CNAME only zone?

Phil Mayers p.mayers at
Fri Dec 9 17:08:08 UTC 2011

On 09/12/11 16:55, Lightner, Jeff wrote:
> I don't know what you mean by that.  Apex of what exactly - my zone file?

The zone is a tree. The records at the apex of the zone are those with 
the same name as the zone - normally the SOA, NS, MX, and other records.

Since all zones must have a SOA and NS at the apex, and CNAME is 
incompatible with any other record at the same name (except RRSIG/NSEC), 
you cannot have a CNAME at the apex.

> I can make a zone file that simply has a CNAME in it with no SOA, serial number etc...?

No. You can't. Such zone files are syntactically invalid, and will not 
be loaded by bind. This is easy to try e.g.	300	SOA 100 2700 1800 
3600 3600	300	NS	300	CNAME	300	A

# named-checkzone $FILE
dns_master_load: z:3: CNAME and other data
dns_master_load: z:3: CNAME and other data
zone loading from master file z failed: CNAME and other data
zone not loaded due to errors.

> As noted I do not own the target zone so I can't update any records there.
> Can you tell me exactly what the zone file should look like with the CNAME record at the "apex"?

As noted above, such a zone is invalid.

You *can* do this:	300	SOA 100 2700 1800 
3600 3600	300	NS	300	A ; the IP of	300	A

i.e. put an "A" record at the zone apex, with the IP of the "other" 
server. It does mean you need a script / process in place to update the 
A record if the name

More information about the bind-users mailing list