CNAME from another zone

Mohammad_H_Al_Shami · March 10, 2009, 3:31pm

Hi guys,

I've been using NSD for about a year now and I love it. But I've been facing something strange for a while now and thought I should share.

I have a mailman server hosting around 40 mailing lists using different domain names. The thing is, I'd like to use an A record for the primary host name and use CNAME records for the other domains. Lets say my server was lists.domain.tld, and I want to have another host name lists.domain2.tld. Having

lists.domain2.tld. 3600 IN CNAME lists.domain.tld.

Will generate the following error:

CNAME and other data at the same name

I've googled for this error but to no avail. any ideas? BTW both domain.tld and domain2.tld are hosted on my server.

Thanks,
Mohammad

Ondrej_Sury · March 10, 2009, 4:06pm

You have other RR (including double CNAME) with same owner (ie. name
lists) in the zone file for domain2.tld

But being crypting and trying to hide real names doesn't really help
debugging your problem

Ondrej

Mohammad_H_Al_Shami · March 10, 2009, 4:17pm

Hi,

Thanks for you prompt response.

Well I wasn't being cryptic, I just wrote an example from my mind. DNS as you know is a public database :). Anyways, here is a complete zone file.

$TTL 86400
@ IN SOA ns1.tagidomains.com. mail.tagidomains.com. (
        2009031001 ; Serial YYYYMMDDnn
        16384 ; Refresh
        2048 ; Retry
        1048576 ; Expire
        2560) ; Minimum
autodiscover.tag-legal.com. 3600 IN A 89.28.217.25
www.tag-legal.com. 3600 IN A 89.28.217.117
demo.tag-legal.com. 3600 IN A 89.28.217.116
tag-legal.com. 3600 IN A 89.28.217.117
lists.tag-legal.com. 3600 IN CNAME lists.tagorg.com.
lists.tag-legal.com. 3600 IN MX 10 mx1.tagorg.com.
lists.tag-legal.com. 3600 IN MX 10 mx2.tagorg.com.
lists.tag-legal.com. 3600 IN MX 20 mx3.tagorg.com.
tag-legal.com. 3600 IN MX 10 mx2.tagorg.com.
lists.tag-legal.com. 3600 IN MX 20 mx4.tagorg.com.
tag-legal.com. 3600 IN MX 10 mx1.tagorg.com.
tag-legal.com. 3600 IN MX 20 mx4.tagorg.com.
tag-legal.com. 3600 IN MX 20 mx3.tagorg.com.
tag-legal.com. 3600 IN NS ns3.tagidomains.com.
tag-legal.com. 3600 IN NS ns1.tagidomains.com.
tag-legal.com. 3600 IN NS ns2.tagidomains.com.

Where lists.tagorg.com is the primary hostname of my mailman server.

The system consists of a patched version of VegaDNS running on MySQL with a perl backend that generates all the zone files, then checks them with zonec and compiles the NSD database.

Thanks again,
Mohammad

Niall_Donegan · March 10, 2009, 4:28pm

Hi Mohammad,

Have a look at http://www.faqs.org/rfcs/rfc1912.html Section 2.4. A
CNAME can't co-exist with other data. So if you take out the MX record
for lists.tag-legal.com. you should be good to go.

The resolver will then see that lists.tag-legal.com. is pointing at
lists.tagorg.com. and check the MX records on lists.tagorg.com.

Niall.

Mohammad H. Al Shami wrote:

Mohammad_H_Al_Shami · March 10, 2009, 6:39pm

Thanks Niall,

The file I sent was the zone with the A record for lists.tagorg.com replaced with a CNAME record. I admit I overlooked that when I did the testing. But I'm also facing this issue in a different place, which basically got me to email the list. We have about 40 domains pointing to the same web server as tagorg.com. A zone file like the one below won't work.

$TTL 86400
@ IN SOA ns1.tagidomains.com. mail.tagidomains.com. (
        2008081100 ; Serial YYYYMMDDnn
        16384 ; Refresh
        2048 ; Retry
        1048576 ; Expire
        2560) ; Minimum

3600 IN CNAME tagorg.com.

It is really annoying to have to edit all of those when we relocate our sites (which surprisingly, happened very recently when we changed our ISP)

If I use "www 3600 IN CNAME tagorg.com." it works properly.

Thanks again

Stephane_Bortzmeyer · March 11, 2009, 8:07am

a message of 122 lines which said:

A zone file like the one below won't work.

Yes, same error, "CNAME with other data".

@ IN SOA ns1.tagidomains.com. mail.tagidomains.com. (
        2008081100 ; Serial YYYYMMDDnn
        16384 ; Refresh
        2048 ; Retry
        1048576 ; Expire
        2560) ; Minimum

        3600 IN CNAME tagorg.com.

@ (the current domain name) has both a SOA and a
CNAME. Illegal. Either it is an alias (it is the left-hand-side of a
CNAME) or it is a real domain with its own data.

It is really annoying to have to edit all of those when we relocate
our sites

It has always been illegal. You should have checked your configuration
before.

http://www.zonecheck.fr/

Mohammad_H_Al_Shami · March 11, 2009, 9:07am

Thanks Stephane,

My current configuration is working properly. The thing is I'm trying to understand why this is happening.

If I remove the SOA record still the same result. If I understood correctly, I can't add a CNAME record for the domain itself, tagiti.com in this case, but I can do www, ftp, ... etc.

Right?

Regards,
Mohammad H. Al-Shami

Matthijs_Mekking · March 11, 2009, 9:23am

Hi Mohammad,

If you remove the SOA from the zonefile below, you'll probably get an
'RR before SOA skipped' error.

Mohammad H. Al-Shami wrote:

Thanks Stephane,

My current configuration is working properly. The thing is I'm trying to understand why this is happening.

If I remove the SOA record still the same result. If I understood correctly, I can't add a CNAME record for the domain itself, tagiti.com in this case, but I can do www, ftp, ... etc.

That's correct. Because of the SOA record, you can't put a CNAME record
for the domain name of the zone. For every other domain in the zone, you
may add exactly one CNAME record. There may be no other records at that
domain, except DNSSEC related records.

Regards,

Matthijs Mekking
NLnet Labs