Discussion:
rejected due to CNAME and OTHER data error
Hostmaster
2001-06-21 14:24:53 UTC
Permalink
Where is your A record that corresponds with your CNAME?
David R. Kirk
2001-06-21 14:48:50 UTC
Permalink
BIND 8.2.3 will not allow you to CNAME the domain. You have a CNAME record for the domain miabdo.de that
points to miabdo.dydns.org; you also have additional records set up for a record that you have
(incorrectly) CNAMEd.

The errors are correct - you need to decide what you are doing with this zone, as the zone data that you
have included below contradicts many BIND rules that BIND 8.2.3 enforces very strictly, and it's not clear
what you are trying to do with that zone at all.
Hello,
I'm running bind 8.2.3 and I've got a problem with some CNAME-Records.
However, I don't have problems with some CNAME-Records in most other
zones.
Jun 21 15:15:05 vm3 named[3605]: miabdo.de has CNAME and other data (invalid)
Jun 21 15:15:05 vm3 named[3605]: de/miabdo.zone:9:miabdo.de: CNAME and OTHER data error
Jun 21 15:15:05 vm3 named[3605]: master zone "miabdo.de" (IN) rejected due to errors (serial 2001062160)
Altough, I can't find any mistakes in the following zone, or could it
have to do with the order of the entries?
$TTL 1D
@ IN SOA ns.cnm.de. hostmaster.variomedia.de. (
2001062160 ;
8H ;
2H ;
1W ;
1D )
test IN A 212.84.253.6
miabdo.de. IN CNAME miabdo.dydns.org.
www.miabdo.de. IN CNAME miabdo.dydns.org.
miabdo.de. IN MX 10 mail.variomedia.de.
* IN MX 10 mail.variomedia.de.
miabdo.de. IN NS ns2.cnm.de.
miabdo.de. IN NS ns.cnm.de.
Regards,
Marten Lehmann
David R. Kirk
2001-06-21 15:30:27 UTC
Permalink
Post by David R. Kirk
The errors are correct - you need to decide what you are doing with
this zone, as the zone data that you have included below contradicts
many BIND rules that BIND 8.2.3 enforces very strictly, and it's not
clear what you are trying to do with that zone at all.
I still don't understand, what's wrong with it? It's not one zone just
for testing, it's one of some thousand zones mainly for .de-domains.
Most presences are hosted at our servers, so we don't need CNAMEs. But
some customer want to use the services of dyndns.org, so one or more
subdomains are CNAMEed to the correspondig subdomain of dyndns.org.
OK ... the zone you presented is miabdo.de, as far as I can tell.

The first error that the system should be seeing is that a CNAME record has
been set up for the domain itself; BIND 8.2.3 does not allow this. You'd
have to use an A record here, and not a CNAME.

The other errors are due to the fact that once you have set up a CNAME
record for a host, NO OTHER RRs can be set for that host. Once you CNAMEd
the domain miabdo.de, all of the other records (the NS records, the MX
records, etc.) are nullified.

That's the source of your errors. Now, on to your other question ...
So, if someone resolves the domain name, it will resolv first .de at the
root-nameservers, miabdo.de at dns.denic.de, and then ns.cnm.de, looking
for an a or cname-Record. While it's working the same way with
subdomains e.g. config.variomedia.de CNAMEed to vm2.variomedia.de,
what's the problem with miabdo.de to miabdo.dyndns.org? Because it
CNAMEs to an external source? How else can I configure the above
described requirements?
BIND 8.2.3 explicitly denies the condition that you are trying to employ - a
CNAME should not be set up for the domain itself, because in doing so, it
nullifies all other resource records that are set up against it. It has
never been correct, BIND 8.2.3 simply did the right thing in rejecting the
zone instead of allowing it as had been done previously.

In the case of a subdomain, you can break the entire zone by doing this
wrong, but the use of the CNAME as applied to the first-level domain (as
opposed to TLD (e.g. .de) essentially breaks the entire zone, as it
effectively kills your ability to apply any resource records if it is
allowed.

I'd guess that if they wanted to have dyndns.org handle their DNS, they'd
just want the zones delegated outright to the dyndns.org name servers, as
opposed to the setup that you have proposed.

Perhaps I'm mistaken, but I'm pretty sure my logic is correct here.

Best regards,

dave
Kevin Darcy
2001-06-21 22:29:52 UTC
Permalink
Post by David R. Kirk
The errors are correct - you need to decide what you are doing with
this zone, as the zone data that you have included below contradicts
many BIND rules that BIND 8.2.3 enforces very strictly, and it's not
clear what you are trying to do with that zone at all.
I still don't understand, what's wrong with it? It's not one zone just
for testing, it's one of some thousand zones mainly for .de-domains.
Most presences are hosted at our servers, so we don't need CNAMEs. But
some customer want to use the services of dyndns.org, so one or more
subdomains are CNAMEed to the correspondig subdomain of dyndns.org.
So, if someone resolves the domain name, it will resolv first .de at the
root-nameservers, miabdo.de at dns.denic.de, and then ns.cnm.de, looking
for an a or cname-Record. While it's working the same way with
subdomains e.g. config.variomedia.de CNAMEed to vm2.variomedia.de,
what's the problem with miabdo.de to miabdo.dyndns.org? Because it
CNAMEs to an external source? How else can I configure the above
described requirements?
As others have pointed out, "CNAME and other data" violates a basic rule of
DNS. A corollary of this rule is that a name can be an alias or a zone, but
it can't be *both* at the same time.

If you could convince DENIC to put a CNAME for miabdo.de in the .de zone,
pointing to miabdo.dyndns.org, then this would work fine. But in that case,
miabdo.de wouldn't be a zone, and so you wouldn't be able to put anything
*underneath* miabdo.de (e.g. the www.miabdo.de A record), unless you could
also convince DENIC to put those entries in the .de zone as well, which
seems unlikely. And you wouldn't be able to have a miabdo.de wildcard
record at all, since wildcards are zone-wide in scope.


- Kevin

Simon Waters
2001-06-21 15:06:22 UTC
Permalink
Jun 21 15:15:05 vm3 named[3605]: miabdo.de has CNAME and other data (invalid)
Jun 21 15:15:05 vm3 named[3605]: de/miabdo.zone:9:miabdo.de: CNAME and OTHER data error
Jun 21 15:15:05 vm3 named[3605]: master zone "miabdo.de" (IN) rejected due to errors (serial 2001062160)
miabdo.de. IN CNAME miabdo.dydns.org.
You can not have;

name CNAME newname
name ANOTHERTYPE data

also;

zone "name"
name CNAME newname

is against the rules AFAIK....


You seem to have a domain called "miabo.de." and are trying
to alias the domain name "miabo.de" to something else. Then
you try and tell it that "miabo.de" has other entries, but
"miabo.de" doesn't exist, as it was only an alias.....

Your not allowed to alias the domain name with a CNAME as
this leads to ambiguity and confusion.... well so it is
claimed.

Perhaps you want "miabo.de." to work as a web site, in which
case you need to insert an A record, or use some sort of
HTTP redirection (I'm guessing it has a dynamic IP address
so an A record is out of the question).

If you want the zone to have entries other than "miabo.de"
entries, and the "miabo.de" record to point to a dynamic IP
address, I think your out of luck....
--
Simon Waters
Are you using the Internet to best effect ?
www.eighth-layer.com
Tel: +44(0)1395 232769 ICQ: 116952768
Moderated discussion of teleworking issues at
news:uk.business.telework
arjen-bind
2001-06-21 15:21:56 UTC
Permalink
$TTL 1D
@ IN SOA ns.cnm.de. hostmaster.variomedia.de. (
2001062160 ;
8H ;
2H ;
1W ;
1D )
test IN A 212.84.253.6
LINE 9: >> > miabdo.de. IN CNAME miabdo.dydns.org.
www.miabdo.de. IN CNAME miabdo.dydns.org.
miabdo.de. IN MX 10 mail.variomedia.de.
* IN MX 10 mail.variomedia.de.
miabdo.de. IN NS ns2.cnm.de.
miabdo.de. IN NS ns.cnm.de.
If you have a CNAME record for a hostname, you _cannot_ have _any_ _other_
records whatsoever for that hostname. No MX, no NS, whatever. Just CNAME.

pre 8.2.3 version allowed this, from 8.2.3 it is not allowed anymore, to
follow the RFC


Grtz,

Arjen.
Marc C Storck
2001-06-21 16:19:29 UTC
Permalink
Hello,
I'm running bind 8.2.3 and I've got a problem with some CNAME-Records.
However, I don't have problems with some CNAME-Records in most other
zones.
Jun 21 15:15:05 vm3 named[3605]: miabdo.de has CNAME and other data
(invalid)
Jun 21 15:15:05 vm3 named[3605]: de/miabdo.zone:9:miabdo.de: CNAME and
OTHER data error
Jun 21 15:15:05 vm3 named[3605]: master zone "miabdo.de" (IN) rejected due
to errors (serial 2001062160)
Altough, I can't find any mistakes in the following zone, or could it
have to do with the order of the entries?
$TTL 1D
@ IN SOA ns.cnm.de. hostmaster.variomedia.de. (
2001062160 ;
8H ;
2H ;
1W ;
1D )
test IN A 212.84.253.6
miabdo.de. IN CNAME miabdo.dydns.org.
THIS LINE IS ILLEGAL YOU CANNOT HAVE "IN NS", "IN SOA", "IN CNAME", etc
record FOR THE SAME HOST (here: miabdo.de)
www.miabdo.de. IN CNAME miabdo.dydns.org.
miabdo.de. IN MX 10 mail.variomedia.de.
* IN MX 10 mail.variomedia.de.
miabdo.de. IN NS ns2.cnm.de.
miabdo.de. IN NS ns.cnm.de.
Regards,
Marten Lehmann
Mark.Andrews
2001-06-21 21:54:12 UTC
Permalink
Post by David R. Kirk
The errors are correct - you need to decide what you are doing with
this zone, as the zone data that you have included below contradicts
many BIND rules that BIND 8.2.3 enforces very strictly, and it's not
clear what you are trying to do with that zone at all.
I still don't understand, what's wrong with it? It's not one zone just
for testing, it's one of some thousand zones mainly for .de-domains.
Most presences are hosted at our servers, so we don't need CNAMEs. But
some customer want to use the services of dyndns.org, so one or more
subdomains are CNAMEed to the correspondig subdomain of dyndns.org.
Well they should do one or more of the following:

1. lobby for SRV suppport in browsers, etc.
2. pay or otherwise obtain for a virtual site at a fixed address
that can then redirect to their dynamic address at the http
level.
3. move their site to a fixed address.
4. pay for a fixed address from their ISP.
5. they should arrange for their de zone to be dynamically
updatable so they can use a A record rather than a CNAME.

Mark
So, if someone resolves the domain name, it will resolv first .de at the
root-nameservers, miabdo.de at dns.denic.de, and then ns.cnm.de, looking
for an a or cname-Record. While it's working the same way with
subdomains e.g. config.variomedia.de CNAMEed to vm2.variomedia.de,
what's the problem with miabdo.de to miabdo.dyndns.org? Because it
CNAMEs to an external source? How else can I configure the above
described requirements?
Regards,
Marten Lehmann
--
Mark Andrews, Nominum Inc.
1 Seymour St., Dundas Valley, NSW 2117, Australia
PHONE: +61 2 9871 4742 INTERNET: Mark.Andrews at nominum.com
Jim Reid
2001-06-21 22:07:48 UTC
Permalink
Post by David R. Kirk
The errors are correct - you need to decide what you are doing
with this zone, as the zone data that you have included below
contradicts many BIND rules that BIND 8.2.3 enforces very
strictly, and it's not clear what you are trying to do with
that zone at all.
Marten> I still don't understand, what's wrong with it?

Read RFC1034: "Domain Concepts and Facilities". It's a fundamental DNS
standard. I quote from section 3.6.2:

If a CNAME RR is present at a node, no other data should be
present; this ensures that the data for a canonical name and
its aliases cannot be different.

So if a name already exists as some record type -- like SOA or NS --
it cannot exist as a CNAME. Is that clear enough for you?
Loading...