Chuck Swiger wrote:
On Oct 23, 2009, at 10:31 AM, Matthew Seaman wrote:
You aren't supposed to use CNAMES for anything found in other RR's; in particular, you should always use an A record with the hostnames used for nameservers (ie, have an NS record), because you are supposed to be using the canonical name rather than an alias.

Errr? You mean the rule that NS and MX and SRV rdata must include an A record
rather than a CNAME?  That's true, but what does that have to do with web
serving?

Consider the case of redirects involving cnames; you end up with a lot of extra DNS traffic.

The illegality mentioned further upthread is that you can't use a CNAME at a zone apex because of the 'CNAME and other data rule'[*] -- as there's always got to be SOA and NS records at the zone apex, if you want a web page at 'example.com' you'ld have to provide an A or AAAA record for it. Unless you're Verisign and have control over the nameservers for .com, this is almost certainly illegal:

example.com. IN CNAME www.example.com

On the other hand:

www.example.com. IN CNAME example.com.

is generally fine.

It's generally fine, sure, but almost never ideal. You don't save traffic by using CNAMEs instead of A records....

PS: It's odd where google pulls up references to fairly canonical
docs, sometimes.  I'm not sure I even recognize "ua", and I suspect I
deal with two-letter ISO 3166 country names more than most folks do.
Maybe Ukraine?  :-)

Of course it's Ukraine. .uk was already taken, even though the two letter iso-code for this country is officially .gb. We're in an exclusive club of two nations that generally don't use their official iso-code in the DNS. No
prizes for guessing which the other one is.

Shucks, how can you pull in Jeopardy references and then deny giving out prizes? Well, my guess would be ie, although people who speak Finnish and call their home "Suomi" might find "fi" odd, also....

    Cheers,

    Matthew

[*] Little known factoid, but there are two legal exceptions to the 'CNAME and other data' rule. You can have RRSIG or NSEC records at the same label
as CNAME -- see RFC 4035.  Obscure DNS trivia for 100, Alex...

Regards,


Just so everyone knows, having a domain with a CNAME at the top will hose your mail traffic. We tried it, and some servers delivered fine, others did not. Checking with dig +trace, and dns stuff, showed the problem. Just trying to get a MX record for mainstreetfin.com would fail.

The record we had was,
mainstreetfin.com CNAME website.elliemae.com

And the problem is shown below.

---------------------------------------------------------------
DNS Lookup: mainstreetfin.com MX record

Searching for mainstreetfin.com MX record at a.root-servers.net [198.41.0.4]: Got referral to M.GTLD-SERVERS.NET. (zone: com.) [took 39 ms]

Searching for mainstreetfin.com MX record at M.GTLD-SERVERS.NET. [192.55.83.30]: Got referral to ns2auth.tls.net. (zone: mainstreetfin.com.) [took 11 ms]

Searching for mainstreetfin.com MX record at ns2auth.tls.net. [65.123.104.30]: Got CNAME of website.elliemae.com. and referral to k.root-servers.net [took 36 ms]

Searching for website.elliemae.com MX record at g.root-servers.net [192.112.36.4]: Got referral to I.GTLD-SERVERS.NET. (zone: com.) [took 143 ms]

Searching for website.elliemae.com MX record at I.GTLD-SERVERS.NET. [192.43.172.30]: Got referral to ns2.elliemae.net. (zone: elliemae.com.) [took 63 ms]

Searching for website.elliemae.com MX record at ns2.elliemae.net. [63.241.88.21]: Timed out. Trying again.

Searching for website.elliemae.com MX record at ns2.elliemae.net. [63.241.88.21]: Timed out. Trying again.

Searching for website.elliemae.com MX record at ns1.elliemae.net. [216.35.165.21]: Reports that no MX records exist. [took 46 ms]

Response:
No MX records exist for website.elliemae.com. [Neg TTL=300 seconds]

Details:
ns1.elliemae.net. (an authoritative nameserver for elliemae.com.) says that there are no MX records for website.elliemae.com. The E-mail address in charge of the elliemae.com. zone is: hostmas...@elliemae.com.

NOTE: One or more CNAMEs were encountered. mainstreetfin.com is really website.elliemae.com.

----------------------------

So some mail servers never asked our authoritative servers what the MX record was. Interesting.

DAve

--
"Posterity, you will know how much it cost the present generation to
preserve your freedom.  I hope you will make good use of it.  If you
do not, I shall repent in heaven that ever I took half the pains to
preserve it." John Quincy Adams

http://appleseedinfo.org

_______________________________________________
freebsd-questions@freebsd.org mailing list
http://lists.freebsd.org/mailman/listinfo/freebsd-questions
To unsubscribe, send any mail to "freebsd-questions-unsubscr...@freebsd.org"

Reply via email to