Hi Brian. You can't redirect your entire zone from inside the zone itself. CNAME absolutely will not do it, by design (also DNAME).
The reason is, the way that DNS works. wadsworth.org has been delegated to a bunch of DNS servers (see below), which are presumably run by you and associated entities. As far as the world is concerned, that set of NS is now completely responsible for wadsworth.org and everything underneath it. They host the zone called wadsworth.org and you can put into that zone almost anything you like, for names (excluding CNAMEs and DNAMEs) at that name, or anything below that name. ;; QUESTION SECTION: ;wadsworth.org. IN NS ;; ANSWER SECTION: wadsworth.org. 86400 IN NS pauling.wadsworth.org. wadsworth.org. 86400 IN NS cmtu.mt.ns.els-gms.att.net. wadsworth.org. 86400 IN NS b24.ns.els-gms.att.net. wadsworth.org. 86400 IN NS b23.ns.els-gms.att.net. wadsworth.org. 86400 IN NS m24.ns.els-gms.att.net. wadsworth.org. 86400 IN NS ns0.ny.gov. wadsworth.org. 86400 IN NS ns1.ny.gov. wadsworth.org. 86400 IN NS m23.ns.els-gms.att.net. wadsworth.org. 86400 IN NS ns1.albany.edu. wadsworth.org. 86400 IN NS cbru.br.ns.els-gms.att.net. wadsworth.org. 86400 IN NS ns2.ny.gov. wadsworth.org. 86400 IN NS beacon.health.state.ny.us. So if the world already knows where you are, the only way to change its point of view is to change the delegation in the parent - .org in your case. Many people have wished it could over the years, me included, and hence was born the quest for a record type that does allow you to do this, which might have been called, for example, ALIAS. However, there is (still) no standardised ALIAS function, by that name or any other. What some commercial DNS providers have done is to fudge an alias-like function, so it appears that you have redirected your whole zone somewhere else. CNAME/DNAME are very old now. More recently, a couple of other RRTYPEs - SVCB and HTTPS - have been standardised (and are supported by BIND) that do allow you to alias the apex (the zone itself) *but* not for any query, only for queries matching those RRTPEs. Thus clients need to be SVCB/HTTPS-aware and ask the right question. So they are not a magic replacement for CNAME. Why do these people want you to alias your entire zone to them anyway? I hope that helps. Christmas cheers, Greg. On Tue, 24 Dec 2024 at 14:39, Cuttler, Brian R (HEALTH) via bind-users < bind-users@lists.isc.org> wrote: > > > Hello bind users. > > > > We are running bind 9.14.28 on Ubuntu and have an offsite provider for our > DNS services. > > The cname we create for our webserver www.wadsworth.org is working well. > However, I’ve been asked if we can point the apex record at the external > webserver. > > > > If I’m understanding the docs I’ve looked at, there are ways if we had > external DNS services, rather than the on-prem Bind server, or if bind > supported the Alias RR. > > I know it can, but does not natively, or at least not the document I found > which indicates we’d need to modify the source code. > > > > I’m looking for guidance on how to point the named domain name, the apex > record at the IP addresses provided by the cname name we are using for our > webserver. > > > > Thanks in advance, > > Brian > > > > Brian Cuttler, System and Network Administration > > Wadsworth Center, NYS Department of Health > > Albany, NY 12201 POB 509 > > brian.cutt...@health.ny.gov > > 518 486-1697 > > > -- > Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe > from this list > > ISC funds the development of this software with paid support > subscriptions. Contact us at https://www.isc.org/contact/ for more > information. > > > bind-users mailing list > bind-users@lists.isc.org > https://lists.isc.org/mailman/listinfo/bind-users >
-- Visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information. bind-users mailing list bind-users@lists.isc.org https://lists.isc.org/mailman/listinfo/bind-users
