Many A-records

fih frhak at hotmail.com
Mon Apr 5 20:16:43 UTC 2004


I'm sorry but you have missunderstood me. I never use CNAMES to point a
domain to a server, to do this i use A-records since nothing else will work.

What i lerned from a very polite news poster is that there is a RFC2181
section 10 stating that there is no rules against many A-records pointing to
the same IP. I have read it and lerned from it.
If a resolver can't handle two lookups they have problems but not with DNS.
( I still understand what you mean (why force a resolver to do another
lookup))

IP management tools like Lucent QIP for example is built up around that
every IP only have one A-record and if you need more names you will have to
use aliases. (There are ways aorund it but it's not default)

This is how i do it:

domain.com. IN A 1.1.1.1

domain.com. IN MX 5 unixbox.domain.com.

unixbox.domain.com. IN A 1.1.1.1

www.domain.com. IN CNAME unixbox.domain.com.

ftp.domain.com. IN CNAME unixbox.domain.com.



1.1.1.1.IN-ADDR.ARPA. IN PTR unixbox.domain.com.

This is good DNS management with my knowledege.













"Jeff Lasman" <blists at nobaloney.net> skrev i meddelandet
news:c4s06k$n1k$1 at sf1.isc.org...
> On Sunday 04 April 2004 10:05 pm, fih wrote:
>
> > Unfortunatley i was not thinking when stating that a NIC should only
> > have one A-record since a NIC can have subinterfaces. (Sorry folks)
>
> That's not the only reason.
>
> > An IP should only have one A-record and services should be pointed
> > out using Cnames.
>
> And from where do you get the "should"?  Did you read that somewhere,
> written by someone who doesn't understand DNS?
>
> Every time you create a CNAME where you could have used an A record you
> create a situation where every resolver looking for your service must
> do two lookups instead of one.  Why would you do this?
>
> There's only one good reason I can think of to use a CNAME record
> instead of an A record:  because you're pointing to a URL for which you
> don't control the A record and therefore cannot tell what it is to
> change your record if the target A record changes.
>
> > Of cource if you have choosen to let http be the
> > default service for a domain you will have to add a A-record for the
> > domain name but this will be an exception to the rule. (I'm not sure
> > this was ment to be (I could be totally wrong)).
>
> I don't understand what you mean here.  If you mean a domain that must
> have it's own zone file (example.com), then it must always have an A
> record.
>
> > If webhosting companies uses "virtual name based hosting" they should
> > use one A-record and many Cnames.
>
> Illegal according to RFCs.  Won't work.  Breaks DNS.  If you insist on
> it, you're wrong.
>
> > If webhosting companies uses subinterfaces they should have one
> > A-record per subinterface.
>
> Since you're writing under a hotmail address I don't know who you are
> but I sure hope you're not anyone in a position to actually administer
> DNS, since if you insist on doing it your way, you're breaking DNS.
>
> > If we have boght a SSL certificate that will protect www.www.com and
> > one of our customer want's to reach that service using their own DNS
> > namespace www.customer.com it will not work smooth since the
> > certificate was made for www.www.com.
>
> Which is as it should be.  While most people presume a cert is simply to
> secure and encrypt data transfer, the important other role of the cert
> is to identify the website.
>
> Jeff
> -- 
> Jeff Lasman, nobaloney.net, P. O. Box 52672, Riverside, CA  92517 US
> Professional Internet Services & Support / Consulting / Colocation
> Our blists address used on lists is for list email only
> Phone +1 909 324-9706, or see: "http://www.nobaloney.net/contactus.html"
>
>



More information about the bind-users mailing list