[ILUG] Is it me or is it BIND?

paul at clubi.ie paul at clubi.ie
Sun Aug 3 18:17:25 IST 2008 

On Sun, 3 Aug 2008, Lisa Muir wrote:

> If I am virtually hosting a domain eg, lisa.com and am setting it up
> in DNS, and pointing it to an existing webhost which will treat the
> domain as a local virtual server.... i set up as follows:
>
> www     CNAME     www.webhost.com.
>
> which works fine for www.lisa.com but for the actual domain name, if I do:
>
> lisa.com.     CNAME     www.webhost.com.
>
> I can't get BIND to load the zone file, and I have to change it to 
> an A record
>
> lisa.com.     A     <ip address of www.webhost.com>

> Its an old nameserver which I'm going to be decommissioning 
> shortly, but I'm curious as to why it won't accept a valid CNAME 
> record,

Because, obviously, it's not a valid CNAME record.

CNAME stands for "Canonical NAME". As the name suggests, it exists to 
provide the canonical name for some given DNS name. I.e.

 	somename		CNAME	therealname

'therealname' obviously can itself be a CNAME record, or it would be 
not canonical. This matters, because DNS doesn't specify that CNAMEs 
should be recursively looked up - CNAME is a terminal redirect - so a 
CNAME referencing CNAME is out of spec (however, i think many 
resolvers would follow recursive CNAMEs).

Next: As a CNAME redirects somename to another, canonical name, no 
other data is allowed at the redirected name, otherwise it would be 
ambigious as to what data is valid. E.g.:

 	somename		TXT	"blah"
 	somename		CNAME	realname
 	realname		TXT	"blah"

If you queried for a TXT record at somename, which should you get?

As zone apexes (like your lisa.com.) must have a SOA and (practically 
speaking, if not required by protocol - i'm not sure) NS records, it 
is therefore impossible to redirect the name with CNAME (for same 
zone redirections, what you can do instead is put the A record at the 
zone apex, and put the CNAME in for the child name - but that's not 
your case).

So you'll just have to put in the A record...

(DNAME records allow for a kind of redirection at zone apexes, but 
still not quite at the apex itself - and i'm not sure how widely 
supported they are by resolvers).

regards,
-- 
Paul Jakma	paul at clubi.ie	paul at jakma.org	Key ID: 64A2FF6A
Fortune:
Maybe Computer Science should be in the College of Theology.
 		-- R. S. Barton

More information about the ILUG mailing list