<div dir="ltr"><div class="gmail_extra"><div class="gmail_quote">On Wed, Apr 27, 2016 at 4:42 PM, Fred Morris <span dir="ltr"><<a href="mailto:m3047@m3047.net" target="_blank">m3047@m3047.net</a>></span> wrote:<blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<br>
To me, this looks like a label which is CNAMED to a zone. What's laid out<br>
seems like the most straightforward way to accomplish this. Paul, what<br>
you're saying seems to be that CNAMEs can't just point to anything:<br>
specifically they can't point to a domain containing NS and SOA records.<br><br></blockquote><div><br></div><div><div style="font-size:12.8000001907349px">That's not what Paul was saying, and no such restriction exists for the target (right hand side) of a CNAME alias.</div><div style="font-size:12.8000001907349px"><br></div><div style="font-size:12.8000001907349px">If John's implication was that the records in the first example are at the top of the zone (which is how Paul and I read it), then it's broken because the SOA and NS records are absent. Even if the SOA and NS records were to be added back in, it becomes a RFC 2181 violation. (CNAME can't share a label with SOA or NS)</div></div><div> </div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left-width:1px;border-left-color:rgb(204,204,204);border-left-style:solid;padding-left:1ex">
<br>
On Wed, 27 Apr 2016, Paul Vixie wrote:<br>
> John Levine wrote:<br>
> > [...]<br>
<span class="im">> > --- one zone ---<br>
> > $ORIGIN foo.example<br>
> > foo.example. CNAME bar.example.<br>
> > www A 1.2.3.4<br>
> ><br>
> > --- another zone ---<br>
> > $ORIGIN bar.example<br>
> > bar.example. SOA ns.provider.example. hostmaster.bar.example. 1776070401 900 604800 7200<br>
> > NS ns.provider.example.<br>
> > NS ns2.provider.example.<br>
> > www A 5.6.7.8<br>
> ><br>
> > That is, the CNAME at the apex is all by itself, pointing at another<br>
> > apex with the right SOA and NS, no glue needed. Is that valid?<br>
><br>
> no.<br>
><br>
> Why<br>
> > or why not?<br>
><br>
> the SOA and an NS RRset are not optional at the apex.<br>
><br>
</span><div class=""><div class="h5">_______________________________________________<br>
dns-operations mailing list<br>
<a href="mailto:dns-operations@lists.dns-oarc.net">dns-operations@lists.dns-oarc.net</a><br>
<a href="https://lists.dns-oarc.net/mailman/listinfo/dns-operations
dns-jobs" rel="noreferrer" target="_blank">https://lists.dns-oarc.net/mailman/listinfo/dns-operations<br>
dns-jobs</a> mailing list<br>
<a href="https://lists.dns-oarc.net/mailman/listinfo/dns-jobs" rel="noreferrer" target="_blank">https://lists.dns-oarc.net/mailman/listinfo/dns-jobs</a><br>
</div></div></blockquote></div><br></div></div>