Yesterday at work I had a discussion with one of the guys in charge of our DNS. I asked him to create a CNAME record on one of the domains under our authority, pointing to an external canonical name, but he kindly refused. So I asked whether this was company policy of some kind, as I saw no technical reasons for this not to work, but he answered:
No, the problem is technical; the hostname one points to, has to be managed on the same DNS-platform and this can’t be done in this case as we’re not the SOA for the external domain
So to prove my point (yeah, that’s how I roll) I created a temporary CNAME-record on my own domain, pointing to the external hostname (much the same way static-cdn.futtta.be is just an alias for blog.futtta.netdna-cdn.com) but that did not convince my colleague either:
Making a SOA on a server where that isn’t allowed, is not really according to the standards.
As the change was pretty urgent and there weren’t any important downsides, I adapted my change request for the DNS-entry to be created as an A-record. But in the mean time I started reading up on CNAME’s on Wikipedia and glanced over the two relevant RFC’s (RFC 1034 and RFC 2181), but I really can’t find any confirmation of what my (respected) colleague is referring to. But I’m sure there are smarter people reading this here blogpost who might be able to explain what I am obviously missing, no?
As far as not being allowed to create CNAMES that point anywhere, your colleague is wrong.
However: what is forbidden is to create a CNAME where other data exists, e.g. at the zone apex (which contains SOA and NS records). In other words
example.com. CNAME someplace.other.com. is forbidden.
w3.example.com. CNAME whereever.you.like. is permitted providing no other record exists for w3.example.com.
Thanks JP!
Show your colleague this:
[ dig http://www.flickr.com cname ]
;-)
ww.flickr.com canonical name = geoycpi-uno-deluxe.gycpi.b.yahoodns.net.
geoycpi-uno-deluxe.gycpi.b.yahoodns.net canonical name = geoycpi-uno.gycpi.b.yahoodns.net.
geoycpi-uno.gycpi.b.yahoodns.net canonical name = eu-ycpi-uno.aycpi.b.yahoodns.net.
Name: eu-ycpi-uno.aycpi.b.yahoodns.net Address: 66.196.66.212
Name: eu-ycpi-uno.aycpi.b.yahoodns.net Address: 66.196.66.156
Name: eu-ycpi-uno.aycpi.b.yahoodns.net Address: 66.196.66.157
Name: eu-ycpi-uno.aycpi.b.yahoodns.net Address: 66.196.66.213
wow, that’s surreal!
Usually the right response is not to ask the lazyweb blogging about it, but to ask the colleague making the dubious claim to clarify himself by saying “says who?” (possibly in more friendly terms) ;-)
yeah, pointed out the fact that the RFC didn’t really support his point of view, but he didn’t bother to reply to that part :-)
As already pointed out above, CNAMEs can point anywhere, including non-existant hostnames (in which case they obviously won’t resolve).
Your colleague might be referring to something related: If a CNAME points to a record under control of the same server, that server will usually include the pointed-to record in the Additional-section of the reply. If the CNAME target is in a different domain however, the additional record will usually be regarded as out-of-bailiwick and ignored by most DNS-clients.