2

Can I put something like this in my .zone file?

@       IN      CNAME   srvr-01.foo.bar.

Or is that invalid? If it's invalid, how can I redirect visitors from mydomain.com to the server srvr-01.foo.bar? (note that I'm not given the server IP, just the domain, which makes me think it could change randomly)

EDIT: Sorry, my bad. I replaced NS with CNAME, which is what I actually wanted to write.

alexandernst
  • 494
  • 3
  • 7
  • 21
  • 1
    This doesn't make too much sense. What do you want to accomplish and why? – Sven Jun 30 '14 at 08:45
  • 1
    I want to redirect people who try to visit `mydomain.com` to the server `srvr-01.foo.bar` (who's IP I don't know, as it may change at any time). – alexandernst Jun 30 '14 at 08:47

2 Answers2

5

It's illegal by RFC1912:

RFC1912 2.4: "A CNAME record is not allowed to coexist with any other data."

However RFC1034 only states that it "should not" be used. Which to me means that it's technically not illegal (RFC2119). You may use it if your DNS software supports it and you know what you are doing. There are however implementations out in the internet which rely on "CNAME xor other data" (MS Exchange for example).

Short answer: don't.

tim
  • 1,197
  • 3
  • 10
  • 23
  • 2
    It's worth noting that rfc1912 is purely informational (still of interest as more of an opinion). However, [rfc2181 ("Clarifications to the DNS Specification")](http://tools.ietf.org/html/rfc2181#section-10.1) is on the standards track and clearly states that it's not legal. I would consider it a really really bad idea to mix CNAME and other data based on it only being recommended against in a 27 years old standard when the later standard documents state that it's illegal and rely on that being the case. – Håkan Lindqvist Jun 30 '14 at 12:05
5

First of all, it's important to understand what @ means.

@ is a reference to the current origin value. By default the origin is the name of the zone but it can be redefined at any point in the zone file using the $ORIGIN directive (eg $ORIGIN foo.example.com.).

This means that no general statement can be made regarding @ IN CNAME ... as the meaning depends entirely on what the current origin value is.

What can be said is that the legality of adding a CNAME record depends on whether there are other records for that same name. CNAME records are not allowed to coexist with other data.

As a direct result of the above, it's never legal to have a CNAME record at the zone apex as the zone apex will always have at least SOA and NS records.

Håkan Lindqvist
  • 33,741
  • 5
  • 65
  • 90