A minor correction/addition to your second rule for CNAME records
(which does not affect the OP):

> 2) you can't point one CNAME at another CNAME


You can't point any record type at a CNAME. MX, NS, and SRV records
also may not have aliases in their RData.

The functional exception is CNAME records themselves, actually.
Although it is against the rules to have a CNAME record refer to
another CNAME alias, it works (because the RFC says it should work,
despite the rule) and it's used in production.

For example:

www.microsoft.com. 3600 IN CNAME toggle.www.ms.akadns.net.
toggle.www.ms.akadns.net. 300 IN CNAME g.www.ms.akadns.net.
g.www.ms.akadns.net. 300 IN CNAME lb1.www.ms.akadns.net.
lb1.www.ms.akadns.net. 300 IN A 65.55.21.250
lb1.www.ms.akadns.net. 300 IN A 207.46.193.254
lb1.www.ms.akadns.net. 300 IN A 207.46.192.254
lb1.www.ms.akadns.net. 300 IN A 207.46.19.190
lb1.www.ms.akadns.net. 300 IN A 65.55.12.249
lb1.www.ms.akadns.net. 300 IN A 207.46.19.254

Chris Buxton
Professional Services
Men & Mice

On Oct 10, 2008, at 2:31 PM, Kevin Darcy wrote:

> Again, the relevant rules are:
> 1) if other data is present at a node (which is true by edict for an
> apex), it can't own a CNAME
> 2) you can't point one CNAME at another CNAME