[dns-operations] Adding CNAME for the root domain issue

Fred Morris m3047 at m3047.net
Thu Apr 28 15:31:15 UTC 2016 

I thought this would work, too for some reason. But it doesn't. DNAME doesn't 
work either.

CNAME makes the "zone apex" look like a zone, but referrals under it don't 
work. DNAME makes things under the "zone apex" work, but the "apex" itself 
doesn't work.. You can't have both.

Thereby once again illustrating that there's nothing like testing. Various 
tests below...

--

Fred Morris

--

On Wednesday 27 April 2016 12:56, John Levine wrote:
> >The semantics of "CNAME" are, "the owner name is actually this other
> >name".  Therefore, to have any other data at the CNAME would be
> >absurd.
> 
> OK.  How about this?
> 
> --- one zone ---
> $ORIGIN foo.example
> foo.example. CNAME bar.example.
> www A 1.2.3.4
> 
> --- another zone ---
> $ORIGIN bar.example
> bar.example. SOA ns.provider.example. hostmaster.bar.example. 1776070401 900 
604800 7200
>              NS ns.provider.example.
>              NS ns2.provider.example.
> www A 5.6.7.8
> 
> That is, the CNAME at the apex is all by itself, pointing at another
> apex with the right SOA and NS, no glue needed.  Is that valid?  Why
> or why not?

It doesn't work. The CNAME itself will "look fine":

;; QUESTION SECTION:
;foo.m3047.                     IN      SOA

;; ANSWER SECTION:
foo.m3047.              600     IN      CNAME   BAR.m3047.
BAR.m3047.              600     IN      SOA     HERA.m3047. M3047.M3047.NET. 
120417016 600 60 86400 600


;; QUESTION SECTION:
;foo.m3047.                     IN      NS

;; ANSWER SECTION:
foo.m3047.              600     IN      CNAME   BAR.m3047.
BAR.m3047.              412     IN      NS      HERA.m3047.


;; QUESTION SECTION:
;foo.m3047.                     IN      MX

;; ANSWER SECTION:
foo.m3047.              600     IN      CNAME   BAR.m3047.
BAR.m3047.              475     IN      MX      0 FLAME.m3047.


;; QUESTION SECTION:
;foo.m3047.                     IN      A

;; ANSWER SECTION:
foo.m3047.              600     IN      CNAME   BAR.m3047.
BAR.m3047.              600     IN      A       10.0.0.112


But things under the "zone cut" fail referral:

;; QUESTION SECTION:
;x.bar.m3047.                   IN      A

;; ANSWER SECTION:
x.bar.m3047.            600     IN      A       10.0.0.111


;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 44981
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;x.foo.m3047.                   IN      A


Contrast that with DNAME:

;; QUESTION SECTION:
;x.foo.m3047.                   IN      A

;; ANSWER SECTION:
foo.m3047.              600     IN      DNAME   BAR.M3047.
x.foo.m3047.            600     IN      CNAME   x.BAR.M3047.
x.BAR.M3047.            479     IN      A       10.0.0.111


However, the "zone apex" no longer works:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 48570
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;foo.m3047.                     IN      A


;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 32213
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;foo.m3047.                     IN      SOA


;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 31410
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;foo.m3047.                     IN      MX

More information about the dns-operations mailing list