Identical DNS zones with DNAME record

Identical DNS zones with DNAME record

Situation

A DNS server is authorative for the follong zones: abc.be and def.be.
The records in both zones need to resolve to the same IP addresses, for example:

hostA.abc.be => A record => 192.168.102
hostB.abc.be => A record => 192.168.103

hostA.def.be => A record => 192.168.102
hostB.def.be => A record => 192.168.103

When these zones grow, it becomes harder to keep them in sync. It is therefore much easier to keep one zone up to date, and point the second one (and third, fourth, etc) to this first zone.

Enter the DNAME record

A DNAME record makes it possible to create an alias for a subdomain like so:

foo.example.com.        DNAME  bar.example.com.

The problem with this example however, is that you need to be authorative for the zone below. In our example, we would need to be authorative for the entire .be zone. The solution: Create a new zone file and add a single default DNAME record.

Why it's handy

This trick is useful if you need to switch to a new domain name but need to keep old FQDN's working (for example during a migration) or if you need to merge networks and systems. You can also link to a domain that is hosted on another DNS server, something which is not possible with the "use the same zone file" trick that you can do with bind. It's also more transparent, as a dns lookup with dig will actually show that the domain is aliased to another domain.

Bind

Example named.conf entries:

zone "abc.be" IN {
        type master;
        file "/var/named/data/abc.be";
};

zone "def.be" IN {
        type master;
        file "/var/named/data/def.be";
};

Example abc.be zone file:

$TTL    604800
@       IN      SOA     ns0.abc.be. dns.abc.be. (
                     2013021801         ; Serial
                         604800         ; Refresh
                          86400         ; Retry
                        2419200         ; Expire
                         604800 )       ; Negative Cache TTL
;
		NS	ns0

ns0	IN	A	192.168.122.65
test	IN	A	127.0.0.1

Example def.be zone file:

@	IN      SOA     ns0.def.be. dns.def.be. (
                     2012060601         ; Serial
                         604800         ; Refresh
                          86400         ; Retry
                        2419200         ; Expire
                         604800 )       ; Negative Cache TTL
;


		NS	ns0.abc.be.

@	IN	DNAME	abc.be.

Looking up "test.def.be" with dig then shows the following output:

; <<>> DiG 9.7.3-P3-RedHat-9.7.3-8.P3.el6_2.3 <<>> test.def.be @localhost
;; global options: +cmd
;; Got answer:
;; -	>	>HEADER<<- opcode: QUERY, status: NOERROR, id: 55276
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 1, ADDITIONAL: 1

;; QUESTION SECTION:
;test.def.be.			IN	A

;; ANSWER SECTION:
def.be.			604800	IN	DNAME	abc.be.
test.def.be.		604800	IN	CNAME	test.abc.be.
test.abc.be.		604800	IN	A	127.0.0.1

;; AUTHORITY SECTION:
abc.be.			604800	IN	NS	ns0.abc.be.

;; ADDITIONAL SECTION:
ns0.abc.be.		604800	IN	A	192.168.122.65

;; Query time: 1 msec
;; SERVER: ::1#53(::1)
;; WHEN: Wed Mar  6 13:19:27 2013
;; MSG SIZE  rcvd: 118

Windows

What's also nice about this technique in comparison with the "use the same zone file" trick, is that it can also be applied on Windows DNS servers.
If you already have your data-filled zone (abc.be), simply create a new zone (def.be) in DNS Manager.. Then rightclick the zone, and choose "Other new records...".
Select the Domain Alias (DNAME) type, and then create the record without filling in an alias name, but selecting your target zone (abc.be)