?
Solved

CNAME setup to point to External Domain - BIND9

Posted on 2014-09-11
16
Medium Priority
?
4,818 Views
Last Modified: 2014-09-12
I need help with the syntax to setup a CNAME that points to an external domain that we are not authoritative for if that makes a difference.

I'm using the explicit $ORIGIN statement.

If I put a period at the end of the name in the left hand column the zone won't load.

But if I leave it off, it loads, but I'm thinking I end up with mydomain.org.mydomain.org and
www.mydomain.org.mydomain.org

And should I comment out the lines for the A records?  

Err Msg:

root@nameserver:/etc/bind# named-checkzone mydomain.org zone-mydomain.org

dns_master_load: zone-mydomain.org:36: mydomain.org: CNAME and other data
dns_master_load: zone-mydomain.org:36: mydomain.org: CNAME and other data
dns_master_load: zone-mydomain.org:36: mydomain.org: CNAME and other data
dns_master_load: zone-mydomain.org:36: mydomain.org: CNAME and other data
zone mydomain.org/IN: loading from master file zone-mydomain.org failed: CNAME and other data
zone mydomain.org/IN: not loaded due to errors.

; NAMED Configuration for www_mydomain_com Domain
 ;
$TTL 6h
$ORIGIN domain_com_
@      IN      SOA      dns_server_domain_org_ postmaster_domain_org_ (
                        2014090902      ; serial
                        3h            ; refresh
                        1h            ; retry
                        1w            ; expire
                        1d )           ; minimum
;
;name servers
;
            IN      NS      dns_server_domain_org_
            IN      NS      ns1_secondarynameservers_net_
            IN      NS      ns2_secondarynameservers_net_
            IN      NS      ns3_secondarynameservers_net_
;
;should I comment out this line?
            IN      A      192_168_1_55
;

            IN      MX 5      mailserver_mydomain_org_
;
;

www            IN      A      192_168_1_55
            

*_www_domain_org_ IN      A      192_168_1_55

;      Aliases

mydomain_org       IN CNAME   vendor_domain_xxx_com_
www_mydomain_org   IN CNAME   vendor_domain_xxx_com_
*_mydomain_org     IN CNAME *_vendor_domain_xxx_com_
*_www_mydomain_org IN CNAME *_vendor_domain_xxx_com_
0
Comment
Question by:mobot
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 7
  • 6
  • 2
  • +1
16 Comments
 
LVL 12

Expert Comment

by:Kent W
ID: 40317906
The period needs to go at the end of the host you are directing the CNAME to.

Lets say I wanted to redirect my www.domain.com to www.google.com

www     IN CNAME    www.google.com.    <PERIOD GOES HERE.

If you are pointing a host via CNAME, you shouldn't have an A record for it.
0
 

Author Comment

by:mobot
ID: 40318063
The underscores represent a period.  My apologies for not pointing that out.  I had posted up on another site that didn't accept url's.  And I do understand where the periods go.  What puzzles me is when I put the period at the end of the left hand column the zone don't load.  I have other zones that work just fine that way.

The difference between them and this zone file is were authoritative for all the other domains.  In this instance I'm trying to create a CNAME record that redirects www.mydomain.org to www.vendordomain.com.  And we're not authoritative for www.vendordomain.com.  

So let me ask you, does not being authoritative for the vendor domain matter?  Should I still be able to create that CNAME record anyway and have it work?  Also note I tried it with and without the A record and it didn't make a difference.  When I had the period after .org it always threw that err msg.

My line in the zone file   www.mydomain.org.  IN  CNAME  www.vendordomain.com.

Err msg:
user@nameserver:/etc/bind# named-checkzone mydomain.org zone-mydomain.org

dns_master_load: zone-mydomain.org:36: mydomain.org: CNAME and other data
zone mydomain.org/IN: loading from master file zone-mydomain.org failed: CNAME and other data
zone mydomain.org/IN: not loaded due to errors.
0
 
LVL 12

Accepted Solution

by:
Kent W earned 2000 total points
ID: 40318228
In your zone file, if you do NOT place a period after a resource, it WILL append @origin.
A period means DON'T append my origin.  Within your record, you should refrain from explicitly naming your @origin.
So instead of
www.mydomain.org. IN CNAME www.vendorname.com.

Your entries to make this work are -

@origin (assumed to be "mydomain.org".)

www IN CNAME www.vendordomain.com.
 
The ending period if very important here or it will become www.vendordomain.com.mydomain.org

I suspect what may be happening is you have an A record for www, elsewhere, or are cname-ing www to your @origin already.  Any other resource record entries for "www" would make the www CNAME fail.

So, If you already have a
www IN A ip.add.ress
or
www IN CNAME @origin

Then you will have to ditch the www for your new CNAME and use something like
www2 IN CNAME www.vendordomain.com, unless you are good with ditching your other A/CNAME for www.

If you are still getting errors, grab some entries from your /var/log/messages or wherever you have bind dumping logs to.

Probably the most important thing -
You would want the left colum to be www, not "www.mydomain.org."...while it technically may work, you are bypassing what your @origin is there for.
0
Optimum High-Definition Video Viewing and Control

The ATEN VM0404HA 4x4 4K HDMI Matrix Switch supports 4K resolutions of UHD (3840 x 2160) and DCI (4096 x 2160) with refresh rates of 30 Hz (4:4:4) and 60 Hz (4:2:0). It is ideal for applications where the routing of 4K digital signals is required.

 
LVL 15

Expert Comment

by:samri
ID: 40318583
most of the time i would use;

mynewname.domain.com.  in cname     othername.otherdomain.com.

above comment from mugojava seems very comprehensive.
0
 
LVL 62

Expert Comment

by:gheist
ID: 40318687
CNAME is not very stable. Especially RFCs say it should be cached forever, so indeed you will berak your nameservers in same domain. Also with mail server CNAME does not work at all.

You need to move e.g. your website and change DNS to new parent etc...
0
 
LVL 12

Expert Comment

by:Kent W
ID: 40319418
That is not correct. It causes two lookups, but that's the only issue. It's just like any other resource record, TTL is how you set cache times. TTL can also be see per record.

CNAME records don't have anything special that cause them to cache longer than other record types,other than not understanding the cache time is ALSO on the corresponding A record or external host you are sending it to.  If you have a certain time you want on TTL, set it on the A record also.

In OPs case, I don't think he can control the external FQDN he's sending the www to.  So no way he can really control the final destination's A record.
That also doesn't really matter unless the endpoint changes their IP address.
0
 
LVL 62

Expert Comment

by:gheist
ID: 40319465
If your DNS server is in the domain you "redirect" with cname you wipe yourself off internet fairly quickly...
0
 
LVL 12

Expert Comment

by:Kent W
ID: 40319707
I'm not even sure what that means.  Got documentation to back that up?
I've never had a problem in over 20 years of admining Bind.
0
 
LVL 62

Expert Comment

by:gheist
ID: 40319753
RFC 1912 to start with
0
 
LVL 12

Expert Comment

by:Kent W
ID: 40319768
I know that RFC.  What section exactly applies to what OP is trying to accomplish?

Define "wipe yourself off the internet"?  How, exactly?

While CNAMES are not the best way to do things, sometimes they are required to meet an end goal.

Do you realize how many "non SOA" servers have CNAMES to Google apps resources?  Millions, if not more, I would assume.

CNAME is much more "polite" than setting up a non-SOA A record to an IP.  In many instances, that won't even work if, say, the web server is using name-based vhosts (which most are).
0
 
LVL 62

Expert Comment

by:gheist
ID: 40319852
2.4 says CNAMES can work only for individual A records and nothing else.
0
 
LVL 12

Expert Comment

by:Kent W
ID: 40319878
Your interpenetration of that section is incorrect.  You are confusing "should not co-exist" and actually stating the reverse of what that section outlines.  If the resource you are CNAME-ing is in your SOA, that may be somewhat correct, but OP is just redirecting to an external domain.  It works, and works well, as most any Google Apps for Business user can tell you.

And I'll stop there, because this is just getting silly.
0
 
LVL 62

Expert Comment

by:gheist
ID: 40319910
Well, i hope one day you learn how your theory "works"
0
 
LVL 12

Expert Comment

by:Kent W
ID: 40319919
My "theory" has been working just fine for every corporate email I've setup with Gmail for biz.

I won't respond further to you.

Thanks
0
 
LVL 62

Expert Comment

by:gheist
ID: 40319964
So can you write a new RFC explaining that old standards-compliant behaviour asker is getting should be "fixed" somehow...
0
 

Author Closing Comment

by:mobot
ID: 40320054
Many thanks, truncating www.mydomain.org to just www solved the problem just as you pointed out.  These two links were also helpful.  I'm passing these along and hope they help out someone else.

http://www.zytrax.com/books/dns/ch8/cname.html
http://www.zytrax.com/books/dns/apa/dot.html
0

Featured Post

Create the perfect environment for any meeting

You might have a modern environment with all sorts of high-tech equipment, but what makes it worthwhile is how you seamlessly bring together the presentation with audio, video and lighting. The ATEN Control System provides integrated control and system automation.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction We as admins face situation where we need to redirect websites to another. This may be required as a part of an upgrade keeping the old URL but website should be served from new URL. This document would brief you on different ways ca…
Resolve DNS query failed errors for Exchange
Learn how to find files with the shell using the find and locate commands. Use locate to find a needle in a haystack.: With locate, check if the file still exists.: Use find to get the actual location of the file.:
This demo shows you how to set up the containerized NetScaler CPX with NetScaler Management and Analytics System in a non-routable Mesos/Marathon environment for use with Micro-Services applications.
Suggested Courses
Course of the Month10 days, 4 hours left to enroll

762 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question