The Trouble with CNAME Records
| In Chapter 2 I presented the zone penguin.bv, of which this is a fragment: @ 3600 SOA ns.penguin.bv. hostmaster.penguin.bv. ( 2000041300 ; serial 86400 ; refresh, 24h 7200 ; retry, 2h 3600000 ; expire, 1000h 172800 ; minimum, 2 days ) NS ns NS ns.herring.bv. MX 10 mail MX 20 mail.herring.bv. ; Nameserver ns A 192.168.55.2 ; Mailserver, same machine. mail A 192.168.55.2 MX 10 mail MX 20 mail.herring.bv. HINFO PC Tunes When one host has several names, for whatever reason, CNAME records are often used. Modern BINDs restricts the use of CNAME records quite severely. The restrictions were in the RFCs from the beginning, but it was never enforced. BIND 8 enforces them. The main rule is that a name that has a CNAME record cannot have any other records. Additionally MX, NS, and SOA records cannot point to names that are CNAME records. If a CNAME record had been used for ns above: ns CNAME mail it would have invalidated the SOA and NS records, which both point to ns.penguin.bv. If a CNAME record had been used for mail: mail CNAME ns all the other records for mail would have been invalid. Thus, I used one A record for each instead. There is an option you can set for each zone you have, <tt/multiple-cnames/, if you set it to <tt/yes/ BIND will give you more freedom to use CNAME records. As the BIND documentation says: "Allowing multiple CNAME records is against standards and is not recommended. Multiple CNAME support is available because previous versions of BIND allowed multiple CNAME records, and these records have been used for load balancing by a number of sites." This is a handy option to have in a transitional phase; it allows you to be master or slave server for zones that have not been transitioned to the stricter CNAME rules yet. |
EAN: 2147483647
Pages: 183