 01, 2009 at 04:59:16PM -0800, Hans Jacobsen wrote:
> > If a.stanford.edu is a cname (say to b.stanford.edu)
> > can I delegate subdomain.a.stanford.edu?  Are there documents that  
> > point to this being an ok or bad practice?
> > 
> > I know all records for a.stanford.edu are relegated to records for  
> > b.stanford.edu
> > What about subdomains?
> 
> 
> No.
> 
> The domain that has a CNAME must never appear on the left-hand side of
> another record.

Not true.  CNAME chains - CNAMEs pointing to other CNAMEs - are 
inefficient and discouraged but the DNS spec is built to ensure that 
they work.  Check out www.google.com sometime (or www.google.co.uk) and 
wonder at how many people would be annoyed if they didn't.

> If you delegate, the domain appears on the left side of NS records.

If you delegate there is ambiguity because there are CNAME and other 
records.  A CNAME says "all the information about this name can be found 
attached to that other name over there".

> If you include the domain in a declaration in the same zone, it still is
> on the left side of a record - just not alone.
> 
> a         CNAME    b
> ; Delegate a - WRONG
> a         NS    ns1      [WRONG]

Correct.

> ; Use a on LHS - WRONG
> subdomain.a     A     7.8.9.10 [WRONG]
> subdomain.a     NS    ns1.subdomain.a   [WRONG]
> ns1.subdomain.a    A     7.9.11.13   [WRONG]

As Chris Buxton points out, these will actually work though not in the 
form you've given them.  The A record for subdomain.a needs to be in the 
subdomain.a child zone and the A record for ns1 must be in the child 
zone but may also need to be in the current zone as glue.

We use the same kind of convention Chris describes for naming our 
routers - look up kb6.net.ed.ac.uk, say.  We've been doing it for years.

> Why not do this?
> 
> subdomain.b     A     7.8.9.10
> subdomain.b     NS    ns1.subdomain.b
> ns1.subdomain.b    A     7.9.11.13

If b was itself delegated the CNAME would be problematical again.

Sam

More information about the bind-users mailing list