CNAME domain to another domain, but keep different SPF records for the two?
SCENARIO:
mydomain.com is the main website, we do send/receive mail using [email protected]. mydomain.com DNS has got an SPF record
"v=spf1 a mx ~all"mydomain.net is just an alias for mydomain.com, but we do NOT send mail using [email protected]. Therefor mydomain.net DNS has got an SPF record
"v=spf1 -all"to acknowledge everyone it does not send mail
Since mydomain.net is an alias for mydomain.com I wanted to use CNAME in DNS, thus:
mydomain.net -> CNAME -> mydomain.com
www.mydomain.net -> CNAME -> mydomain.com
But by doing this I noticed that when testing SPF for mydomain.net with a DNS tool like this the SPF returned is the one in mydomain.com "v=spf1 a mx ~all" and NOT as I would expect the "v=spf1 -all"
Is there a way to use different SPF for the two domains, by still using CNAME
Solution 1:
A CNAME means that the hostname is exactly the same as the target hostname with respect to all record types. If this is not what you want then you can't use a CNAME.
You also shouldn't CNAME the root of a domain (i.e. mydomain.net), because this means that the SOA for mydomain.net is actually that of mydomain.com.
Solution 2:
From a pure DNS point of view (i.e. don't know about cPanel), you can use a DNAME record to in mydomain.net to redirect to mydomain.com.
In that case, queries for SPF will return the entry both in the corresponding domain but other entries will be aliased:
# zone file mydomain.net
mydomain.net. DNAME mydomain.com.
mydomain.net. SPF "mydomain.net's SPF"
# zone file mydomain.com
mydomain.com. SPF "mydomain.com's SPF"
someip A 10.0.0.1
# dig mydomain.net spf
mydomain.net. SPF "mydomain.net's SPF"
# dig mydomain.com spf
mydomain.com. SPF "mydomain.com's SPF"
# dig someip.mydomain.net
someip.mydomain.com A 10.0.0.1