sdean@ulster.net wrote:

>Some domains will resolve to an actual host (like yale.edu), others
>(like harvard.edu) do not or do a sort of halfway resolution (that
>doesn't work in reverse), like ibm.com (whose numeric IP reverse
>resolves to www.ibm.com, tsk, tsk).
>Myself, I think it's a Bad Idea to have an actual host that answers to
>the same symbolic name as the domain....but our college's former
>administrator did so ages ago.
>
>Now I wish transfer the services of the old wombat.edu
>host-with-the-same-name-as-the-domain (domain is wombat.edu, and there
>is a host wombat.edu...it's a login server) to a new server, named
>shell.wombat.edu. Everything is set to go, but I find I can't have a
>CNAME record like this:
>wombat.edu CNAME shell.wombat.edu
>Seems BIND finds this illegal, and I can sortkinda see why
>
>Is there some way to finesse this, some unugly way to do this. I would
>really rather NOT have two A records with the same numeric IP
>(wombat.edu and shell.wombat.edu); that's ugly and illegal and causes
>problems with spoofing protection. I don't want to give the A record
>for the numeric to wombat.edu and have shell.wombat.edu be a CNAME,
>though that is less ugly to my sensibilities.
>
>I mean, you can have a domain name with MX records and no A record, why
>not a domain name with CNAME and no A record or some equivalent
>thereof.
>

There's nothing illegal about having two different names point to the
same IP address. There's nothing illegal even with having a given
reverse (in-addr.arpa) name resolve to multiple PTRs, although most if
not all implementations of gethostbyaddr() only look at the first
record, i.e. it's legal, but fairly useless. For that matter, there's
nothing enforceably illegal about having a forward without a reverse, or
_vice_versa_.

One thing that *is* illegal, however, is a CNAME with the same owner
name as that of a zone. The owner of a CNAME record cannot own records
of any other type, and by definition, the name of a zone owns an SOA
record and at least 2 NS records.

Just take the easy way out and CNAME the non-zone-apex names to the
zone-apex name.


- Kevin