Join Log in
Score:1
avatar Server

Who manages sub-subdomains when you use a CNAME

ke flag
collimarco

This is the DNS configuration:

blog.example.com CNAME example.host.com

Then what happens if someone makes a DNS query about a sub-subdomain (e.g. sub.blog.example.com)?

Is that DNS query redirected to example.host.com?

Or that DNS query about a sub-subdomain doesn't match the CNAME?

16
0 + 0
Score:2
Patrick Mevzek avatar Server
cn flag
Patrick Mevzek

First, there is no redirection in DNS. This is a term defined and used in the HTTP world, it doesn't exist in the DNS. At best, you can speak about aliases in case of CNAME.

The resolution algorithm in the DNS is outlined in https://datatracker.ietf.org/doc/html/rfc1034#section-4.3.2

CNAME does not behave like a "sub domain wildcard" as you seem to think of.

Once a CNAME exists, nothing can exist below. So a resolver attempting the "sub" name will get an authoritative answer saying the name does not exist and should stop there. If it climbs up, or down from the root, it should find the CNAME itself, and then continue searching there (but not with a wildcard sense). You may want to look at the DNAME record that provides the semantic you seem to want to have (look at the Wikipedia page on CNAME at https://en.wikipedia.org/wiki/CNAME_record and see the relevant line in the DNAME section: "However, a lookup for xyzzy.foo.example.com will be DNAME mapped and return the A record for xyzzy.bar.example.com, which is 192.0.2.24; if the DNAME record had been a CNAME record, this request would have returned name not found.").

Or you create *.blog.example.com as a wildcard, which can be a CNAME or any other things. Do note that in history, CNAME and wildcards did create lots of confusion and errors, so not something to use when you just start with the DNS (easy to provision each name precisely in the zone file)

You can try for yourself, right now:

$ dig www.icann.org CNAME +noall +ans
www.icann.org.      57m53s IN CNAME www.vip.icann.org.

So we have this CNAME. If we want to try your sub name case:

$ dig test.www.icann.org CNAME +noall +auth
icann.org.      1m57s IN SOA sns.dns.icann.org. noc.dns.icann.org. (
                2022051953 ; serial
                10800      ; refresh (3 hours)
                3600       ; retry (1 hour)
                1209600    ; expire (2 weeks)
                3600       ; minimum (1 hour)
                )

or (this does an A by default)

$ dig test.www.icann.org  +noall +auth
icann.org.      2m IN SOA sns.dns.icann.org. noc.dns.icann.org. (
                2022051953 ; serial
                10800      ; refresh (3 hours)
                3600       ; retry (1 hour)
                1209600    ; expire (2 weeks)
                3600       ; minimum (1 hour)
                )

If you look at the status you will see NXDOMAIN (domain does not exist) for those cases.

0 + 0
ke flag
collimarco
Thanks for the reply! I have a `blog.example.com` pointed with a CNAME to Siteground. My DNS doesn't have any other configuration for that subdomain (blog). In this case, can Siteground set a TXT record for `foo._domainkey.blog.example.com`?
0
Reply
Patrick Mevzek avatar
cn flag
Patrick Mevzek
See in my answer: "Once a CNAME exists, nothing can exist below." If `blog` is a CNAME you can not define anything below it.
0
Reply
ke flag
collimarco
Ok, `blog` is a CNAME and so I cannot define anything below it in my own DNS... but since it's delegated to Siteground, can Siteground define something below it? And if was a NS record (instead of a CNAME) would that work?
0
Reply
Patrick Mevzek avatar
cn flag
Patrick Mevzek
Please ask your DNS/service provider for guidance, do not attempt to just blindly put some records and hope it works. `NS` and `CNAME` work completely differently and serves different purpose. But if you delegate (with `NS` records) `blog` elsewhere, then you can't either define anything below it on your side as you gave control of the node to a third party so anything below it has to be defined now there. As for them defining something below your CNAME: yes they can but in THEIR zone, not yours, so useless for your names.
0
Reply
ธงชาติไทย
Elon Musk
I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.