CNAME domain to another domain, but keep different SPF records for the two?

SCENARIO:

  • mydomain.com is the main website, we do send/receive mail using [email protected]. mydomain.com DNS has got an SPF record "v=spf1 a mx ~all"

  • mydomain.net is just an alias for mydomain.com, but we do NOT send mail using [email protected]. Therefor mydomain.net DNS has got an SPF record "v=spf1 -all" to acknowledge everyone it does not send mail

Since mydomain.net is an alias for mydomain.com I wanted to use CNAME in DNS, thus:

mydomain.net -> CNAME -> mydomain.com
www.mydomain.net -> CNAME -> mydomain.com

But by doing this I noticed that when testing SPF for mydomain.net with a DNS tool like this the SPF returned is the one in mydomain.com "v=spf1 a mx ~all" and NOT as I would expect the "v=spf1 -all"

Is there a way to use different SPF for the two domains, by still using CNAME


Solution 1:

A CNAME means that the hostname is exactly the same as the target hostname with respect to all record types. If this is not what you want then you can't use a CNAME.

You also shouldn't CNAME the root of a domain (i.e. mydomain.net), because this means that the SOA for mydomain.net is actually that of mydomain.com.

Solution 2:

From a pure DNS point of view (i.e. don't know about cPanel), you can use a DNAME record to in mydomain.net to redirect to mydomain.com.

In that case, queries for SPF will return the entry both in the corresponding domain but other entries will be aliased:

# zone file mydomain.net
mydomain.net. DNAME mydomain.com.
mydomain.net. SPF   "mydomain.net's SPF"

# zone file mydomain.com
mydomain.com. SPF   "mydomain.com's SPF"
someip   A      10.0.0.1

# dig mydomain.net spf
mydomain.net. SPF "mydomain.net's SPF"

# dig mydomain.com spf
mydomain.com. SPF "mydomain.com's SPF"

# dig someip.mydomain.net
someip.mydomain.com A 10.0.0.1