Aliasing a domain any implications for DNSSEC/DANE

John john at
Fri Jan 16 14:35:11 CET 2015

I originally thought of using dname records for the domain aliases and 
cname records for the TLSA records.
But for this to work I would need  to enable recursion on the 
authoritative server. I understand that for very good reasons this is 
considered a very bad idea., therefor I wont go tin this direction.

As an alternative I a considering using the same zone file for all three 
I assume that i should only have maintain and inline on the main domain 
domain entry in bind.
Is this the "best" way of  aliasing? What gotchas should I be aware of?

John Allen
Save the whales. Collect the whole set.

-------------- next part --------------
A non-text attachment was scrubbed...
Name: smime.p7s
Type: application/pkcs7-signature
Size: 4268 bytes
Desc: S/MIME Cryptographic Signature
URL: <>

More information about the dane-users mailing list