问题
Suppose I have two domain names (domainA, domainB). I set the CNAME record of domainA to domainB, so whenever a user resolves domainA, he will be redirected to resolving domainB instead. My question is if it is possible to restrict accessing domainB directly. So no one can resolve domainB unless it has first resolved domainA.
回答1:
The DNS system is designed to be an open system that allows anyone to resolve addresses. In its native form it is not possible to do what you are looking for.
Even though the most common (perhaps only) software used for DNS servers on the internet is open source ISC Bind - And you could potentially use that to write your own DNS server to attempt to create that functionality I am reasonably sure that because DNS works as a referral network (i.e. other DNS servers make requests against your DNS servers on behalf of clients) it would be difficult to lock DNS down to a single source.
Simply DNS isn't designed to provide any form of security. Your request is akin to asking 'could I make a phone book that only allowed people to read my name if they read my neighbours first'
The only method you could use is to allow users to make a request to example.com and from their redirect their request to example.org. That way you are operating at a level higher than IP Name resolution and you start getting more control over what happens.
来源:https://stackoverflow.com/questions/35488112/is-it-possible-to-force-setting-cname-record-of-the-dns