[dns-operations] Adding CNAME for the root domain issue

Dave Warren davew at hireahit.com
Wed Apr 27 21:21:11 UTC 2016

On 2016-04-27 14:12, Andrew Boling wrote:
> Trying again, with the mailing list included this time.
> On Wed, Apr 27, 2016 at 4:56 PM, John Levine <johnl at taugh.com 
> <mailto:johnl at taugh.com>> wrote:
>     That is, the CNAME at the apex is all by itself, pointing at another
>     apex with the right SOA and NS, no glue needed.  Is that valid?  Why
>     or why not?
> It's explicitly invalid per RFC 2181. A zone is required to have SOA 
> and NS records at the apex, and a CNAME record cannot exist at a label 
> where those record types exist.
> https://tools.ietf.org/html/rfc2181#section-6.1
> https://tools.ietf.org/html/rfc2181#section-10.1

rfc1035 gets us most of the way too in section 5.2. Use of master files 
to define zones

When a master file is used to load a zone, the operation should be
suppressed if any errors are encountered in the master file.
Several other validity checks that should be performed in addition to
insuring that the file is syntactically correct:
    2. Exactly one SOA RR should be present at the top of the zone.

Without the SOA, you don't have a zone file, and therefore the zone 
should not be loaded. Once a SOA exists, a CNAME cannot coexist.

Dave Warren

-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20160427/ef60985d/attachment.html>

More information about the dns-operations mailing list