From owner-freebsd-questions@FreeBSD.ORG Fri Oct 23 17:44:18 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 4502E106566C for ; Fri, 23 Oct 2009 17:44:18 +0000 (UTC) (envelope-from cswiger@mac.com) Received: from asmtpout017.mac.com (asmtpout017.mac.com [17.148.16.92]) by mx1.freebsd.org (Postfix) with ESMTP id 2F9D18FC14 for ; Fri, 23 Oct 2009 17:44:18 +0000 (UTC) MIME-version: 1.0 Content-transfer-encoding: 7BIT Content-type: text/plain; charset=US-ASCII; format=flowed; delsp=yes Received: from cswiger1.apple.com ([17.227.140.124]) by asmtp017.mac.com (Sun Java(tm) System Messaging Server 6.3-8.01 (built Dec 16 2008; 32bit)) with ESMTPSA id <0KRZ00GT2ALEQI10@asmtp017.mac.com> for freebsd-questions@freebsd.org; Fri, 23 Oct 2009 10:44:02 -0700 (PDT) Message-id: <2B558559-4B08-41D6-9CFE-91E434DD9176@mac.com> From: Chuck Swiger To: Matthew Seaman In-reply-to: <4AE1E864.5000500@infracaninophile.co.uk> Date: Fri, 23 Oct 2009 10:44:02 -0700 References: <200910231717.AA243925902@mail.Go2France.com> <18641935-9899-495F-9465-A7A10AA6A6D8@mac.com> <4AE1E864.5000500@infracaninophile.co.uk> X-Mailer: Apple Mail (2.936) Cc: FreeBSD - Subject: Re: DNS Question X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Fri, 23 Oct 2009 17:44:18 -0000 On Oct 23, 2009, at 10:31 AM, Matthew Seaman wrote: >> You aren't supposed to use CNAMES for anything found in other RR's; >> in particular, you should always use an A record with the hostnames >> used for nameservers (ie, have an NS record), because you are >> supposed to be using the canonical name rather than an alias. > > Errr? You mean the rule that NS and MX and SRV rdata must include > an A record > rather than a CNAME? That's true, but what does that have to do > with web > serving? Consider the case of redirects involving cnames; you end up with a lot of extra DNS traffic. > The illegality mentioned further upthread is that you can't use a > CNAME at a zone apex because of the 'CNAME and other data rule'[*] > -- as there's always got to be SOA and NS records at the zone apex, > if you want a web page at 'example.com' you'ld have to provide an A > or AAAA record for it. Unless you're Verisign and have control over > the nameservers for .com, this is almost certainly illegal: > > example.com. IN CNAME www.example.com > > On the other hand: > > www.example.com. IN CNAME example.com. > > is generally fine. It's generally fine, sure, but almost never ideal. You don't save traffic by using CNAMEs instead of A records.... >> PS: It's odd where google pulls up references to fairly canonical >> docs, sometimes. I'm not sure I even recognize "ua", and I suspect I >> deal with two-letter ISO 3166 country names more than most folks do. >> Maybe Ukraine? :-) > > Of course it's Ukraine. .uk was already taken, even though the two > letter > iso-code for this country is officially .gb. We're in an exclusive > club of > two nations that generally don't use their official iso-code in the > DNS. No > prizes for guessing which the other one is. Shucks, how can you pull in Jeopardy references and then deny giving out prizes? Well, my guess would be ie, although people who speak Finnish and call their home "Suomi" might find "fi" odd, also.... > Cheers, > > Matthew > > [*] Little known factoid, but there are two legal exceptions to the > 'CNAME > and other data' rule. You can have RRSIG or NSEC records at the > same label > as CNAME -- see RFC 4035. Obscure DNS trivia for 100, Alex... Regards, -- -Chuck