Chuck Swiger wrote:
On Oct 23, 2009, at 10:31 AM, Matthew Seaman wrote:
You aren't supposed to use CNAMES for anything found in other RR's;
in particular, you should always use an A record with the hostnames
used for nameservers (ie, have an NS record), because you are
supposed to be using the canonical name rather than an alias.
Errr? You mean the rule that NS and MX and SRV rdata must include an
A record
rather than a CNAME? That's true, but what does that have to do with web
serving?
Consider the case of redirects involving cnames; you end up with a lot
of extra DNS traffic.
The illegality mentioned further upthread is that you can't use a
CNAME at a zone apex because of the 'CNAME and other data rule'[*] --
as there's always got to be SOA and NS records at the zone apex, if
you want a web page at 'example.com' you'ld have to provide an A or
AAAA record for it. Unless you're Verisign and have control over the
nameservers for .com, this is almost certainly illegal:
example.com. IN CNAME www.example.com
On the other hand:
www.example.com. IN CNAME example.com.
is generally fine.
It's generally fine, sure, but almost never ideal. You don't save
traffic by using CNAMEs instead of A records....
PS: It's odd where google pulls up references to fairly canonical
docs, sometimes. I'm not sure I even recognize "ua", and I suspect I
deal with two-letter ISO 3166 country names more than most folks do.
Maybe Ukraine? :-)
Of course it's Ukraine. .uk was already taken, even though the two
letter
iso-code for this country is officially .gb. We're in an exclusive
club of
two nations that generally don't use their official iso-code in the
DNS. No
prizes for guessing which the other one is.
Shucks, how can you pull in Jeopardy references and then deny giving out
prizes? Well, my guess would be ie, although people who speak Finnish
and call their home "Suomi" might find "fi" odd, also....
Cheers,
Matthew
[*] Little known factoid, but there are two legal exceptions to the
'CNAME
and other data' rule. You can have RRSIG or NSEC records at the same
label
as CNAME -- see RFC 4035. Obscure DNS trivia for 100, Alex...
Regards,
Just so everyone knows, having a domain with a CNAME at the top will
hose your mail traffic. We tried it, and some servers delivered fine,
others did not. Checking with dig +trace, and dns stuff, showed the
problem. Just trying to get a MX record for mainstreetfin.com would fail.
The record we had was,
mainstreetfin.com CNAME website.elliemae.com
And the problem is shown below.
---------------------------------------------------------------
DNS Lookup: mainstreetfin.com MX record
Searching for mainstreetfin.com MX record at a.root-servers.net
[198.41.0.4]: Got referral to M.GTLD-SERVERS.NET. (zone: com.) [took 39 ms]
Searching for mainstreetfin.com MX record at M.GTLD-SERVERS.NET.
[192.55.83.30]: Got referral to ns2auth.tls.net. (zone:
mainstreetfin.com.) [took 11 ms]
Searching for mainstreetfin.com MX record at ns2auth.tls.net.
[65.123.104.30]: Got CNAME of website.elliemae.com. and referral to
k.root-servers.net [took 36 ms]
Searching for website.elliemae.com MX record at g.root-servers.net
[192.112.36.4]: Got referral to I.GTLD-SERVERS.NET. (zone: com.) [took
143 ms]
Searching for website.elliemae.com MX record at I.GTLD-SERVERS.NET.
[192.43.172.30]: Got referral to ns2.elliemae.net. (zone: elliemae.com.)
[took 63 ms]
Searching for website.elliemae.com MX record at ns2.elliemae.net.
[63.241.88.21]: Timed out. Trying again.
Searching for website.elliemae.com MX record at ns2.elliemae.net.
[63.241.88.21]: Timed out. Trying again.
Searching for website.elliemae.com MX record at ns1.elliemae.net.
[216.35.165.21]: Reports that no MX records exist. [took 46 ms]
Response:
No MX records exist for website.elliemae.com. [Neg TTL=300 seconds]
Details:
ns1.elliemae.net. (an authoritative nameserver for elliemae.com.) says
that there are no MX records for website.elliemae.com.
The E-mail address in charge of the elliemae.com. zone is:
hostmas...@elliemae.com.
NOTE: One or more CNAMEs were encountered. mainstreetfin.com is really
website.elliemae.com.
----------------------------
So some mail servers never asked our authoritative servers what the MX
record was. Interesting.
DAve
--
"Posterity, you will know how much it cost the present generation to
preserve your freedom. I hope you will make good use of it. If you
do not, I shall repent in heaven that ever I took half the pains to
preserve it." John Quincy Adams
http://appleseedinfo.org
_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"