I'm sure this has been documented _somewhere_ but i've been unable to
find this, and every one i have talked to about has told me they just
use a wildcard, but this would also break some of my sites.
I want to point mirrorhosts.com to shared002.accesshost.us, and this
worked fine in nsd2, but after upgrading to nsd3 i get this error:
primary/vmp/mirrorhosts.com:15: error: CNAME and other data at the same name
if i was to use a wildcard such as:
* IN CNAME shared002.accesshost.us.
i would be unable to point example.com at shared002.accesshost.us. and
non explicitly specified names at shared003.accesshost.us
this is my current zone file for mirrorhosts.com:
$TTL 3600 ;authoritative data for mirrorhosts.com
@ IN SOA ns.o-line.net. hostmaster.o-line.net. (
2010041401 ;Serial Number: YYYYMMDDxx
3600 ;Refresh time
600 ;Retry Time
3600 ;Time
600 ;Minimum TTL
)
IN NS ns1.accesshost.us.
IN NS ns2.accesshost.us.
IN NS ns3.accesshost.us.
IN MX 10 shared001.accesshost.us.
IN CNAME shared002.accesshost.us.
www IN CNAME shared002.accesshost.us.
webmail IN CNAME shared001.accesshost.us.
master IN A 208.94.246.114
;nodes
dist001 IN A 66.90.110.163
dist002 IN A 208.53.136.68
I'm sure this has been documented _somewhere_ but i've been unable to
"If a CNAME RR is present at a node, no other data should be
present; this ensures that the data for a canonical name and its aliases
cannot be different. This rule also insures that a cached CNAME can be
used without checking with an authoritative server for other RR types."
RFC1034, section 3.6.2. What you are trying to do is illegal, and has
been so as long as DNS has existed.
What're you're trying to do is not allowed by the DNS protocol. When you
define a CNAME record for a name, you're aliasing that name to another
name. Since you're aliasing it, you can't also have other data for that
name.
If an organization with domain name FROBOZZ.EXAMPLE became part of an
organization with domain name ACME.EXAMPLE, it might ease transition
by placing information such as this in its old zone.
Is there any way to tell nsd that i dont care about section 3.6.2 of
the RFC and to do what i say?
while technically wrong, it's worked as intended on many of my domains...
and it really simplifies moving a node from one DC to another...
What you want is indeed not allowed, specifically this one line in the
zonefile:
@ IN CNAME bla.bla.bla
You could comment that one line and keep the other CNAMEs below the zone
apex.
If you really want NSD to ignore section 3.6.2, use the attached patch.
I have not tested the patch, but in code it looks like it may do what
you want (return positive answers and otherwise the CNAME).
Is there any way to tell nsd that i dont care about section 3.6.2 of
the RFC and to do what i say?
If the parent zone is DNSSEC-signed, this will break resolution of
your zone by some resolvers. (It might even do so without DNSSEC, but
I haven't tried very hard.)
