CNAME domain to another domain, but keep different SPF records for the two?

domain-name-system nameserver cname-record spf

6,625

Solution 1

A CNAME means that the hostname is exactly the same as the target hostname with respect to all record types. If this is not what you want then you can't use a CNAME.

You also shouldn't CNAME the root of a domain (i.e. mydomain.net), because this means that the SOA for mydomain.net is actually that of mydomain.com.

Solution 2

From a pure DNS point of view (i.e. don't know about cPanel), you can use a DNAME record to in mydomain.net to redirect to mydomain.com.

In that case, queries for SPF will return the entry both in the corresponding domain but other entries will be aliased:

# zone file mydomain.net
mydomain.net. DNAME mydomain.com.
mydomain.net. SPF   "mydomain.net's SPF"

# zone file mydomain.com
mydomain.com. SPF   "mydomain.com's SPF"
someip   A      10.0.0.1

# dig mydomain.net spf
mydomain.net. SPF "mydomain.net's SPF"

# dig mydomain.com spf
mydomain.com. SPF "mydomain.com's SPF"

# dig someip.mydomain.net
someip.mydomain.com A 10.0.0.1

6,625

Author by

Marco Demaio

Updated on September 18, 2022

Comments

Marco Demaio over 1 year
SCENARIO:
- mydomain.com is the main website, we do send/receive mail using [email protected]. mydomain.com DNS has got an SPF record "v=spf1 a mx ~all"
- mydomain.net is just an alias for mydomain.com, but we do NOT send mail using [email protected]. Therefor mydomain.net DNS has got an SPF record "v=spf1 -all" to acknowledge everyone it does not send mail
Since mydomain.net is an alias for mydomain.com I wanted to use CNAME in DNS, thus:
```
mydomain.net -> CNAME -> mydomain.com
www.mydomain.net -> CNAME -> mydomain.com
```
But by doing this I noticed that when testing SPF for mydomain.net with a DNS tool like this the SPF returned is the one in mydomain.com "v=spf1 a mx ~all" and NOT as I would expect the "v=spf1 -all"

Is there a way to use different SPF for the two domains, by still using CNAME
- Philip about 11 years
  
  You can't CNAME a whole domain like that.... Are you using some control panel software?
- Marco Demaio about 11 years
  
  @Chris S: I'm using cPanel/WHM, and both domains have been added to the server. They work perfectly. When someone enters mydomain.net/www.mydomain.net it goes to mydomain.com/www.mydomain.com. I thought to use CNAME in mydomain.net DNS because I wanted to avoid writing again the IP for each A record. But obviously there is something that I'm missing. about the CNAME, could you explain? Thanks
- isedev about 11 years
  
  use a DNAME if you can, see my answer below.
Philip about 11 years

It's an invalid configuration to CNAME a domain at the delegated name server; it would have to be CNAME'd at the root server level, and they don't allow that.
mgorven about 11 years

@ChrisS That's what I meant in the second paragraph.
Philip about 11 years

I know you know what you're talking about... just spelling it out for the less informed.
Marco Demaio about 11 years

@mgorven: I think I almost got the point. What altrenatives do we have then to avoid rewriting same server IP hundereds of times in the DNS of each domain? See serverfault.com/questions/481500/…
mgorven about 11 years

@MarcoDemaio There isn't if you want different SPF records. If you want both domains to be exactly the same you can use a DNAME record however.
Ged Haywood over 5 years

The SPF RRtype record is obsolete. The TXT RRtype should be used for all SPF records.