3

SCENARIO:

  • mydomain.com is the main website, we do send/receive mail using [email protected]. mydomain.com DNS has got an SPF record "v=spf1 a mx ~all"

  • mydomain.net is just an alias for mydomain.com, but we do NOT send mail using [email protected]. Therefor mydomain.net DNS has got an SPF record "v=spf1 -all" to acknowledge everyone it does not send mail

Since mydomain.net is an alias for mydomain.com I wanted to use CNAME in DNS, thus:

mydomain.net -> CNAME -> mydomain.com www.mydomain.net -> CNAME -> mydomain.com

But by doing this I noticed that when testing SPF for mydomain.net with a DNS tool like this the SPF returned is the one in mydomain.com "v=spf1 a mx ~all" and NOT as I would expect the "v=spf1 -all"

Is there a way to use different SPF for the two domains, by still using CNAME

Improve this question
3
  • 2
    You can't CNAME a whole domain like that.... Are you using some control panel software? Commented Feb 21, 2013 at 19:58
  • @Chris S: I'm using cPanel/WHM, and both domains have been added to the server. They work perfectly. When someone enters mydomain.net/www.mydomain.net it goes to mydomain.com/www.mydomain.com. I thought to use CNAME in mydomain.net DNS because I wanted to avoid writing again the IP for each A record. But obviously there is something that I'm missing. about the CNAME, could you explain? Thanks Commented Feb 21, 2013 at 20:34
  • use a DNAME if you can, see my answer below. Commented Feb 22, 2013 at 1:29

3 Answers 3

Reset to default
5

A CNAME means that the hostname is exactly the same as the target hostname with respect to all record types. If this is not what you want then you can't use a CNAME.

You also shouldn't CNAME the root of a domain (i.e. mydomain.net), because this means that the SOA for mydomain.net is actually that of mydomain.com.

Improve this answer
5
  • It's an invalid configuration to CNAME a domain at the delegated name server; it would have to be CNAME'd at the root server level, and they don't allow that. Commented Feb 22, 2013 at 0:42
  • @ChrisS That's what I meant in the second paragraph. Commented Feb 22, 2013 at 1:36
  • I know you know what you're talking about... just spelling it out for the less informed. Commented Feb 22, 2013 at 4:06
  • @mgorven: I think I almost got the point. What altrenatives do we have then to avoid rewriting same server IP hundereds of times in the DNS of each domain? See serverfault.com/questions/481500/… Commented Feb 22, 2013 at 13:26
  • @MarcoDemaio There isn't if you want different SPF records. If you want both domains to be exactly the same you can use a DNAME record however. Commented Feb 22, 2013 at 17:06
2

From a pure DNS point of view (i.e. don't know about cPanel), you can use a DNAME record to in mydomain.net to redirect to mydomain.com.

In that case, queries for SPF will return the entry both in the corresponding domain but other entries will be aliased:

# zone file mydomain.net mydomain.net. DNAME mydomain.com. mydomain.net. SPF "mydomain.net's SPF" # zone file mydomain.com mydomain.com. SPF "mydomain.com's SPF" someip A 10.0.0.1 # dig mydomain.net spf mydomain.net. SPF "mydomain.net's SPF" # dig mydomain.com spf mydomain.com. SPF "mydomain.com's SPF" # dig someip.mydomain.net someip.mydomain.com A 10.0.0.1
Improve this answer
1
  • The SPF RRtype record is obsolete. The TXT RRtype should be used for all SPF records. Commented Feb 9, 2019 at 17:29
0

cPanel isn't actually using a CNAME; that would be an invalid configuration. I'm not sure how DNS servers would respond to it, but I suspect it just plain wouldn't work. BIND certainly has a tendency to refuse invalid data outright.

What has almost certainly happened is that the cPanel software setup a copy of all the records from the original domain in the second domain. Which would certainly "override" your SPF record.

Improve this answer

You must log in to answer this question.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.