[BlueOnyx:22322] Re: DNS

Tue Aug 14 03:53:34 -05 2018

Hi Michael,

> > I have been asked by a client to create a new CNAME record on the DNS
> > for the following:
> >
> > NEW Record Type: CNAME
> >
> > Hostname: _69F8BF440B0DA58166380745E0EB4F5F.domain.co.uk
> >
> > Point to:
> >
> 57BB458482A5AB33474E97891351014E.E610BBD363C7C2E032B35DDA755B2
> B52.55Wc
> > QD58V50sJqcKeKP5.comodoca.com
> >
> > Bind says no! :-/
> >
> > It won’t accept either of the host names using the GUI and adding it
> > to the include file causes an error.
> The regular expressions that the GUI uses to validate input type "hostname" is
> like this:
> 
> <typedef name="hostname" type="re"
> 
> data="^(([a-z0-9]|[a-z0-9][a-z0-9\-]*[a-z0-9])\.)*([a-z0-9]|[a-z0-9][a-z0-9\-]*[a-
> z0-9])$"
> 
> />
> 
> So ... no upper case characters and no leading "_". Granted, we're a bit more
> strict there than RFC 952 and RFC 1123, which say that the characters are case
> insensitive. Meaning: Put a big "A" there or a small "a" and it doesn't matter.
> Both are treated as the same.
> 
> Still: The fact remains that host- and domain names (according to RFC) may not
> start with anything *but* a character or (as of RFC 1123) a number. Hence: The
> underscore is a total no-no.
> 
> Unless you're talking domain keys (which are deprecated anyway) or SRV
> records.
> 
> I guess what your client really wants is either a CAA-record or a SRV-record and
> not a C-name?

This is a Comodo instruction for validating a cert request. Normally CA just use a TXT record for validation but in this case they have requested a bizarre CNAME?
I haven't had anything to do with Comodo in the past so not sure. I kicked it back and asked for a different method. I guessed that the underscore was a no-no. 

Regards

Colin