CNAME restrictions

Leroy Tennison leroy at
Tue Aug 4 17:29:25 UTC 2020

I have a situation where, due to the system's location (IP subnet), its DNS name is <webserver>.<internal subdomain>  We have a certificate for * which we prefer to use instead of having to acquire a certificate for <internal subdomain> since this is a one-off internal-only web server.  Our (ISC) DNS servers (version 9.10.3-P4-Ubuntu that comes with Ubuntu 16.04) serve both domains.  I thought a solution would be to use a CNAME but, when I attempt this (via nsupdate with the update key which works for A and PTR adds and deletes) I get (on "send"):

 TSIG error with server: expected a TSIG or SIG(0)
update failed: NOTIMP

What I tried (on both <internal subdomain> and was:

update add <webserver> 86400 IN CNAME <webserver>.<internal subdomain>

Apparently I'm mis-understanding CNAME usage, if I actually can use a CNAME record what should the format be (or do I need to configure bind differently to use it since part of the reply is NOTIMP)?  If that's not possible due to CNAME restrictions are there any alternatives?

Thanks for your help.


Leroy Tennison
Network Information/Cyber Security Specialist
E: leroy at


2220 Bush Dr
McKinney, Texas

This message has been sent on behalf of a company that is part of the Harris Operating Group of Constellation Software Inc.

If you prefer not to be contacted by Harris Operating Group please notify us<>.

This message is intended exclusively for the individual or entity to which it is addressed. This communication may contain information that is proprietary, privileged or confidential or otherwise legally exempt from disclosure. If you are not the named addressee, you are not authorized to read, print, retain, copy or disseminate this message or any part of it. If you have received this message in error, please notify the sender immediately by e-mail and delete all copies of the message.

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <>
-------------- next part --------------
A non-text attachment was scrubbed...
Name: not available
Type: image/png
Size: 8276 bytes
Desc: Data-Voice-International-LOGO_aa3d1c6e-5cfb-451f-ba2c-af8059e69609.PNG
URL: <>

More information about the bind-users mailing list