CNAME domain to another domain, but keep different SPF records for the two?
Solution 1
A CNAME means that the hostname is exactly the same as the target hostname with respect to all record types. If this is not what you want then you can't use a CNAME.
You also shouldn't CNAME the root of a domain (i.e. mydomain.net), because this means that the SOA for mydomain.net is actually that of mydomain.com.
Solution 2
From a pure DNS point of view (i.e. don't know about cPanel), you can use a DNAME record to in mydomain.net to redirect to mydomain.com.
In that case, queries for SPF will return the entry both in the corresponding domain but other entries will be aliased:
# zone file mydomain.net
mydomain.net. DNAME mydomain.com.
mydomain.net. SPF "mydomain.net's SPF"
# zone file mydomain.com
mydomain.com. SPF "mydomain.com's SPF"
someip A 10.0.0.1
# dig mydomain.net spf
mydomain.net. SPF "mydomain.net's SPF"
# dig mydomain.com spf
mydomain.com. SPF "mydomain.com's SPF"
# dig someip.mydomain.net
someip.mydomain.com A 10.0.0.1
Marco Demaio
Updated on September 18, 2022Comments
-
Marco Demaio over 1 year
SCENARIO:
mydomain.com is the main website, we do send/receive mail using [email protected]. mydomain.com DNS has got an SPF record
"v=spf1 a mx ~all"
mydomain.net is just an alias for mydomain.com, but we do NOT send mail using [email protected]. Therefor mydomain.net DNS has got an SPF record
"v=spf1 -all"
to acknowledge everyone it does not send mail
Since mydomain.net is an alias for mydomain.com I wanted to use CNAME in DNS, thus:
mydomain.net -> CNAME -> mydomain.com www.mydomain.net -> CNAME -> mydomain.com
But by doing this I noticed that when testing SPF for mydomain.net with a DNS tool like this the SPF returned is the one in mydomain.com
"v=spf1 a mx ~all"
and NOT as I would expect the"v=spf1 -all"
Is there a way to use different SPF for the two domains, by still using CNAME
-
Philip about 11 yearsYou can't CNAME a whole domain like that.... Are you using some control panel software?
-
Marco Demaio about 11 years@Chris S: I'm using cPanel/WHM, and both domains have been added to the server. They work perfectly. When someone enters mydomain.net/www.mydomain.net it goes to mydomain.com/www.mydomain.com. I thought to use CNAME in mydomain.net DNS because I wanted to avoid writing again the IP for each A record. But obviously there is something that I'm missing. about the CNAME, could you explain? Thanks
-
isedev about 11 yearsuse a DNAME if you can, see my answer below.
-
Philip about 11 yearsIt's an invalid configuration to CNAME a domain at the delegated name server; it would have to be CNAME'd at the root server level, and they don't allow that.
-
mgorven about 11 years@ChrisS That's what I meant in the second paragraph.
-
Philip about 11 yearsI know you know what you're talking about... just spelling it out for the less informed.
-
Marco Demaio about 11 years@mgorven: I think I almost got the point. What altrenatives do we have then to avoid rewriting same server IP hundereds of times in the DNS of each domain? See serverfault.com/questions/481500/…
-
mgorven about 11 years@MarcoDemaio There isn't if you want different SPF records. If you want both domains to be exactly the same you can use a DNAME record however.
-
Ged Haywood over 5 yearsThe SPF RRtype record is obsolete. The TXT RRtype should be used for all SPF records.