[dns-operations] Adding CNAME for the root domain issue

[Andrew Boling]

On Wed, Apr 27, 2016 at 4:42 PM, Fred Morris <m3047 at m3047.net> wrote:
>
>
> To me, this looks like a label which is CNAMED to a zone. What's laid out
> seems like the most straightforward way to accomplish this. Paul, what
> you're saying seems to be that CNAMEs can't just point to anything:
> specifically they can't point to a domain containing NS and SOA records.
>
>
That's not what Paul was saying, and no such restriction exists for the
target (right hand side) of a CNAME alias.

If John's implication was that the records in the first example are at the
top of the zone (which is how Paul and I read it), then it's broken because
the SOA and NS records are absent. Even if the SOA and NS records were to
be added back in, it becomes a RFC 2181 violation. (CNAME can't share a
label with SOA or NS)


>
> On Wed, 27 Apr 2016, Paul Vixie wrote:
> > John Levine wrote:
> > > [...]
> > > --- one zone ---
> > > $ORIGIN foo.example
> > > foo.example. CNAME bar.example.
> > > www A 1.2.3.4
> > >
> > > --- another zone ---
> > > $ORIGIN bar.example
> > > bar.example. SOA ns.provider.example. hostmaster.bar.example.
> 1776070401 900 604800 7200
> > >               NS ns.provider.example.
> > >               NS ns2.provider.example.
> > > www A 5.6.7.8
> > >
> > > That is, the CNAME at the apex is all by itself, pointing at another
> > > apex with the right SOA and NS, no glue needed.  Is that valid?
> >
> > no.
> >
> >    Why
> > > or why not?
> >
> > the SOA and an NS RRset are not optional at the apex.
> >
> _______________________________________________
> dns-operations mailing list
> dns-operations at lists.dns-oarc.net
> https://lists.dns-oarc.net/mailman/listinfo/dns-operations
> dns-jobs mailing list
> https://lists.dns-oarc.net/mailman/listinfo/dns-jobs
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <https://lists.dns-oarc.net/pipermail/dns-operations/attachments/20160427/bcf1d6fe/attachment.html>