Re: DNS Question

Fri, 23 Oct 2009 10:33:58 -0700 

Chuck Swiger wrote:

Hi--

On Oct 23, 2009, at 9:18 AM, Sean Cavanaugh wrote:

worse, it's illegal.
how is this illegal? if you are residing your domain on a hosting service, this makes sense to me. Granted its bad form and should have an A record to the host for the main domain record, but if i had control over "otherdomain.com" and not "example.com" and had to change the IP address, "example.com" would be dead until i was able to reach the owner of that domain and have them change their DNS info.
You aren't supposed to use CNAMES for anything found in other RR's; in particular, you should always use an A record with the hostnames used for nameservers (ie, have an NS record), because you are supposed to be using the canonical name rather than an alias. 

Errr?  You mean the rule that NS and MX and SRV rdata must include an A record
rather than a CNAME?  That's true, but what does that have to do with web
serving? 
The illegality mentioned further upthread is that you can't use a CNAME at a 
zone apex because of the 'CNAME and other data rule'[*] -- as there's always 
got to be SOA and NS records at the zone apex, if you want a web page at 
'example.com' you'ld have to provide an A or AAAA record for it.  Unless you're 
Verisign and have control over the nameservers for .com, this is almost 
certainly illegal:

example.com. IN CNAME www.example.com

On the other hand:

www.example.com. IN CNAME example.com.

is generally fine.


PS: It's odd where google pulls up references to fairly canonical
docs, sometimes.  I'm not sure I even recognize "ua", and I suspect I
deal with two-letter ISO 3166 country names more than most folks do.
Maybe Ukraine?  :-)


Of course it's Ukraine.  .uk was already taken, even though the two letter
iso-code for this country is officially .gb.  We're in an exclusive club of
two nations that generally don't use their official iso-code in the DNS.  No
prizes for guessing which the other one is.

        Cheers,

        Matthew

[*] Little known factoid, but there are two legal exceptions to the 'CNAME
and other data' rule.  You can have RRSIG or NSEC records at the same label
as CNAME -- see RFC 4035.  Obscure DNS trivia for 100, Alex...

--
Dr Matthew J Seaman MA, D.Phil.                   7 Priory Courtyard
                                                 Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey     Ramsgate
                                                 Kent, CT11 9PW

Attachment: signature.asc
Description: OpenPGP digital signature

Reply via email to