DNS Question

DAve dave.list at pixelhammer.com
Wed Oct 28 17:25:48 UTC 2009

Chuck Swiger wrote:
> On Oct 23, 2009, at 10:31 AM, Matthew Seaman wrote:
>>> You aren't supposed to use CNAMES for anything found in other RR's; 
>>> in particular, you should always use an A record with the hostnames 
>>> used for nameservers (ie, have an NS record), because you are 
>>> supposed to be using the canonical name rather than an alias.
>> Errr?  You mean the rule that NS and MX and SRV rdata must include an 
>> A record
>> rather than a CNAME?  That's true, but what does that have to do with web
>> serving?
> Consider the case of redirects involving cnames; you end up with a lot 
> of extra DNS traffic.
>> The illegality mentioned further upthread is that you can't use a 
>> CNAME at a zone apex because of the 'CNAME and other data rule'[*] -- 
>> as there's always got to be SOA and NS records at the zone apex, if 
>> you want a web page at 'example.com' you'ld have to provide an A or 
>> AAAA record for it.  Unless you're Verisign and have control over the 
>> nameservers for .com, this is almost certainly illegal:
>> example.com. IN CNAME www.example.com
>> On the other hand:
>> www.example.com. IN CNAME example.com.
>> is generally fine.
> It's generally fine, sure, but almost never ideal.  You don't save 
> traffic by using CNAMEs instead of A records....
>>> PS: It's odd where google pulls up references to fairly canonical
>>> docs, sometimes.  I'm not sure I even recognize "ua", and I suspect I
>>> deal with two-letter ISO 3166 country names more than most folks do.
>>> Maybe Ukraine?  :-)
>> Of course it's Ukraine.  .uk was already taken, even though the two 
>> letter
>> iso-code for this country is officially .gb.  We're in an exclusive 
>> club of
>> two nations that generally don't use their official iso-code in the 
>> DNS.  No
>> prizes for guessing which the other one is.
> Shucks, how can you pull in Jeopardy references and then deny giving out 
> prizes?  Well, my guess would be ie, although people who speak Finnish 
> and call their home "Suomi" might find "fi" odd, also....
>>     Cheers,
>>     Matthew
>> [*] Little known factoid, but there are two legal exceptions to the 
>> and other data' rule.  You can have RRSIG or NSEC records at the same 
>> label
>> as CNAME -- see RFC 4035.  Obscure DNS trivia for 100, Alex...
> Regards,

Just so everyone knows, having a domain with a CNAME at the top will 
hose your mail traffic. We tried it, and some servers delivered fine, 
others did not. Checking with dig +trace, and dns stuff, showed the 
problem. Just trying to get a MX record for mainstreetfin.com would fail.

The record we had was,
mainstreetfin.com CNAME website.elliemae.com

And the problem is shown below.

DNS Lookup: mainstreetfin.com MX record

Searching for mainstreetfin.com MX record at a.root-servers.net 
[]: Got referral to M.GTLD-SERVERS.NET. (zone: com.) [took 39 ms]

Searching for mainstreetfin.com MX record at M.GTLD-SERVERS.NET. 
[]: Got referral to ns2auth.tls.net. (zone: 
mainstreetfin.com.) [took 11 ms]

Searching for mainstreetfin.com MX record at ns2auth.tls.net. 
[]: Got CNAME of website.elliemae.com. and referral to 
k.root-servers.net [took 36 ms]

Searching for website.elliemae.com MX record at g.root-servers.net 
[]: Got referral to I.GTLD-SERVERS.NET. (zone: com.) [took 
143 ms]

Searching for website.elliemae.com MX record at I.GTLD-SERVERS.NET. 
[]: Got referral to ns2.elliemae.net. (zone: elliemae.com.) 
[took 63 ms]

Searching for website.elliemae.com MX record at ns2.elliemae.net. 
[]: Timed out. Trying again.

Searching for website.elliemae.com MX record at ns2.elliemae.net. 
[]: Timed out. Trying again.

Searching for website.elliemae.com MX record at ns1.elliemae.net. 
[]: Reports that no MX records exist. [took 46 ms]

No MX records exist for website.elliemae.com. [Neg TTL=300 seconds]

ns1.elliemae.net. (an authoritative nameserver for elliemae.com.) says 
that there are no MX records for website.elliemae.com.
The E-mail address in charge of the elliemae.com. zone is: 
hostmaster at elliemae.com.

NOTE: One or more CNAMEs were encountered. mainstreetfin.com is really 


So some mail servers never asked our authoritative servers what the MX 
record was. Interesting.


"Posterity, you will know how much it cost the present generation to
preserve your freedom.  I hope you will make good use of it.  If you
do not, I shall repent in heaven that ever I took half the pains to
preserve it." John Quincy Adams


More information about the freebsd-questions mailing list