Can a DNS record have a multi-level name? - dns

For a domain example.com, it is normal to have a record as follows:
blog IN CNAME www.example.com
Is this also allowed?
alex.blog IN CNAME www.example.com
Or, is it that there should be an NS record delegating the subdomain blog.example.com that can in turn have a record such as:
alex IN CNAME www.example.com
If it is possible, could someone also point me to an RFC/online-resource where I can read more.

It's absolutely possible, and extremely common in the in-addr.arpa. and ip6.arpa. subtrees. I don't think there's an RFC that discusses it directly, it just falls out naturally from all other rules. You only need the NS and SOA records when delegating control of a subtree to someone else (or yourself, just because you want to treat it as separate).

Related

Can a subdomain have different CNAME records or must the entire domain have the same CNAME?

Like my question asks - should the entire DNS/CNAME be the same for the domain?
Thanks!
Any domain can have its own CNAME record. In most practical situations, the 'main' / apex domain (For example foo.com) can usually not get a CNAME record. But otherwise every CNAME record is for a specific (sub-)domain, and every CNAME record can point to something else.

What is the correct term for apex/naked/bare/root domain names?

When you search term Apex Domains on Google Search, the top page you get is https://help.github.com/en/articles/about-supported-custom-domains, which explains the concept as:
An apex domain is a root domain that does not contain a subdomain part. Apex domains are also known as base, bare, naked, root apex, or zone apex domains. In DNS provider settings apex domains are sometimes symbolized by an # symbol. For example:
example.com is an apex domain because it doesn't have any subdomain
parts.
Whereas www.example.com is not an apex domain because it contains the >
subdomain part www.
This description alone says this concept is also known as
base domains
bare domains
naked domains
root apex domains
zone apex domains
Is there really not a well-recognized and established name for this concept?
If you want to be 100% technically correct, this latest RFC from the IETF does give precise information on all DNS terminology.
https://www.rfc-editor.org/rfc/rfc7719 "DNS Terminology".
Note that this deals with technical terms, not marketing ones.
If you search for apex in it you get:
Apex: The point in the tree at an owner of an SOA and
corresponding
authoritative NS RRset. This is also called the "zone apex".
[RFC4033] defines it as "the name at the child's side of a zone
cut". The "apex" can usefully be thought of as a data-theoretic
description of a tree structure, and "origin" is the name of the
same concept when it is implemented in zone files. The
distinction is not always maintained in use, however, and one can
find uses that conflict subtly with this definition. [RFC1034]
uses the term "top node of the zone" as a synonym of "apex", but
that term is not widely used. These days, the first sense of
"origin" (above) and "apex" are often used interchangeably.
In light of this, github definition is slightly wrong.
example.com is the apex of the zone example.com (because it is delegated from .com, that we know for sure), that has www.example.com in it.
Speaking about domains and subdomains is something opening to many perils, as you can not judge, just by looking at the string, where the zone cuts are, hence where the "subdomain" starts. Examples to study: www.dk, www.minefi.gouv.fr to start with.
Just by looking at www.example.com (without doing any kind of DNS queries) you can not say if www is just a label inside the example.com zone, or if www.example.com is an apex because it has been delegated from example.com.
Of course, one might argue that www gives an hint, but then replace it with admin, and the mystery remains unsolved.

Dynamic subdomain redirection

How do I redirect a dynamic subdomain to the same subdomain on a different domain?
*.example.com to *.example2.com
Can this be handled with Zerigo?
Depending on your exact requirements, you could achieve that with a DNAME record:
For example, you could have the following in your example.com zone file:
example.com. IN DNAME example2.com.
and a pretty standard example2.com zone, you can mostly achieve the effect.
Querying dig www.example.com, you'd get:
example.com. IN DNAME exmaple2.com.
www.example.com. IN CNAME www.exmaple2.com.
However, if you had DNS records that you need directly under either zones, e.g. an A, MX or TXT record, they don't "alias" so you need to store them in both zones.
In any case, DNAME is not supported in most DNS providers (Zerigo included) that only gives you a web interface, so you'd need to run your own DNS server.
In DNS you can not redirect, that is an HTTP function. But what you can do is use CNAMEs. A CNAME take a dns name and under the covers resolves it to another name. For example:
www.example.com resolves to www.example2.com. In the web browser the user will see www.example.com though.
What you will want to do is look into "wilcard CNAME". There is a limitation though. A wildcard CNAME will only point to a single address. This means that:
*.example.com will only ever point to a single address at example.com2 (let's say you pick bang.example2.com)
foo.example.com -> bang.example2.com
bar.example.com -> bang.example2.com
baz.example.com -> bang.example2.com
cux.example.com -> bang.example2.com
It is also important to note that not every DNS provider allows for wildcard CNAMEs. Also, not every DNS server allows wildcard CNAMEs. If you really want to have a wildcard CNAME point to the corresponding entry in example2.com, then you may want to look into powerDNS. It allows for 3rd party plugins written in various languages like lua. It also can be backed by a mysql, postgress, ldap, or a sqlite backed. This means that you can add that functionality yourself if it does not already exist.
Good luck

How do other DNS servers find mine?

I'm trying to learn as much as possible about DNS, and so far I've read most of:
http://www.zytrax.com/books/dns/ch8/soa.html
and all of:
http://computer.howstuffworks.com/dns.htm
I understand that SOA and NS records contain info about the authoritative name server for a domain, but as these are just DNS records, how does the rest of the world even know where to get them?
I assume it starts at the top-level-domain (.COM .NET .ORG, etc) servers. So they must contain a SOA record for my domain? If so, how does that get there? I imagine only registrars like GoDaddy and Network Solutions are able to update those? If they contain a SOA record, why does my DNS server (that I host), need one also? I think there must be something, maybe in the domain registration records (outside of DNS?), that I'm missing.
I think I've got a pretty good understanding of most parts of the DNS system, after reading lots of articles.. but I haven't found any that answer this part, in a way that I understand it.
For example, GoDaddy and Network Solutions both let me change different options (in their web UI) to "host my own DNS server". If these options remove them from the process, so DNS servers never need to query them again, and instead query my server directly (this is what I want, no dependency on GoDaddy/NS)... when I make these changes, what (at the DNS level or otherwise) is GoDaddy/NS doing? Are they asking the top-level-domain servers to update some DNS records for my domain?
Short answer is yes. Godaddy will take care of updating your the TLDs for you. Your other assumptions are also correct except for one small detail...
DNS starts with the "root" domain and then goes to the TLDs (top level domains).
www.somedomain.com. actually brakes down like this:
. The root name servers
com - The TLD name servers
somedomain - Your NS servers
www - The host portion of the dns name.
Setting up your own DNS server is a great way to understand DNS better. Good luck!
So they must contain a SOA record for my domain?
Multiple answers possible, depending on the scenario:
delegated 2nd level:
No; the start of authority of your domain is usually at your level, so the SOA for you.cf is (only) in your nameservers. Same as the SOA for .cf is only in the nameservers of .cf, and not in the root-servers. In case your nameservers are within the same domain (i.e. ns1.you.cf in case of you.cf) then glue records are needed. This means that registry that's operating the TLD's nameservers will insert a A and/or AAAA record with the IP of ns1.you.cf in the TLD zone. Normally you (the registrant) set this in the interface of your registrar.
undelegated 3th level:
No; if your domain was sub.you.cf - but sub.you.cf wasn't delegated (no NS records exist for sub.you.cf) then the SOA is probably at you.cf. Unless...
undelegated 2nd level:
Yes; if you register a domain without having it delegated (no NS records exist for you.cf) then the SOA is at the .cf nameservers. Although most registries run delegation-only zones, some don't. Example: when you use url-fwd'ing in .cf. The SOA then is at the cf level.

Point a main domain using cname

I need to point a domain using a CNAME to another, but I need to point both as the main domain www.
I think that it is not possible with cname. I need to point a domain to other domain like a cname, but also main domain.
How i can do it?
To redirect an entire domain, you actually want to use DNAME instead of CNAME. You can do CNAME records too, but you'd need one CNAME for every equal record, whereas DNAME lets you do just one. DNAME records aren't quite as well supported, however.

Resources