[dns-operations] Adding CNAME for the root domain issue
Andrew Boling
aboling at gmail.com
Wed Apr 27 21:12:37 UTC 2016
Trying again, with the mailing list included this time.
On Wed, Apr 27, 2016 at 4:56 PM, John Levine <johnl at taugh.com> wrote:
>
> That is, the CNAME at the apex is all by itself, pointing at another
> apex with the right SOA and NS, no glue needed. Is that valid? Why
> or why not?
>
>
It's explicitly invalid per RFC 2181. A zone is required to have SOA and NS
records at the apex, and a CNAME record cannot exist at a label where those
record types exist.
https://tools.ietf.org/html/rfc2181#section-6.1
https://tools.ietf.org/html/rfc2181#section-10.1
On Wed, Apr 27, 2016 at 4:56 PM, John Levine <johnl at taugh.com> wrote:
> >The semantics of "CNAME" are, "the owner name is actually this other
> >name". Therefore, to have any other data at the CNAME would be
> >absurd.
>
> OK. How about this?
>
> --- one zone ---
> $ORIGIN foo.example
> foo.example. CNAME bar.example.
> www A 1.2.3.4
>
> --- another zone ---
> $ORIGIN bar.example
> bar.example. SOA ns.provider.example. hostmaster.bar.example. 1776070401
> 900 604800 7200
> NS ns.provider.example.
> NS ns2.provider.example.
> www A 5.6.7.8
>
> That is, the CNAME at the apex is all by itself, pointing at another
> apex with the right SOA and NS, no glue needed. Is that valid? Why
> or why not?
>
> Signed,
> Puzzled
>
> PS: Personally, I have no idea what the answer is other than I doubt
> that the people who write name servers have tested for this case.
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
> dns-jobs mailing list
> https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20160427/3e35f1b4/attachment.html>
More information about the dns-operations
mailing list