Christian Seberino wrote: > The super-genius security guy that wrote qmail also wrote > a paper on why CNAME is a bad idea....... > > So should everyone NEVER use it? > > Can you ALWAYS get the same result by just using more > A records??? > > e.g. Use 2 A records to set www.mydomain.com and mydomain.com > to SAME IP address without CNAMEs!!!
Even djb says CNAME's are fine to use. But there is a time when not to use it: when you have control over the destination. Example: you own example.net and example.com www.example.net CNAME -> www.example.com www.example.com A -> 10.10.10.10 *BAD* requires to DNS lookups, when that is not required. Since you control example.com, you know when www.example.com changes IP address www.example.net A -> 10.10.10.10 www.example.com A -> 10.10.10.10 Correct. debian.example.net CNAME -> ftp.us.debian.org *CORRECT* When you don't control the destination, you have no control over what debian.org does. -john -- [email protected] http://www.kernel-panic.org/cgi-bin/mailman/listinfo/kplug-list
