[dns-operations] Adding CNAME for the root domain issue

John R Levine johnl at taugh.com
Fri Apr 29 17:48:51 UTC 2016

> So in our last installment, it was seen that a CNAME for a "zone apex" looks
> ok (returns SOA, NS, MX, etc) but it doesn't work with subdomains (FQDNs
> under the apex); and DNAME works for stuff under the "apex" but doesn't look
> like a zone.

No, that's backwards.  CNAME at the apex doesn't work because the apex has 
to have NS and SOA records, and getting them indirectly via CNAME doesn't 
count.  CNAME anywhere else works fine so long as you don't try to put 
other records at the same name, and don't expect it to redirect any name 
other than the exact one that has the CNAME.

> (Why am I doing this? Quite frankly although I work with the DNS on a near
> daily basis, DNAMEs seldom if ever come over the transom. How do they work?
> What are they good for? I figure I'm probably not the only one, and I don't
> see them discussed much.)

DNAME does what it does, roughly speaking it redirects all names under the 
name with the DNAME, but not the name itself.  RFC 6672 explains it 
reasonably clearly.  If you're not writing DNSSEC software, you can skim 
the DNSSEC parts.

John Levine, johnl at taugh.com, Taughannock Networks, Trumansburg NY
Please consider the environment before reading this e-mail.

More information about the dns-operations mailing list