A record question

[Kevin Darcy]

Okay, here are the basic ground rules regarding A records and CNAMES:

1. A name can own any number of A records (sometimes this is called a
"round robin")

2. Any number of A records with different names can point to any given
address (note that this creates a usually-harmless reverse-record
ambiguity, i.e. to which of those names should the reverse record
point?).

3. If a name owns a CNAME (i.e. is an alias name), then legally it can
own only *one* CNAME record. That is to say, a given alias target can
have multiple CNAMEs pointing to it, but you can't have multiple
CNAME records with the same name pointing to different targets. CNAMEs
are therefore fundamentally more restrictive (potentially
many-to-one) than A records (potentially many-to-many). Older versions of
BIND allowed multiple CNAMEs, but this was always illegal and now the
option to permit this has been discontinued (as of BIND 9). Just don't do
it.

4. Not only can CNAME records with the same name not co-exist with each
other, but a CNAME record can't co-exist with other
"regular" (non-DNSSEC-related) record types having the same name either.
Of most relevance, CNAME records can't co-exist with A, MX, NS or
SOA records.

4a. The most common consequence of the rule above is that the name of a
registered-and-active domain *cannot* own a CNAME. This is because a
registered-and-active domain is a *zone* which means it has at least an
SOA record and at least 1 -- preferably more -- NS records. The
CNAME can't co-exist with these. So, for example, as much as I might
prefer to make "chrysler.com" an alias for some other name, I can't.
Because I wanted that name to resolve to an address, I had to add an A
record specifically for that purpose, rather than a CNAME. What many
folks do to reduce maintenance and remove the reverse-record ambiguity is
add an A record for the name of the domain itself, and then make any
other names which should resolve to the same address aliases for it, e.g.
make www.example.com an alias for example.com, and so on and so forth for
mail.example.com, ftp.example.com, etc. if they all happen to be names
for the same machine.

5. Any name that is on the righthand side of a DNS resource record must
*not* be an alias (that is, a name which owns a CNAME). It should be a
"canonical" name , i.e. in most cases it should be a name which owns an
A record. This rule usually crops up in the context of people trying
(unsuccessfully) to use aliases as MX or NS targets.


- Kevin

bind at timmy.ws wrote:

> when i set up a zone file, I usually use A records for most of the DNS
> names; is this ok to do?
>
> i.e:
>
> domain.com.     IN  A   1.2.3.4
> www             IN  A   1.2.3.4
> ftp             IN  A   1.2.3.4
>
> is it okay to give the same machine multiple A records, or should I
> use CNAME RRs? I've been hearing some bad stuff about CNAME usage, and
> it's apparently not possible to use multiple CNAMES in BIND 9.x.
>
> i appreciate the input