starred/acme-dns
1
0
Fork 0
mirror of https://github.com/acme-dns/acme-dns.git synced 2026-04-27 21:05:49 +03:00
Code Issues 178 Projects Releases 5 Packages Wiki Activity

[GH-ISSUE #179] Clarification on NS records for sub-domains #75

New issue
Closed
opened 2026-03-13 15:40:48 +03:00 by kerem · 2 comments
kerem commented 2026-03-13 15:40:48 +03:00
Owner
Copy link

Originally created by @icelava on GitHub (Sep 3, 2019).
Original GitHub issue: https://github.com/acme-dns/acme-dns/issues/179

From the originating article by EFF, we learnt of this light-weight ACME-DNS software
https://www.eff.org/deeplinks/2018/02/technical-deep-dive-securing-automation-acme-dns-challenge-validation

I have successfully tested this using my personal domain icelava.net by delegating a sub-domain to my home test Linux server running ACME-DNS. As of now, I define my sub-domain with the current IP address assigned to my home (which really is dynamic). I have a knowledge gap as to whether this sub-domain delegation can be more dynamic?

For example, right now
NS sub sub.icelava.net.
A sub 111.222.333.444

I would like to instead set it as

NS sub sub.icelava.net.
CNAME sub what.ever.dynamic.dns.

Does regular DNS delegation allow such configuration? All the articles I've read so far on the topic define a hard A record for the sub-domain name.

Originally created by @icelava on GitHub (Sep 3, 2019). Original GitHub issue: https://github.com/acme-dns/acme-dns/issues/179 From the originating article by EFF, we learnt of this light-weight ACME-DNS software https://www.eff.org/deeplinks/2018/02/technical-deep-dive-securing-automation-acme-dns-challenge-validation I have successfully tested this using my personal domain icelava.net by delegating a sub-domain to my home test Linux server running ACME-DNS. As of now, I define my sub-domain with the current IP address assigned to my home (which really is dynamic). I have a knowledge gap as to whether this sub-domain delegation can be more dynamic? For example, right now NS sub sub.icelava.net. A sub 111.222.333.444 I would like to instead set it as NS sub sub.icelava.net. CNAME sub what.ever.dynamic.dns. Does regular DNS delegation allow such configuration? All the articles I've read so far on the topic define a hard A record for the sub-domain name.
kerem 2026-03-13 15:40:48 +03:00
  • closed this issue
  • added the
    question
         label
kerem commented 2026-03-13 15:41:04 +03:00
Author
Owner
Copy link

@joohoi commented on GitHub (Sep 3, 2019):

I haven't tested that scenario myself, and while it's suboptimal setup at best it just might work. I don't think the DNS RFCs forbid this use case though but the support by different implementations may vary.

<!-- gh-comment-id:527346607 --> @joohoi commented on GitHub (Sep 3, 2019): I haven't tested that scenario myself, and while it's suboptimal setup at best it just might work. I don't think the DNS RFCs forbid this use case though but the support by different implementations may vary.
kerem commented 2026-03-13 15:41:09 +03:00
Author
Owner
Copy link

@icelava commented on GitHub (Sep 6, 2019):

I previously took a look at RFC 1035 and its definition of the NS RR wasn't clear on the use of CNAME aliases. I've been testing this out with my own domain, with additional declaration for a separate CNAME host (e.g. subns) to act as the NS for sub; the major fallout I see is that it gets a little messed up with SOA answers because it will follow the alias chain back to the actual dynamic DNS hostname (e.g. icelava.dyndns.org) and therefore I lose authority for my sub-domain.

Looking around some more it appears the CNAME aliases must not be use for NS and MX records. Especially indicated so in RFC 2181 10.3. So back to A records then.

<!-- gh-comment-id:528897989 --> @icelava commented on GitHub (Sep 6, 2019): I previously took a look at RFC 1035 and its definition of the NS RR wasn't clear on the use of CNAME aliases. I've been testing this out with my own domain, with additional declaration for a separate CNAME host (e.g. subns) to act as the NS for sub; the major fallout I see is that it gets a little messed up with SOA answers because it will follow the alias chain back to the actual dynamic DNS hostname (e.g. icelava.dyndns.org) and therefore I lose authority for my sub-domain. Looking around some more it appears the CNAME aliases must not be use for NS and MX records. Especially indicated so in RFC 2181 10.3. So back to A records then.
Sign in to join this conversation.
No Branch/Tag specified
Branches Tags
master
fix_dockerhub
dockerhub
readme2.0
goreleaser_action
refactoring
linter_update_config
update_deps_122
dependabot/go_modules/github.com/valyala/fasthttp-1.34.0
deps_bump
update_goreleaser
update_golint
deps_update
update_dockerfile
v2.0.2
v2.0.1
v2.0
v1.1
v1.0
v0.8
v0.7.2
v0.7.1
v0.7
v0.6
v0.5
v0.4
v0.3.2
v0.3.1
v0.3
v0.2
v0.1
Labels
Clear labels   
Documentation

   
Documentation

   
bug

   
enhancement

   
feature request

   
feature request

   
help wanted

   
pull-request

Mirrored from GitHub Pull Request

  
question

   
security

   
security

   
testing
No labels
Documentation
Documentation
bug
enhancement
feature request
feature request
help wanted
pull-request
question
security
security
testing
Milestone
Clear milestone
No items
No milestone
Projects
Clear projects
No items
No project
Assignees
Clear assignees
No assignees
1 participant
Notifications
Due date
The due date is invalid or out of range. Please use the format "yyyy-mm-dd".

No due date set.

Dependencies

No dependencies set.

Reference
starred/acme-dns#75
No description provided.