DNS hostnames with a duplicate CNAME and A record - which should be removed?

Landon Stewart lstewart at superb.net
Wed Oct 17 19:25:49 UTC 2012


Hi Y'all Nanogites,

We are changing over to PowerDNS from djbdns (tinydns) and I'm taking this
opportunity to fix as much of our zone data as we can.  Under tinydns
things work fine despite these errors because tinydns lets you get away
with stuff like this and still responds even though a zone might
technically be broken because of it.

The problem is that we have some zones that have records with the same
hostname that have both a CNAME as well as an A record, MX record, SOA
record and/or NS record.  Is there an easy answer for what should be
removed?  I'm inclined to say that the CNAME should be removed in all these
cases but I can't find any definitive information on this and after doing
some tests it doesn't always seem straightforward.

I've been reading various sites and information including RFC 1034 but
it's difficult to decide what to do when it's already an issue.  For
example in RFC 1034 section 3.6.2 the use of CNAME's with NS and MX records
is not permitted but other research shows this is widely used even though
its technically invalid.  IMHO it should have never happened in the first
place (where an A record already exists a CNAME should not have been
allowed to get added for example) but what can be done now that it's
already an issue?

In the case of the A,NS,MX,SOA and CNAME duplicates an example of how our
old/current name server's responses are:
(*note: not all of this is real data, customer zones have been obfuscated)*
*
*
# dig @ns1.superb.net +nocmd mail.customerzone.com A +noques +answer
;; ANSWER SECTION:
mail.customerzone.com. 14342 IN CNAME mail.superb.net.
mail.customerzone.com. 86342 IN A xx.xx.246.9

# dig @ns1.superb.net +nocmd superbcolo.biz NS +noques +answer
;; ANSWER SECTION:
superbcolo.biz. 86400 IN NS ns1.superb.net.
superbcolo.biz. 86400 IN NS ns2.superb.net.
superbcolo.biz. 86400 IN NS ns3.superb.net.
superbcolo.biz. 86400 IN CNAME superbenterprise.net.

# dig @ns1.superb.net +nocmd superbcolo.biz mx +noques +answer
;; ANSWER SECTION:
superbcolo.biz. 86400 IN MX 10 superbcolo.biz.
superbcolo.biz. 86400 IN CNAME superbenterprise.net.

 dig @ns1.superb.net +nocmd customerzone2.com SOA +noques +answer
;; ANSWER SECTION:
customerzone2.com. 86400 IN CNAME superbenterprise.net.
customerzone2.com. 86400 IN SOA ns1.superb.net. hostmaster.superb.net.
1350501302 0 0 0 0

Should the CNAME just get nuked in all of these cases?

-- 
Landon Stewart <LStewart at Superb.Net>
Sr. Administrator
Systems Engineering
Superb Internet Corp - 888-354-6128 x 4199
Web hosting and more "Ahead of the Rest": http://www.superbhosting.net


More information about the NANOG mailing list