CNAME setup to point to External Domain - BIND9

I need help with the syntax to setup a CNAME that points to an external domain that we are not authoritative for if that makes a difference.

I'm using the explicit $ORIGIN statement.

If I put a period at the end of the name in the left hand column the zone won't load.

But if I leave it off, it loads, but I'm thinking I end up with mydomain.org.mydomain.org and
www.mydomain.org.mydomain.org

And should I comment out the lines for the A records?  

Err Msg:

root@nameserver:/etc/bind# named-checkzone mydomain.org zone-mydomain.org

dns_master_load: zone-mydomain.org:36: mydomain.org: CNAME and other data
dns_master_load: zone-mydomain.org:36: mydomain.org: CNAME and other data
dns_master_load: zone-mydomain.org:36: mydomain.org: CNAME and other data
dns_master_load: zone-mydomain.org:36: mydomain.org: CNAME and other data
zone mydomain.org/IN: loading from master file zone-mydomain.org failed: CNAME and other data
zone mydomain.org/IN: not loaded due to errors.

; NAMED Configuration for www_mydomain_com Domain
 ;
$TTL 6h
$ORIGIN domain_com_
@      IN      SOA      dns_server_domain_org_ postmaster_domain_org_ (
                        2014090902      ; serial
                        3h            ; refresh
                        1h            ; retry
                        1w            ; expire
                        1d )           ; minimum
;
;name servers
;
            IN      NS      dns_server_domain_org_
            IN      NS      ns1_secondarynameservers_net_
            IN      NS      ns2_secondarynameservers_net_
            IN      NS      ns3_secondarynameservers_net_
;
;should I comment out this line?
            IN      A      192_168_1_55
;

            IN      MX 5      mailserver_mydomain_org_
;
;

www            IN      A      192_168_1_55
            

*_www_domain_org_ IN      A      192_168_1_55

;      Aliases

mydomain_org       IN CNAME   vendor_domain_xxx_com_
www_mydomain_org   IN CNAME   vendor_domain_xxx_com_
*_mydomain_org     IN CNAME *_vendor_domain_xxx_com_
*_www_mydomain_org IN CNAME *_vendor_domain_xxx_com_
mobotAsked:
Who is Participating?
I wear a lot of hats...

"The solutions and answers provided on Experts Exchange have been extremely helpful to me over the last few years. I wear a lot of hats - Developer, Database Administrator, Help Desk, etc., so I know a lot of things but not a lot about one thing. Experts Exchange gives me answers from people who do know a lot about one thing, in a easy to use platform." -Todd S.

Kent WSr. Network / Systems AdminCommented:
The period needs to go at the end of the host you are directing the CNAME to.

Lets say I wanted to redirect my www.domain.com to www.google.com

www     IN CNAME    www.google.com.    <PERIOD GOES HERE.

If you are pointing a host via CNAME, you shouldn't have an A record for it.
0
mobotAuthor Commented:
The underscores represent a period.  My apologies for not pointing that out.  I had posted up on another site that didn't accept url's.  And I do understand where the periods go.  What puzzles me is when I put the period at the end of the left hand column the zone don't load.  I have other zones that work just fine that way.

The difference between them and this zone file is were authoritative for all the other domains.  In this instance I'm trying to create a CNAME record that redirects www.mydomain.org to www.vendordomain.com.  And we're not authoritative for www.vendordomain.com.  

So let me ask you, does not being authoritative for the vendor domain matter?  Should I still be able to create that CNAME record anyway and have it work?  Also note I tried it with and without the A record and it didn't make a difference.  When I had the period after .org it always threw that err msg.

My line in the zone file   www.mydomain.org.  IN  CNAME  www.vendordomain.com.

Err msg:
user@nameserver:/etc/bind# named-checkzone mydomain.org zone-mydomain.org

dns_master_load: zone-mydomain.org:36: mydomain.org: CNAME and other data
zone mydomain.org/IN: loading from master file zone-mydomain.org failed: CNAME and other data
zone mydomain.org/IN: not loaded due to errors.
0
Kent WSr. Network / Systems AdminCommented:
In your zone file, if you do NOT place a period after a resource, it WILL append @origin.
A period means DON'T append my origin.  Within your record, you should refrain from explicitly naming your @origin.
So instead of
www.mydomain.org. IN CNAME www.vendorname.com.

Your entries to make this work are -

@origin (assumed to be "mydomain.org".)

www IN CNAME www.vendordomain.com.
 
The ending period if very important here or it will become www.vendordomain.com.mydomain.org

I suspect what may be happening is you have an A record for www, elsewhere, or are cname-ing www to your @origin already.  Any other resource record entries for "www" would make the www CNAME fail.

So, If you already have a
www IN A ip.add.ress
or
www IN CNAME @origin

Then you will have to ditch the www for your new CNAME and use something like
www2 IN CNAME www.vendordomain.com, unless you are good with ditching your other A/CNAME for www.

If you are still getting errors, grab some entries from your /var/log/messages or wherever you have bind dumping logs to.

Probably the most important thing -
You would want the left colum to be www, not "www.mydomain.org."...while it technically may work, you are bypassing what your @origin is there for.
0

Experts Exchange Solution brought to you by

Your issues matter to us.

Facing a tech roadblock? Get the help and guidance you need from experienced professionals who care. Ask your question anytime, anywhere, with no hassle.

Start your 7-day free trial
How do you know if your security is working?

Protecting your business doesn’t have to mean sifting through endless alerts and notifications. With WatchGuard Total Security Suite, you can feel confident that your business is secure, meaning you can get back to the things that have been sitting on your to-do list.

samriCommented:
most of the time i would use;

mynewname.domain.com.  in cname     othername.otherdomain.com.

above comment from mugojava seems very comprehensive.
0
gheistCommented:
CNAME is not very stable. Especially RFCs say it should be cached forever, so indeed you will berak your nameservers in same domain. Also with mail server CNAME does not work at all.

You need to move e.g. your website and change DNS to new parent etc...
0
Kent WSr. Network / Systems AdminCommented:
That is not correct. It causes two lookups, but that's the only issue. It's just like any other resource record, TTL is how you set cache times. TTL can also be see per record.

CNAME records don't have anything special that cause them to cache longer than other record types,other than not understanding the cache time is ALSO on the corresponding A record or external host you are sending it to.  If you have a certain time you want on TTL, set it on the A record also.

In OPs case, I don't think he can control the external FQDN he's sending the www to.  So no way he can really control the final destination's A record.
That also doesn't really matter unless the endpoint changes their IP address.
0
gheistCommented:
If your DNS server is in the domain you "redirect" with cname you wipe yourself off internet fairly quickly...
0
Kent WSr. Network / Systems AdminCommented:
I'm not even sure what that means.  Got documentation to back that up?
I've never had a problem in over 20 years of admining Bind.
0
gheistCommented:
RFC 1912 to start with
0
Kent WSr. Network / Systems AdminCommented:
I know that RFC.  What section exactly applies to what OP is trying to accomplish?

Define "wipe yourself off the internet"?  How, exactly?

While CNAMES are not the best way to do things, sometimes they are required to meet an end goal.

Do you realize how many "non SOA" servers have CNAMES to Google apps resources?  Millions, if not more, I would assume.

CNAME is much more "polite" than setting up a non-SOA A record to an IP.  In many instances, that won't even work if, say, the web server is using name-based vhosts (which most are).
0
gheistCommented:
2.4 says CNAMES can work only for individual A records and nothing else.
0
Kent WSr. Network / Systems AdminCommented:
Your interpenetration of that section is incorrect.  You are confusing "should not co-exist" and actually stating the reverse of what that section outlines.  If the resource you are CNAME-ing is in your SOA, that may be somewhat correct, but OP is just redirecting to an external domain.  It works, and works well, as most any Google Apps for Business user can tell you.

And I'll stop there, because this is just getting silly.
0
gheistCommented:
Well, i hope one day you learn how your theory "works"
0
Kent WSr. Network / Systems AdminCommented:
My "theory" has been working just fine for every corporate email I've setup with Gmail for biz.

I won't respond further to you.

Thanks
0
gheistCommented:
So can you write a new RFC explaining that old standards-compliant behaviour asker is getting should be "fixed" somehow...
0
mobotAuthor Commented:
Many thanks, truncating www.mydomain.org to just www solved the problem just as you pointed out.  These two links were also helpful.  I'm passing these along and hope they help out someone else.

http://www.zytrax.com/books/dns/ch8/cname.html
http://www.zytrax.com/books/dns/apa/dot.html
0
It's more than this solution.Get answers and train to solve all your tech problems - anytime, anywhere.Try it for free Edge Out The Competitionfor your dream job with proven skills and certifications.Get started today Stand Outas the employee with proven skills.Start learning today for free Move Your Career Forwardwith certification training in the latest technologies.Start your trial today
Linux Networking

From novice to tech pro — start learning today.

Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.