<div dir="ltr">Hi Brian.<div>You can't redirect your entire zone from inside the zone itself. CNAME absolutely will not do it, by design (also DNAME). </div><div><br></div><div>The reason is, the way that DNS works. <a href="http://wadsworth.org" target="_blank">wadsworth.org</a> has been delegated to a bunch of DNS servers (see below), which are presumably run by you and associated entities. As far as the world is concerned, that set of NS is now completely responsible for <a href="http://wadsworth.org" target="_blank">wadsworth.org</a> and everything underneath it. They host the zone called <a href="http://wadsworth.org" target="_blank">wadsworth.org</a> and you can put into that zone almost anything you like, for names (excluding CNAMEs and DNAMEs) at that name, or anything below that name.</div><div><br></div><div>;; QUESTION SECTION:<br>;<a href="http://wadsworth.org" target="_blank">wadsworth.org</a>. IN NS<br><br>;; ANSWER SECTION:<br><a href="http://wadsworth.org" target="_blank">wadsworth.org</a>. 86400 IN NS <a href="http://pauling.wadsworth.org" target="_blank">pauling.wadsworth.org</a>.<br><a href="http://wadsworth.org" target="_blank">wadsworth.org</a>. 86400 IN NS <a href="http://cmtu.mt.ns.els-gms.att.net" target="_blank">cmtu.mt.ns.els-gms.att.net</a>.<br><a href="http://wadsworth.org" target="_blank">wadsworth.org</a>. 86400 IN NS <a href="http://b24.ns.els-gms.att.net" target="_blank">b24.ns.els-gms.att.net</a>.<br><a href="http://wadsworth.org" target="_blank">wadsworth.org</a>. 86400 IN NS <a href="http://b23.ns.els-gms.att.net" target="_blank">b23.ns.els-gms.att.net</a>.<br><a href="http://wadsworth.org" target="_blank">wadsworth.org</a>. 86400 IN NS <a href="http://m24.ns.els-gms.att.net" target="_blank">m24.ns.els-gms.att.net</a>.<br><a href="http://wadsworth.org" target="_blank">wadsworth.org</a>. 86400 IN NS <a href="http://ns0.ny.gov" target="_blank">ns0.ny.gov</a>.<br><a href="http://wadsworth.org" target="_blank">wadsworth.org</a>. 86400 IN NS <a href="http://ns1.ny.gov" target="_blank">ns1.ny.gov</a>.<br><a href="http://wadsworth.org" target="_blank">wadsworth.org</a>. 86400 IN NS <a href="http://m23.ns.els-gms.att.net" target="_blank">m23.ns.els-gms.att.net</a>.<br><a href="http://wadsworth.org" target="_blank">wadsworth.org</a>. 86400 IN NS <a href="http://ns1.albany.edu" target="_blank">ns1.albany.edu</a>.<br><a href="http://wadsworth.org" target="_blank">wadsworth.org</a>. 86400 IN NS <a href="http://cbru.br.ns.els-gms.att.net" target="_blank">cbru.br.ns.els-gms.att.net</a>.<br><a href="http://wadsworth.org" target="_blank">wadsworth.org</a>. 86400 IN NS <a href="http://ns2.ny.gov" target="_blank">ns2.ny.gov</a>.<br><a href="http://wadsworth.org" target="_blank">wadsworth.org</a>. 86400 IN NS <a href="http://beacon.health.state.ny.us" target="_blank">beacon.health.state.ny.us</a>.</div><div><br></div><div>So if the world already knows where you are, the only way to change its point of view is to change the delegation in the parent - .org in your case.</div><div><br></div><div>Many people have wished it could over the years, me included, and hence was born the quest for a record type that does allow you to do this, which might have been called, for example, ALIAS. However, there is (still) no standardised ALIAS function, by that name or any other. What some commercial DNS providers have done is to fudge an alias-like function, so it appears that you have redirected your whole zone somewhere else.</div><div><br></div><div>CNAME/DNAME are very old now. More recently, a couple of other RRTYPEs - SVCB and HTTPS - have been standardised (and are supported by BIND) that do allow you to alias the apex (the zone itself) *but* not for any query, only for queries matching those RRTPEs. Thus clients need to be SVCB/HTTPS-aware and ask the right question. So they are not a magic replacement for CNAME.</div><div><br></div><div>Why do these people want you to alias your entire zone to them anyway?</div><div><br></div><div>I hope that helps.</div><div>Christmas cheers, Greg.</div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">On Tue, 24 Dec 2024 at 14:39, Cuttler, Brian R (HEALTH) via bind-users <<a href="mailto:bind-users@lists.isc.org" target="_blank">bind-users@lists.isc.org</a>> wrote:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div>
<div lang="EN-US">
<div>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">Hello bind users.<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">We are running bind 9.14.28 on Ubuntu and have an offsite provider for our DNS services.<u></u><u></u></p>
<p class="MsoNormal">The cname we create for our webserver <a href="http://www.wadsworth.org" target="_blank">
www.wadsworth.org</a> is working well.<br>
However, I’ve been asked if we can point the apex record at the external webserver.<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">If I’m understanding the docs I’ve looked at, there are ways if we had external DNS services, rather than the on-prem Bind server, or if bind supported the Alias RR.<u></u><u></u></p>
<p class="MsoNormal">I know it can, but does not natively, or at least not the document I found which indicates we’d need to modify the source code.<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">I’m looking for guidance on how to point the named domain name, the apex record at the IP addresses provided by the cname name we are using for our webserver.<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal">Thanks in advance,<u></u><u></u></p>
<p class="MsoNormal">Brian<u></u><u></u></p>
<p class="MsoNormal"><u></u> <u></u></p>
<p class="MsoNormal"><span style="font-size:12pt;font-family:Arial,sans-serif">Brian Cuttler, System and Network Administration<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:12pt;font-family:Arial,sans-serif">Wadsworth Center, NYS Department of Health<u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:12pt;font-family:Arial,sans-serif">Albany, NY 12201 POB 509<u></u><u></u></span></p>
<p class="MsoNormal"><a href="mailto:Brian.Cuttler@Health.NY.gov" target="_blank"><span style="font-size:12pt;font-family:Arial,sans-serif;color:rgb(5,99,193)">Brian.Cuttler@Health.NY.gov</span></a><span style="font-size:12pt;font-family:Arial,sans-serif"><u></u><u></u></span></p>
<p class="MsoNormal"><span style="font-size:12pt;font-family:Arial,sans-serif">518 486-1697</span><span style="font-size:12pt;font-family:"Arial Nova",sans-serif"><u></u><u></u></span></p>
<p class="MsoNormal"><u></u> <u></u></p>
</div>
</div>
-- <br>
Visit <a href="https://lists.isc.org/mailman/listinfo/bind-users" rel="noreferrer" target="_blank">https://lists.isc.org/mailman/listinfo/bind-users</a> to unsubscribe from this list<br>
<br>
ISC funds the development of this software with paid support subscriptions. Contact us at <a href="https://www.isc.org/contact/" rel="noreferrer" target="_blank">https://www.isc.org/contact/</a> for more information.<br>
<br>
<br>
bind-users mailing list<br>
<a href="mailto:bind-users@lists.isc.org" target="_blank">bind-users@lists.isc.org</a><br>
<a href="https://lists.isc.org/mailman/listinfo/bind-users" rel="noreferrer" target="_blank">https://lists.isc.org/mailman/listinfo/bind-users</a><br>
</div></blockquote></div>