[Freeipa-users] DNS: Possible to set a CNAME for bare domain?

Petr Spacek pspacek at redhat.com
Mon Oct 6 06:59:12 UTC 2014


Hello,

I will add few more details:

"ALIAS" virtual record and its derivatives are not standardized yet and AFAIK 
there is no implementation which works with DNSSEC.

IPA uses BIND 9.9 as DNS backend and BINDitself doesn't support any variant of 
ALIAS record at the moment. As a result, IPA doesn't have any means to provide 
this feature.

If you are interested in details please see dnsop mailing list archives [1] 
and look for "ALIAS" keyword in subjects.

[1] http://www.ietf.org/mail-archive/web/dnsop/current/maillist.html

Petr^2 Spacek

On 4.10.2014 19:28, Will Sheldon wrote:
> Thanks Michael, it seems you are correct.
>
> I knew I’d seen it done though - turns out that if you use route53 for your DNS amazon has a way of making it work with a virtual record type called an alias. I guess we’ll just have to use route53. At least alias lookups are free.
>
>
> On October 4, 2014 at 10:20:43 AM, Michael Lasevich (mlasevich at gmail.com) wrote:
>
> You cannot have cname for a bare domain in IPA or in any DNS service, it violates DNS rfc's.
>
> On Oct 4, 2014 10:19 AM, "Will Sheldon" <mail at willsheldon.com> wrote:
>
> Hello everyone : )
>
>
> Is it possible to configure a CNAME for a bare domain with freeIPA?
>
> We would like to move our site over to an Amazon ELB, but to do so we have to point our domain (foo.com, not www.foo.com) at an was A record with a CNAME (something like xxxxxxxxxxxx.eu-west-1.elb.amazonaws.com)
>
> This is technically possible, but IPA complains:
>
> "invalid 'cnamerecord': CNAME record is not allowed to coexist with any other records except PTR"
>
> I’m guessing this is because of the @ NS record.
>
>
> Is there any way to override this behaviour? Can I make manual modifications to the zone file?
>
>
>
>
> Will Sheldon




More information about the Freeipa-users mailing list