DNS Question
DAve
dave.list at pixelhammer.com
Wed Oct 28 17:25:48 UTC 2009
Chuck Swiger wrote:
> On Oct 23, 2009, at 10:31 AM, Matthew Seaman wrote:
>>> You aren't supposed to use CNAMES for anything found in other RR's;
>>> in particular, you should always use an A record with the hostnames
>>> used for nameservers (ie, have an NS record), because you are
>>> supposed to be using the canonical name rather than an alias.
>>
>> Errr? You mean the rule that NS and MX and SRV rdata must include an
>> A record
>> rather than a CNAME? That's true, but what does that have to do with web
>> serving?
>
> Consider the case of redirects involving cnames; you end up with a lot
> of extra DNS traffic.
>
>> The illegality mentioned further upthread is that you can't use a
>> CNAME at a zone apex because of the 'CNAME and other data rule'[*] --
>> as there's always got to be SOA and NS records at the zone apex, if
>> you want a web page at 'example.com' you'ld have to provide an A or
>> AAAA record for it. Unless you're Verisign and have control over the
>> nameservers for .com, this is almost certainly illegal:
>>
>> example.com. IN CNAME www.example.com
>>
>> On the other hand:
>>
>> www.example.com. IN CNAME example.com.
>>
>> is generally fine.
>
> It's generally fine, sure, but almost never ideal. You don't save
> traffic by using CNAMEs instead of A records....
>
>>> PS: It's odd where google pulls up references to fairly canonical
>>> docs, sometimes. I'm not sure I even recognize "ua", and I suspect I
>>> deal with two-letter ISO 3166 country names more than most folks do.
>>> Maybe Ukraine? :-)
>>
>> Of course it's Ukraine. .uk was already taken, even though the two
>> letter
>> iso-code for this country is officially .gb. We're in an exclusive
>> club of
>> two nations that generally don't use their official iso-code in the
>> DNS. No
>> prizes for guessing which the other one is.
>
> Shucks, how can you pull in Jeopardy references and then deny giving out
> prizes? Well, my guess would be ie, although people who speak Finnish
> and call their home "Suomi" might find "fi" odd, also....
>
>> Cheers,
>>
>> Matthew
>>
>> [*] Little known factoid, but there are two legal exceptions to the
>> 'CNAME
>> and other data' rule. You can have RRSIG or NSEC records at the same
>> label
>> as CNAME -- see RFC 4035. Obscure DNS trivia for 100, Alex...
>
> Regards,
Just so everyone knows, having a domain with a CNAME at the top will
hose your mail traffic. We tried it, and some servers delivered fine,
others did not. Checking with dig +trace, and dns stuff, showed the
problem. Just trying to get a MX record for mainstreetfin.com would fail.
The record we had was,
mainstreetfin.com CNAME website.elliemae.com
And the problem is shown below.
---------------------------------------------------------------
DNS Lookup: mainstreetfin.com MX record
Searching for mainstreetfin.com MX record at a.root-servers.net
[198.41.0.4]: Got referral to M.GTLD-SERVERS.NET. (zone: com.) [took 39 ms]
Searching for mainstreetfin.com MX record at M.GTLD-SERVERS.NET.
[192.55.83.30]: Got referral to ns2auth.tls.net. (zone:
mainstreetfin.com.) [took 11 ms]
Searching for mainstreetfin.com MX record at ns2auth.tls.net.
[65.123.104.30]: Got CNAME of website.elliemae.com. and referral to
k.root-servers.net [took 36 ms]
Searching for website.elliemae.com MX record at g.root-servers.net
[192.112.36.4]: Got referral to I.GTLD-SERVERS.NET. (zone: com.) [took
143 ms]
Searching for website.elliemae.com MX record at I.GTLD-SERVERS.NET.
[192.43.172.30]: Got referral to ns2.elliemae.net. (zone: elliemae.com.)
[took 63 ms]
Searching for website.elliemae.com MX record at ns2.elliemae.net.
[63.241.88.21]: Timed out. Trying again.
Searching for website.elliemae.com MX record at ns2.elliemae.net.
[63.241.88.21]: Timed out. Trying again.
Searching for website.elliemae.com MX record at ns1.elliemae.net.
[216.35.165.21]: Reports that no MX records exist. [took 46 ms]
Response:
No MX records exist for website.elliemae.com. [Neg TTL=300 seconds]
Details:
ns1.elliemae.net. (an authoritative nameserver for elliemae.com.) says
that there are no MX records for website.elliemae.com.
The E-mail address in charge of the elliemae.com. zone is:
hostmaster at elliemae.com.
NOTE: One or more CNAMEs were encountered. mainstreetfin.com is really
website.elliemae.com.
----------------------------
So some mail servers never asked our authoritative servers what the MX
record was. Interesting.
DAve
--
"Posterity, you will know how much it cost the present generation to
preserve your freedom. I hope you will make good use of it. If you
do not, I shall repent in heaven that ever I took half the pains to
preserve it." John Quincy Adams
http://appleseedinfo.org
More information about the freebsd-questions
mailing list