>Here is what a "normal" zone might look like after I add it: > SomeDomain.com. SOA ns1.orcsweb.com > SomeDomain.com. A 192.168.1.2 > SomeDomain.com. NS ns1.orcsweb.com > SomeDomain.com. NS ns2.orcsweb.com > SomeDomain.com. MX 10 mail2.orcsweb.com > SomeDomain.com. MX 20 backupmx.orcsweb.com > stage A 192.168.1.3 > ftp CNAME SomeDomain.com > www CNAME SomeDomain.com
I personally don't like the CNAMEs. With this setup, www and ftp have to point to the same server (it would be easy to fix later, but would require removing the CNAME). I'd prefer for ftp and www to have A records pointing to 192.168.1.2, which can make it less confusing. >So, as you can see, I add an A record with a blank hostname and then some >CNAMEs back to the A record. Would it be better to just add a single A >record of "*" so that all third-level names (like brad.domain.com) are >valid for the domain? So the record would look like: > > SomeDomain.com. SOA ns1.orcsweb.com > SomeDomain.com. NS ns1.orcsweb.com > SomeDomain.com. NS ns2.orcsweb.com > SomeDomain.com. MX 10 mail2.orcsweb.com > SomeDomain.com. MX 20 backupmx.orcsweb.com > * A 192.168.1.2 > stage A 192.168.1.3 I'd prefer the CNAMEs over this. Wildcards in DNS should rarely ever be used. Here, you're saying that all hosts at SomeDomain.com are valid. If someone doesn't like you, they could plaster the web with "http://SomeDomainSucks.SomeDomain.com";. People will go straight to your website, but see the "SomeDomainSucks" in the URL the whole time. :) Or, if they put in a few adult words, it could cause some bad publicity (or good publicity, depending on your site!). >I'm trying to figure the best (standard?) way to set up zones. I'm sure >there are issues like ease of management and rfc compliance. I like the >second listing because then the client can use any sub-domain they want >without us messing with the DNS. As far as I know, all 3 formats (CNAMEs, wildcards, and plain old A records) are all valid (RFC compliant). It's really up to you which you think will suit you best. I'd go the A route personally, but if you're comfortable with CNAMEs (and know where not to use them, such as in MX or NS records), or are comfortable with the wildcards (which may be fine for smallish domains), that's OK. -Scott --- Declude: Anti-virus, Anti-spam and Anti-hijacking solutions for IMail. http://www.declude.com --- [This E-mail was scanned for viruses by Declude Virus (http://www.declude.com)] Please visit http://www.ipswitch.com/support/mailing-lists.html to be removed from this list. An Archive of this list is available at: http://www.mail-archive.com/imail_forum%40list.ipswitch.com/ Please visit the Knowledge Base for answers to frequently asked questions: http://www.ipswitch.com/support/IMail/
