Date: Wed, 28 Oct 2009 13:25:26 -0400 From: DAve <dave.list@pixelhammer.com> To: FreeBSD - <freebsd-questions@freebsd.org> Subject: Re: DNS Question Message-ID: <4AE87E86.50502@pixelhammer.com> In-Reply-To: <2B558559-4B08-41D6-9CFE-91E434DD9176@mac.com> References: <200910231717.AA243925902@mail.Go2France.com> <BAY126-W12706A30D1794B2638ABC3CABD0@phx.gbl> <18641935-9899-495F-9465-A7A10AA6A6D8@mac.com> <4AE1E864.5000500@infracaninophile.co.uk> <2B558559-4B08-41D6-9CFE-91E434DD9176@mac.com>
next in thread | previous in thread | raw e-mail | index | archive | help
Chuck Swiger wrote: > On Oct 23, 2009, at 10:31 AM, Matthew Seaman wrote: >>> You aren't supposed to use CNAMES for anything found in other RR's; >>> in particular, you should always use an A record with the hostnames >>> used for nameservers (ie, have an NS record), because you are >>> supposed to be using the canonical name rather than an alias. >> >> Errr? You mean the rule that NS and MX and SRV rdata must include an >> A record >> rather than a CNAME? That's true, but what does that have to do with web >> serving? > > Consider the case of redirects involving cnames; you end up with a lot > of extra DNS traffic. > >> The illegality mentioned further upthread is that you can't use a >> CNAME at a zone apex because of the 'CNAME and other data rule'[*] -- >> as there's always got to be SOA and NS records at the zone apex, if >> you want a web page at 'example.com' you'ld have to provide an A or >> AAAA record for it. Unless you're Verisign and have control over the >> nameservers for .com, this is almost certainly illegal: >> >> example.com. IN CNAME www.example.com >> >> On the other hand: >> >> www.example.com. IN CNAME example.com. >> >> is generally fine. > > It's generally fine, sure, but almost never ideal. You don't save > traffic by using CNAMEs instead of A records.... > >>> PS: It's odd where google pulls up references to fairly canonical >>> docs, sometimes. I'm not sure I even recognize "ua", and I suspect I >>> deal with two-letter ISO 3166 country names more than most folks do. >>> Maybe Ukraine? :-) >> >> Of course it's Ukraine. .uk was already taken, even though the two >> letter >> iso-code for this country is officially .gb. We're in an exclusive >> club of >> two nations that generally don't use their official iso-code in the >> DNS. No >> prizes for guessing which the other one is. > > Shucks, how can you pull in Jeopardy references and then deny giving out > prizes? Well, my guess would be ie, although people who speak Finnish > and call their home "Suomi" might find "fi" odd, also.... > >> Cheers, >> >> Matthew >> >> [*] Little known factoid, but there are two legal exceptions to the >> 'CNAME >> and other data' rule. You can have RRSIG or NSEC records at the same >> label >> as CNAME -- see RFC 4035. Obscure DNS trivia for 100, Alex... > > Regards, Just so everyone knows, having a domain with a CNAME at the top will hose your mail traffic. We tried it, and some servers delivered fine, others did not. Checking with dig +trace, and dns stuff, showed the problem. Just trying to get a MX record for mainstreetfin.com would fail. The record we had was, mainstreetfin.com CNAME website.elliemae.com And the problem is shown below. --------------------------------------------------------------- DNS Lookup: mainstreetfin.com MX record Searching for mainstreetfin.com MX record at a.root-servers.net [198.41.0.4]: Got referral to M.GTLD-SERVERS.NET. (zone: com.) [took 39 ms] Searching for mainstreetfin.com MX record at M.GTLD-SERVERS.NET. [192.55.83.30]: Got referral to ns2auth.tls.net. (zone: mainstreetfin.com.) [took 11 ms] Searching for mainstreetfin.com MX record at ns2auth.tls.net. [65.123.104.30]: Got CNAME of website.elliemae.com. and referral to k.root-servers.net [took 36 ms] Searching for website.elliemae.com MX record at g.root-servers.net [192.112.36.4]: Got referral to I.GTLD-SERVERS.NET. (zone: com.) [took 143 ms] Searching for website.elliemae.com MX record at I.GTLD-SERVERS.NET. [192.43.172.30]: Got referral to ns2.elliemae.net. (zone: elliemae.com.) [took 63 ms] Searching for website.elliemae.com MX record at ns2.elliemae.net. [63.241.88.21]: Timed out. Trying again. Searching for website.elliemae.com MX record at ns2.elliemae.net. [63.241.88.21]: Timed out. Trying again. Searching for website.elliemae.com MX record at ns1.elliemae.net. [216.35.165.21]: Reports that no MX records exist. [took 46 ms] Response: No MX records exist for website.elliemae.com. [Neg TTL=300 seconds] Details: ns1.elliemae.net. (an authoritative nameserver for elliemae.com.) says that there are no MX records for website.elliemae.com. The E-mail address in charge of the elliemae.com. zone is: hostmaster@elliemae.com. NOTE: One or more CNAMEs were encountered. mainstreetfin.com is really website.elliemae.com. ---------------------------- So some mail servers never asked our authoritative servers what the MX record was. Interesting. DAve -- "Posterity, you will know how much it cost the present generation to preserve your freedom. I hope you will make good use of it. If you do not, I shall repent in heaven that ever I took half the pains to preserve it." John Quincy Adams http://appleseedinfo.org
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4AE87E86.50502>