Saturday, November 12, 2016

Set root domain record to be a CNAME




I need to create an NS record for a domain that is a CNAME, for the purpose of having two domains pointed at one IP, and not having to maintain the current IP address in two different places.



The DNS provider for this domain is DynDNS, but they block this operation:




CNAME cannot be created with label
that is equal to zone name





I can do this with another domain whose DNS is served by 1and1:



root@srv-ubuntu:~# dig myseconddomain.co.uk

; <<>> DiG 9.4.2-P1 <<>> myseconddomain.co.uk
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61795
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0


;; QUESTION SECTION:
;myseconddomain.co.uk.             IN      A

;; ANSWER SECTION:
myseconddomain.co.uk.      71605   IN      CNAME   myfirstdomain.co.uk.
myfirstdomain.co.uk.     59      IN      A       www.xxx.yyy.zzz

;; Query time: 298 msec
;; SERVER: 10.0.0.10#53(10.0.0.10)
;; WHEN: Tue Aug 18 14:17:26 2009

;; MSG SIZE  rcvd: 78


Is this a breach of the RFCs or does DynDNS have a legitimate reason for blocking this action?



Followup
Thanks to the two answers already posted I now know that 1and1 IS breaching RFCs to do this. However it does work and they seem to support it. For a company that hosts so many domains it seems very odd that they get away with doing this on such a massive scale without objection.



More followup




The output of "dig myseconddomain.co.uk ns" as requested.



root@srv-ubuntu:~# dig myseconddomain.co.uk ns

; <<>> DiG 9.4.2-P1 <<>> myseconddomain.co.uk ns
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18085
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 2


;; QUESTION SECTION:
; myseconddomain.co.uk.             IN      NS

;; ANSWER SECTION:
myseconddomain.co.uk.      4798    IN      NS      ns67.1and1.co.uk.
myseconddomain.co.uk.      4798    IN      NS      ns68.1and1.co.uk.

;; ADDITIONAL SECTION:
ns67.1and1.co.uk.       78798   IN      A       195.20.224.201
ns68.1and1.co.uk.       86400   IN      A       212.227.123.89


;; Query time: 59 msec
;; SERVER: 10.0.0.10#53(10.0.0.10)
;; WHEN: Wed Aug 19 12:54:58 2009
;; MSG SIZE  rcvd: 111

Answer



Correct, it is a breach of RFC 1034, section 3.6.2, paragraph 3:





... If a CNAME RR is present at a node, no other data should be present; this ensures that the data for a canonical name and its aliases cannot be different. ...




This applies here because the root of your zone must also have SOA and NS records.


-

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

linux - How to SSH to ec2 instance in VPC private subnet via NAT server

I have created a VPC in aws with a public subnet and a private subnet. The private subnet does not have direct access to external network. S...