Tuesday, January 26, 2016

nameserver - CNAME domain to another domain, but keep different SPF records for the two?




SCENARIO:




  • mydomain.com is the main website, we do send/receive mail using
    address@mydomain.com. mydomain.com DNS has got an SPF record "v=spf1 a mx ~all"


  • mydomain.net is just an alias for mydomain.com, but we do NOT send mail
    using address@mydomain.net. Therefor mydomain.net DNS has got an SPF record
    "v=spf1 -all" to acknowledge everyone it does not send mail





Since mydomain.net is an alias for mydomain.com I wanted to use CNAME in DNS, thus:



mydomain.net -> CNAME -> mydomain.com
www.mydomain.net -> CNAME -> mydomain.com


But by doing this I noticed that when testing SPF for mydomain.net with a DNS tool like this the SPF returned is the one in mydomain.com "v=spf1 a mx ~all" and NOT as I would expect the "v=spf1 -all"



Is there a way to use different SPF for the two domains, by still using CNAME



Answer



A CNAME means that the hostname is exactly the same as the target hostname with respect to all record types. If this is not what you want then you can't use a CNAME.



You also shouldn't CNAME the root of a domain (i.e. mydomain.net), because this means that the SOA for mydomain.net is actually that of mydomain.com.


No comments:

Post a Comment

linux - How to SSH to ec2 instance in VPC private subnet via NAT server

I have created a VPC in aws with a public subnet and a private subnet. The private subnet does not have direct access to external network. S...