<div dir="ltr">Trying again, with the mailing list included this time.<div><br></div><div><span class="im" style="font-size:12.8000001907349px">On Wed, Apr 27, 2016 at 4:56 PM, John Levine <span dir="ltr"><<a href="mailto:johnl@taugh.com" target="_blank">johnl@taugh.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex"><br>That is, the CNAME at the apex is all by itself, pointing at another<br>apex with the right SOA and NS, no glue needed. Is that valid? Why<br>or why not?<br><br></blockquote><div><br></div></span><div style="font-size:12.8000001907349px">It's explicitly invalid per RFC 2181. A zone is required to have SOA and NS records at the apex, and a CNAME record cannot exist at a label where those record types exist.</div><div style="font-size:12.8000001907349px"><br></div><div style="font-size:12.8000001907349px"><a href="https://tools.ietf.org/html/rfc2181#section-6.1" target="_blank">https://tools.ietf.org/html/rfc2181#section-6.1</a><br></div><div style="font-size:12.8000001907349px"><a href="https://tools.ietf.org/html/rfc2181#section-10.1" target="_blank">https://tools.ietf.org/html/rfc2181#section-10.1</a></div></div></div><div class="gmail_extra"><br><div class="gmail_quote">On Wed, Apr 27, 2016 at 4:56 PM, John Levine <span dir="ltr"><<a href="mailto:johnl@taugh.com" target="_blank">johnl@taugh.com</a>></span> wrote:<br><blockquote class="gmail_quote" style="margin:0 0 0 .8ex;border-left:1px #ccc solid;padding-left:1ex"><span class="">>The semantics of "CNAME" are, "the owner name is actually this other<br>
>name". Therefore, to have any other data at the CNAME would be<br>
>absurd.<br>
<br>
</span>OK. How about this?<br>
<br>
--- one zone ---<br>
$ORIGIN foo.example<br>
foo.example. CNAME bar.example.<br>
www A 1.2.3.4<br>
<br>
--- another zone ---<br>
$ORIGIN bar.example<br>
bar.example. SOA ns.provider.example. hostmaster.bar.example. 1776070401 900 604800 7200<br>
NS ns.provider.example.<br>
NS ns2.provider.example.<br>
www A 5.6.7.8<br>
<br>
That is, the CNAME at the apex is all by itself, pointing at another<br>
apex with the right SOA and NS, no glue needed. Is that valid? Why<br>
or why not?<br>
<br>
Signed,<br>
Puzzled<br>
<br>
PS: Personally, I have no idea what the answer is other than I doubt<br>
that the people who write name servers have tested for this case.<br>
<div class="HOEnZb"><div class="h5">_______________________________________________<br>
dns-operations mailing list<br>
<a href="mailto:dns-operations@lists.dns-oarc.net">dns-operations@lists.dns-oarc.net</a><br>
<a href="https://lists.dns-oarc.net/mailman/listinfo/dns-operations
dns-jobs" rel="noreferrer" target="_blank">https://lists.dns-oarc.net/mailman/listinfo/dns-operations<br>
dns-jobs</a> mailing list<br>
<a href="https://lists.dns-oarc.net/mailman/listinfo/dns-jobs" rel="noreferrer" target="_blank">https://lists.dns-oarc.net/mailman/listinfo/dns-jobs</a><br>
</div></div></blockquote></div><br></div>