Now you CNAME now you can’t

Yesterday at work I had a discussion with one of the guys in charge of our DNS. I asked him to create a CNAME record on one of the domains under our authority, pointing to an external canonical name, but he kindly refused. So I asked whether this was company policy of some kind, as I saw no technical reasons for this not to work, but he answered:

No, the problem is technical; the hostname one points to, has to be managed on the same DNS-platform and this can’t be done in this case as we’re not the SOA for the external domain

So to prove my point (yeah, that’s how I roll) I created a temporary CNAME-record on my own domain, pointing to the external hostname (much the same way is just an alias for but that did not convince my colleague either:

Making a SOA on a server where that isn’t allowed, is not really according to the standards.

As the change was pretty urgent and there weren’t any important downsides, I adapted my change request for the DNS-entry to be created as an A-record. But in the mean time I started reading up on CNAME’s on Wikipedia and glanced over the two relevant RFC’s (RFC 1034 and RFC 2181), but I really can’t find any confirmation of what my (respected) colleague is referring to. But I’m sure there are smarter people reading this here blogpost who might be able to explain what I am obviously missing, no?

7 thoughts on “Now you CNAME now you can’t

  1. JP Mens

    As far as not being allowed to create CNAMES that point anywhere, your colleague is wrong.

    However: what is forbidden is to create a CNAME where other data exists, e.g. at the zone apex (which contains SOA and NS records). In other words CNAME is forbidden. CNAME is permitted providing no other record exists for

    1. frank Post author canonical name = canonical name = canonical name =
      Name: Address:
      Name: Address:
      Name: Address:
      Name: Address:

      wow, that’s surreal!

  2. Wouter Verhelst

    Usually the right response is not to ask the lazyweb blogging about it, but to ask the colleague making the dubious claim to clarify himself by saying “says who?” (possibly in more friendly terms) ;-)

    1. frank Post author

      yeah, pointed out the fact that the RFC didn’t really support his point of view, but he didn’t bother to reply to that part :-)

  3. Niobos

    As already pointed out above, CNAMEs can point anywhere, including non-existant hostnames (in which case they obviously won’t resolve).
    Your colleague might be referring to something related: If a CNAME points to a record under control of the same server, that server will usually include the pointed-to record in the Additional-section of the reply. If the CNAME target is in a different domain however, the additional record will usually be regarded as out-of-bailiwick and ignored by most DNS-clients.


Leave a Reply

Your email address will not be published. Required fields are marked *

This site uses Akismet to reduce spam. Learn how your comment data is processed.