DNS 名称为 foo.com 的 CNAME 类型的 RRSet.不允许在区域 bar.com 的顶点 [英] RRSet of type CNAME with DNS name foo.com. is not permitted at apex in zone bar.com

问题描述

我拥有 foo.com 和 bar.com.我在 Route53 中管理两者.foo.com 托管我的网站，我想将流量从 bar.com 引导到 foo.com.我尝试为 bar.com 设置一个 CNAME 记录，指向 foo.com，但我收到错误消息:

I own foo.com and bar.com. I am managing both in Route53. foo.com hosts my site, and I'd like to direct traffic from bar.com to foo.com. I tried to set up a CNAME record for bar.com pointing to foo.com, but I got the error message:

RRSet of type CNAME with DNS name foo.com. is not permitted at apex in zone bar.com.

为什么这不起作用，我可以做什么?

Why doesn't this work, and what can I do instead?

推荐答案

根据 RFC1912 第 2.4 节:

As per RFC1912 section 2.4:

 A CNAME record is not allowed to coexist with any other data.  In
 other words, if suzy.podunk.xx is an alias for sue.podunk.xx, you
 can't also have an MX record for suzy.podunk.edu, or an A record, or
 even a TXT record.  Especially do not try to combine CNAMEs and NS 
 records like this!:

           podunk.xx.      IN      NS      ns1
                           IN      NS      ns2
                           IN      CNAME   mary
           mary            IN      A

RFC 非常有意义，因为名称服务器不知道它是否需要遵循 CNAME 或回答与 CNAME 重叠的实际记录.bar.com 是一个区域，因此它隐式具有 bar.com 名称的 SOA 记录.您不能同时拥有同名的 SOA 记录和 CNAME.

The RFC makes perfect sense as the nameserver wouldn't know whether it needs to follow the CNAME or answer with the actual record the CNAME overlaps with. bar.com is a zone therefore it implicitly has an SOA record for the bar.com name. You can't have both a SOA record and a CNAME with the same name.

但是，鉴于 SOA 记录通常仅用于区域维护，因此您希望在区域的顶点提供 CNAME 的情况非常普遍.尽管 RFC 禁止它，但许多工程师还是喜欢这样的行为:除非查询明确要求 SOA 记录，否则请遵循 CNAME".这就是 Route 53 提供 别名记录 的原因.这些是 Route 53 的特定功能，可提供您需要的确切功能.看看 http://docs.aws.amazon.com/Route53/latest/DeveloperGuide/CreatingAliasRRSets.html

However, given that SOA records are generally used only for zone maintenance, these situations where you want to provide a CNAME at the zone's apex are quite common. Even though the RFC prohibits it, many engineers would like a behaviour such as: "follow the CNAME unless the query explicitly asks for the SOA record". That's why Route 53 provides alias records. These are a Route 53 specific feature which offer the exact functionality you require. Have a look at http://docs.aws.amazon.com/Route53/latest/DeveloperGuide/CreatingAliasRRSets.html

这篇关于DNS 名称为 foo.com 的 CNAME 类型的 RRSet.不允许在区域 bar.com 的顶点的文章就介绍到这了，希望我们推荐的答案对大家有所帮助，也希望大家多多支持IT屋！