Many A-records

Jonathan de Boyne Pollard J.deBoynePollard at Tesco.NET
Tue Apr 6 10:51:49 UTC 2004 

f> I was once told that a network interface should have only
f> one A-record and a corresponding PTR record.
 
JdeBP> You were told this by someone who hadn't read RFC 2181 section 10.

p> Which dous not *imply* that you should use multiple A instead of
p> one A and multiple CNAMES "pointing to" that A

But does imply that the statement _actually being quoted_ and responded
to (which you really should have read) is false.

The reason for not using multiple client-side aliases is as I gave
before:  If there are two ways of doing things, only one of which 
involves using client-side aliases, one should choose the other way.

p> In fact when naming a resource maintained by another organisation

... which isn't the case here, and is a red herring ...

p> then a cname is the only sensitive way to do this.

False.  Indeed, the contrary is the case.  Client-side aliasing leads 
one to the false belief that that is all that one needs to do.  In
fact, one needs to talk to the owner of the content HTTP server in
order to arrange for virtual hosting to take place.  So since one is
communicating with the owner of the content HTTP server _anyway_, one
can communcate in order to either (a) receive notifications whenever
the content HTTP server moves to a new IP address, or (b) arrange for
the HTTP hosting service to also provide DNS hosting service (for
that specific domain name only, if needs be).

f> In my world a Network interface should have one but only
f> one A-record.
 
JdeBP> <URL:http://homepages.tesco.net./~J.deBoynePollard/FGA/dns-avoid-double-reverse.html#IncorrectDNSModel>
 
p> My comment here is that a network where a double dns-resolution is
p> the grain that breaks the camels back, then you certenly have
p> problems. But not with DNS !!

Correct.  You have problems with people who don't understand the
DNS model and are applying a purported "security" measure that doesn't
match the actual model.  And not understanding the DNS model is 
exactly what people in his world are doing, too, in a very similar way.

p> If this concerns were widespread we should use ip4 addresses 
p> everywhere and skip dns altogether.

Rubbish and hyperbole.

More information about the bind-users mailing list