Relaxing the DNS CNAME rules (a little)

In the University we have a web tool which allows IT Staff to update parts of the DNS covering their own unit. It’s a simple tool which we hope one day to replace, but serves well enough for most cases for the time being.

One restriction coded into the tool is that when creating a CNAME, the alias itself and also the target of the alias must both be within the IT Officer’s own subdomain(s). For example, assuming we are an Engineering Science IT Officer:

test1.eng --> www.eng   OK
test2.eng --> www.chem  FAIL

However a good number of units in the University are collaborating on, sharing or leasing IT services from other units, often requiring cross-unit CNAMEs to be in place. IT Officers email Hostmaster to ask for such records to be created, and my team does that for them. However we’re aware that we add no value to this process, as we’re not checking the validity of the CNAME target other than that it’s within the domain. If we add no value to a process as humans, it’s a good candidate for automating away!

Therefore we’ve recently rolled out a change to the DNS web admin tool that allows the target of a CNAME to be the name of any other A record within the University. The CNAME itself must still be within the IT Officer’s permitted DNS subdomains, but now they are free to point at any other A record’s name in

test1.eng --> www.eng   OK
test2.eng --> www.chem  OK

I hope this proves welcome from those collaborating within the University!

p.s. In the web tool, as above in the examples, you omit the from host names just to save effort. However when configuring your hosts don’t forget that the fully-qualified name does include on the end!

Posted in DNS, Productivity | Comments Off on Relaxing the DNS CNAME rules (a little)

Comments are closed.