From owner-freebsd-questions@FreeBSD.ORG Wed Oct 28 17:25:48 2009 Return-Path: Delivered-To: freebsd-questions@freebsd.org Received: from mx1.freebsd.org (mx1.freebsd.org [IPv6:2001:4f8:fff6::34]) by hub.freebsd.org (Postfix) with ESMTP id 2C7B31065670 for ; Wed, 28 Oct 2009 17:25:48 +0000 (UTC) (envelope-from dave.list@pixelhammer.com) Received: from smtp2.tls.net (smtp2.tls.net [65.124.104.105]) by mx1.freebsd.org (Postfix) with ESMTP id D80558FC1B for ; Wed, 28 Oct 2009 17:25:47 +0000 (UTC) Received: (qmail 98650 invoked from network); 28 Oct 2009 17:25:46 -0000 Received: by simscan 1.2.3 ppid: 98586, pid: 98643, t: 0.2049s scanners: attach: 1.2.3 spam: 3.2.1 X-Spam-Checker-Version: SpamAssassin 3.2.1 (2007-05-02) on smtp-2.tls.net X-Spam-Level: X-Spam-Status: No, score=-1.4 required=7.0 tests=ALL_TRUSTED autolearn=disabled version=3.2.1 Received: from unknown (HELO ?192.168.34.150?) (ldg@tls.net@65.124.104.206) by ssl-smtp2.tls.net with ESMTPA; 28 Oct 2009 17:25:46 -0000 Message-ID: <4AE87E86.50502@pixelhammer.com> Date: Wed, 28 Oct 2009 13:25:26 -0400 From: DAve User-Agent: Thunderbird 2.0.0.12 (Windows/20080213) MIME-Version: 1.0 To: FreeBSD - References: <200910231717.AA243925902@mail.Go2France.com> <18641935-9899-495F-9465-A7A10AA6A6D8@mac.com> <4AE1E864.5000500@infracaninophile.co.uk> <2B558559-4B08-41D6-9CFE-91E434DD9176@mac.com> In-Reply-To: <2B558559-4B08-41D6-9CFE-91E434DD9176@mac.com> Content-Type: text/plain; charset=ISO-8859-1; format=flowed Content-Transfer-Encoding: 7bit Subject: Re: DNS Question X-BeenThere: freebsd-questions@freebsd.org X-Mailman-Version: 2.1.5 Precedence: list List-Id: User questions List-Unsubscribe: , List-Archive: List-Post: List-Help: List-Subscribe: , X-List-Received-Date: Wed, 28 Oct 2009 17:25:48 -0000 Chuck Swiger wrote: > On Oct 23, 2009, at 10:31 AM, Matthew Seaman wrote: >>> You aren't supposed to use CNAMES for anything found in other RR's; >>> in particular, you should always use an A record with the hostnames >>> used for nameservers (ie, have an NS record), because you are >>> supposed to be using the canonical name rather than an alias. >> >> Errr? You mean the rule that NS and MX and SRV rdata must include an >> A record >> rather than a CNAME? That's true, but what does that have to do with web >> serving? > > Consider the case of redirects involving cnames; you end up with a lot > of extra DNS traffic. > >> The illegality mentioned further upthread is that you can't use a >> CNAME at a zone apex because of the 'CNAME and other data rule'[*] -- >> as there's always got to be SOA and NS records at the zone apex, if >> you want a web page at 'example.com' you'ld have to provide an A or >> AAAA record for it. Unless you're Verisign and have control over the >> nameservers for .com, this is almost certainly illegal: >> >> example.com. IN CNAME www.example.com >> >> On the other hand: >> >> www.example.com. IN CNAME example.com. >> >> is generally fine. > > It's generally fine, sure, but almost never ideal. You don't save > traffic by using CNAMEs instead of A records.... > >>> PS: It's odd where google pulls up references to fairly canonical >>> docs, sometimes. I'm not sure I even recognize "ua", and I suspect I >>> deal with two-letter ISO 3166 country names more than most folks do. >>> Maybe Ukraine? :-) >> >> Of course it's Ukraine. .uk was already taken, even though the two >> letter >> iso-code for this country is officially .gb. We're in an exclusive >> club of >> two nations that generally don't use their official iso-code in the >> DNS. No >> prizes for guessing which the other one is. > > Shucks, how can you pull in Jeopardy references and then deny giving out > prizes? Well, my guess would be ie, although people who speak Finnish > and call their home "Suomi" might find "fi" odd, also.... > >> Cheers, >> >> Matthew >> >> [*] Little known factoid, but there are two legal exceptions to the >> 'CNAME >> and other data' rule. You can have RRSIG or NSEC records at the same >> label >> as CNAME -- see RFC 4035. Obscure DNS trivia for 100, Alex... > > Regards, Just so everyone knows, having a domain with a CNAME at the top will hose your mail traffic. We tried it, and some servers delivered fine, others did not. Checking with dig +trace, and dns stuff, showed the problem. Just trying to get a MX record for mainstreetfin.com would fail. The record we had was, mainstreetfin.com CNAME website.elliemae.com And the problem is shown below. --------------------------------------------------------------- DNS Lookup: mainstreetfin.com MX record Searching for mainstreetfin.com MX record at a.root-servers.net [198.41.0.4]: Got referral to M.GTLD-SERVERS.NET. (zone: com.) [took 39 ms] Searching for mainstreetfin.com MX record at M.GTLD-SERVERS.NET. [192.55.83.30]: Got referral to ns2auth.tls.net. (zone: mainstreetfin.com.) [took 11 ms] Searching for mainstreetfin.com MX record at ns2auth.tls.net. [65.123.104.30]: Got CNAME of website.elliemae.com. and referral to k.root-servers.net [took 36 ms] Searching for website.elliemae.com MX record at g.root-servers.net [192.112.36.4]: Got referral to I.GTLD-SERVERS.NET. (zone: com.) [took 143 ms] Searching for website.elliemae.com MX record at I.GTLD-SERVERS.NET. [192.43.172.30]: Got referral to ns2.elliemae.net. (zone: elliemae.com.) [took 63 ms] Searching for website.elliemae.com MX record at ns2.elliemae.net. [63.241.88.21]: Timed out. Trying again. Searching for website.elliemae.com MX record at ns2.elliemae.net. [63.241.88.21]: Timed out. Trying again. Searching for website.elliemae.com MX record at ns1.elliemae.net. [216.35.165.21]: Reports that no MX records exist. [took 46 ms] Response: No MX records exist for website.elliemae.com. [Neg TTL=300 seconds] Details: ns1.elliemae.net. (an authoritative nameserver for elliemae.com.) says that there are no MX records for website.elliemae.com. The E-mail address in charge of the elliemae.com. zone is: hostmaster@elliemae.com. NOTE: One or more CNAMEs were encountered. mainstreetfin.com is really website.elliemae.com. ---------------------------- So some mail servers never asked our authoritative servers what the MX record was. Interesting. DAve -- "Posterity, you will know how much it cost the present generation to preserve your freedom. I hope you will make good use of it. If you do not, I shall repent in heaven that ever I took half the pains to preserve it." John Quincy Adams http://appleseedinfo.org