15

I need to create an NS record for a domain that is a CNAME, for the purpose of having two domains pointed at one IP, and not having to maintain the current IP address in two different places.

The DNS provider for this domain is DynDNS, but they block this operation:

CNAME cannot be created with label that is equal to zone name

I can do this with another domain whose DNS is served by 1and1:

root@srv-ubuntu:~# dig myseconddomain.co.uk

; <<>> DiG 9.4.2-P1 <<>> myseconddomain.co.uk
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 61795
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:
;myseconddomain.co.uk.             IN      A

;; ANSWER SECTION:
myseconddomain.co.uk.      71605   IN      CNAME   myfirstdomain.co.uk.
myfirstdomain.co.uk.     59      IN      A       www.xxx.yyy.zzz

;; Query time: 298 msec
;; SERVER: 10.0.0.10#53(10.0.0.10)
;; WHEN: Tue Aug 18 14:17:26 2009
;; MSG SIZE  rcvd: 78

Is this a breach of the RFCs or does DynDNS have a legitimate reason for blocking this action?

Followup Thanks to the two answers already posted I now know that 1and1 IS breaching RFCs to do this. However it does work and they seem to support it. For a company that hosts so many domains it seems very odd that they get away with doing this on such a massive scale without objection.

More followup

The output of "dig myseconddomain.co.uk ns" as requested.

root@srv-ubuntu:~# dig myseconddomain.co.uk ns

; <<>> DiG 9.4.2-P1 <<>> myseconddomain.co.uk ns
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 18085
;; flags: qr rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 0, ADDITIONAL: 2

;; QUESTION SECTION:
; myseconddomain.co.uk.             IN      NS

;; ANSWER SECTION:
myseconddomain.co.uk.      4798    IN      NS      ns67.1and1.co.uk.
myseconddomain.co.uk.      4798    IN      NS      ns68.1and1.co.uk.

;; ADDITIONAL SECTION:
ns67.1and1.co.uk.       78798   IN      A       195.20.224.201
ns68.1and1.co.uk.       86400   IN      A       212.227.123.89

;; Query time: 59 msec
;; SERVER: 10.0.0.10#53(10.0.0.10)
;; WHEN: Wed Aug 19 12:54:58 2009
;; MSG SIZE  rcvd: 111
tomfanning
  • 3,308
  • 6
  • 33
  • 34

5 Answers5

23

Correct, it is a breach of RFC 1034, section 3.6.2, paragraph 3:

... If a CNAME RR is present at a node, no other data should be present; this ensures that the data for a canonical name and its aliases cannot be different. ...

This applies here because the root of your zone must also have SOA and NS records.

James Sneeringer
  • 6,755
  • 23
  • 27
  • This answers the original question, so thanks for that. I would appreciate any insight you have on the followup I posted in the question. – tomfanning Aug 18 '09 at 14:13
  • It would be possible for your domain to have a CNAME record if the provider can accommodate entering the CNAME into the parent zone, and not its own zone, although it would not have its own SOA or NS records in that case. – mark4o Aug 18 '09 at 14:26
  • Is that what you see in the "dig" query I made in the question? (I'm no DNS expert, just enough to get by...) – tomfanning Aug 18 '09 at 14:37
  • That dig query does not request SOA or NS records. Try: dig myseconddomain.co.uk ns – mark4o Aug 18 '09 at 14:58
  • I have updated my answer with the results from your query. – tomfanning Aug 19 '09 at 11:56
  • According to those results they have both a CNAME and NS records for the same domain name. That is an RFC violation, as James said. Probably the software that the provider uses doesn't care, but it still could cause issues for you or other users of your domain, such as inconsistent cached data. – mark4o Aug 19 '09 at 19:39
  • Then we seem to discovered a widespread systematic RFC violation by 1and1. Somehow I'm not surprised. – tomfanning Aug 20 '09 at 09:02
  • Well, you are the one that configured it to violate the RFC; they just didn't stop you, probably because it does not cause problems with their own software. Similarly, if you have invalid HTML on your web page then it is your problem; it is not the fault of your hosting provider for allowing you to put invalid HTML on their server. – mark4o Aug 20 '09 at 16:29
  • Surely their web interface should block this pretty obvious breach. It is not necessarily for me to know, from a user perspective, that this is causing potential problems further down the line. DynDNS manages to block this condition just fine... – tomfanning Aug 25 '09 at 14:52
1

Use the DynDNS WebHop service. This is free for their DNS customers.

It allows you to redirect traffic for the second domain to the first one, and not break any RFCs.

The redirect is a 302 (temporary) one, so it may harm some search engine rankings. (I suspect this could also be a problem with CNAME records.) See the above link for more information.

Nate
  • 2,316
  • 4
  • 21
  • 24
  • Nice suggestion, but not good here because I want http://www.myfirstdomain.com/folder/file.htm and http://www.myseconddomain.com/folder/file.htm to both work. – tomfanning Aug 19 '09 at 14:59
  • It redirects the full URL. In other words, yes, it would do that. – Nate Aug 19 '09 at 15:42
0

The cname would be invalid and can cause problems down the road. The work around is to use the apache alias or rewrite modules to redirect the traffic. Check out this post explaining how to do this in apache. Migrating one domain to another

0

Yes, there is breach on the RFC for that. Check this explanation . I think is possible but not fully compliant with the RFC.

hdanniel
  • 4,253
  • 22
  • 25
0

Yes, it does normally break the DNS standard when creating a CNAME record at the root/apex, however some DNS providers have implemented workarounds:

  • Cloudflare provide excellent free DNS hosting with a feature called "CNAME Flattening" whereby you can add a CNAME at the root of your zone but Cloudflare servers will actually return the resolved A/AAAA records to queries, thereby not breaking the standard
  • DNSMadeEasy also offer a similar thing, referred to as "ANAME" records
  • DNSimple also offer this via "ALIAS" records
  • easyDNS also offers ANAME records
  • PointDNS also offers ALIAS records

I'm a happy Cloudflare customer, and have found their solution to work really well.

Simon East
  • 1,484
  • 1
  • 14
  • 18