Reputation: 456
Can I alias one domain to another?
I am merging two DNS domains. They are internal so I don't have to worry about fitting into the main DNS system. They are largely the same: ie they contain mostly the same hosts.
What I want to do is create an alias for one of the domains.
The RFCs say that you can't have an NS record or an MX record the same as a cname (or probably an A record) so I created a zone with only a cname and it works:
zone 1 = example.com (a normal domain)
Try 1:
zone 2 = sample.internal (a domain with a single alias)
Unfortunately windows (it would have to be windows wouldn't it) helpfully keeps adding ns records. grrrr.
Try 2:
zone 2 = internal (a domain)
contains normal gumpf and one cname
sample CNAME example.com.
But both gave the same results:
nslookup sample.internal
Server: ns.example.com
Address: 172.16.xx.xx
Name: example.com
Addresses: 172.16.xx.xx
172.16.xx.xx
Aliases: sample.internal
but this lookup where fred.example.com exists doesn't work:
nslookup fred.sample.internal
Server: ns.example.com
Address: 172.16.xx.xx
*** ns.example.com can't find fred.sample.internal: Non-existent domain
Is it possible to do recursive lookups in an aliased domain?
Upvotes: 4
Views: 27778
Answers (2)
Reputation: 101
Yes you can. There are two primary ways of accomplishing this with DNS (I will use "BIND" configuration examples):
- Using the DNAME (Delegation NAME) record
- Overloading a zone file in the BIND configuration
The first option leaves trails of where it originates and how it's set up, while the second one is easiest to implement but requires careful planning and places restrictions on zone usage.
DNAME Method
Let's say you want every host within "bad.com" to go to "good.com". First set up the zone in your "named.conf":
// Malicious external domain, redirected to "good.com"
zone "bad.com" in {
type master;
file "security/good.com";
check-names ignore;
};
The zone file for "good.com" (remember, this is the zone we're redirecting to) would look something like this:
; Name: security/good.com
; Date: 2/19/2016
; Purpose: General-use redirection to "good.com" using DNAME
$TTL 3600
@ IN SOA dns.good.com. admin.dns.com. (
2016021900
7200
600
2592000
3600 )
IN NS dns1.good.com.
IN NS dns2.good.com.
IN DNAME good.com.
When you reload your name server, any DNS queries in the "bad.com" zone will now be delegated to "good.com":
> nslookup www.bad.com
Server: dns1.good.com
Address: 10.9.8.7#53
bad.com dname = good.com.
www.bad.com canonical name = www.good.com.
Name: www.good.com
Address: 10.1.2.3
I purposefully used the default behavior of the zone file using a single "@" encompassing the SOA, NS and DNAME records, which makes it easy to just re-use the "security/good.com" zone file for any other such zones you might want to redirect:
// Malicious external domain, redirected to "good.com"
zone "bad.com" in {
type master;
file "security/good.com";
check-names ignore;
};
// Another malicious external domain, redirected to "good.com"
zone "worse.com" in {
type master;
file "security/good.com";
check-names ignore;
};
// Yet another malicious external domain, redirected to "good.com"
zone "evil.com" in {
type master;
file "security/good.com";
check-names ignore;
};
You get the idea...
Note how the DNAME delegation is displayed in the query results. Some people may not like this, which can be overcome using the second method.
Zone File Overload Method
In reality we covered this already above. All we're doing is re-using a zone file with the default records and never explicitly referencing the zone name. In our example, we use the "directory" options but place all the zone files in a folder called "zone", and give the file name the same name as the zone name (I never liked the "db.xxxx"):
$TTL 14400
@ IN SOA dns.good.com. admin.good.com. (
2016021900 ; Serial No.
1800 ; Refresh
600 ; Retry
604800 ; Expire
3600 ) ; Minimum
IN NS dns1
IN NS dns2
IN MX 10 mail
IN A 10.11.12.13
; A records
dns1 IN A 10.9.8.7
dns2 IN A 10.9.8.6
mail IN A 10.9.8.5
files IN A 10.9.8.4
; CNAME records
www IN CNAME @
ftp IN CNAME files
Now the elements of your "named.conf" file:
zone "good.com" in {
type master;
file "zones/good.com";
check-names ignore;
notify yes;
};
Now lets say you want the domain "goodness.com" to essentially be "good.com". Simply re-use the "good.com" file in your "named.conf", but specifying the overloaded zone name:
zone "goodness.com" in {
type master;
file "zones/good.com";
check-names ignore;
notify yes;
};
Now when you query for records in "goodness.com", they become the records from the "good.com" zone:
> nslookup files.good.com
Server: dns1.good.com
Address: 10.9.8.7#53
Name: files.good.com
Address: 10.9.8.4
> nslookup files.goodness.com
Server: dns1.good.com
Address: 10.9.8.7#53
Name: files.goodness.com
Address: 10.9.8.4
As above, you must never explicitly reference the zone name in the zone file, but rather use the "@" default reference, and never use fully-qualified domain names as the target of CNAME records that reference A records within the zone.
The drawbacks to this method must be very careful using the "$ORIGIN" directives, and becomes very difficult to use the "$GENERATE" directive. Additionally, it occupies twice the memory in your authoritative server since they are separate zones as far as the server is concerned.
Anyway, this should demonstrate two ways of using DNS to redirect records of one zone to another.
Upvotes: 10
Reputation: 339776
A CNAME record aliases a specific domain name to another domain name.
A DNAME record aliases all subdomains of a specific domain name to the same subdomain of another domain name.
Unfortunately the two cannot co-exist together - it's not possible to say:
foo IN CNAME bar ;; maps the domain
foo IN DNAME bar ;; maps the subdomains
although there are proposals at the IETF for an alternative that might do both together.
Upvotes: 5
Related Questions
- Azure DNS: How to configure an ALIAS record to point to some external domain?
- Pointing sub-domain to another domain on another host
- DNS redirect of a url to another url
- DNS two domains one server
- DNS records to point to another domain
- How to set 2 domains on 1 website?
- Subdomain alias of subdomain
- add a server alias to the domain's VHOST?
- Supporting CNAME aliases
- How can domain aliases be set up using Django?