Date: Fri, 23 Oct 2009 18:31:16 +0100 From: Matthew Seaman <m.seaman@infracaninophile.co.uk> To: Chuck Swiger <cswiger@mac.com> Cc: Sean Cavanaugh <Millenia2000@hotmail.com>, "freebsd-questions@freebsd.org" <freebsd-questions@freebsd.org> Subject: Re: DNS Question Message-ID: <4AE1E864.5000500@infracaninophile.co.uk> In-Reply-To: <18641935-9899-495F-9465-A7A10AA6A6D8@mac.com> References: <200910231717.AA243925902@mail.Go2France.com> <BAY126-W12706A30D1794B2638ABC3CABD0@phx.gbl> <18641935-9899-495F-9465-A7A10AA6A6D8@mac.com>
next in thread | previous in thread | raw e-mail | index | archive | help
This is an OpenPGP/MIME signed message (RFC 2440 and 3156)
--------------enig8D48B21E1AC1E1303AB038FF
Content-Type: text/plain; charset=ISO-8859-1; format=flowed
Content-Transfer-Encoding: quoted-printable
Chuck Swiger wrote:
> Hi--
>=20
> On Oct 23, 2009, at 9:18 AM, Sean Cavanaugh wrote:
>>> worse, it's illegal.
>>
>> how is this illegal? if you are residing your domain on a hosting=20
>> service, this makes sense to me. Granted its bad form and should have =
>> an A record to the host for the main domain record, but if i had=20
>> control over "otherdomain.com" and not "example.com" and had to change=
=20
>> the IP address, "example.com" would be dead until i was able to reach =
>> the owner of that domain and have them change their DNS info.
>=20
> You aren't supposed to use CNAMES for anything found in other RR's; in =
> particular, you should always use an A record with the hostnames used=20
> for nameservers (ie, have an NS record), because you are supposed to be=
=20
> using the canonical name rather than an alias.
Errr? You mean the rule that NS and MX and SRV rdata must include an A r=
ecord
rather than a CNAME? That's true, but what does that have to do with web=
serving?=20
The illegality mentioned further upthread is that you can't use a CNAME a=
t a zone apex because of the 'CNAME and other data rule'[*] -- as there's=
always got to be SOA and NS records at the zone apex, if you want a web =
page at 'example.com' you'ld have to provide an A or AAAA record for it. =
Unless you're Verisign and have control over the nameservers for .com, t=
his is almost certainly illegal:
example.com. IN CNAME www.example.com
On the other hand:
www.example.com. IN CNAME example.com.
is generally fine.
> PS: It's odd where google pulls up references to fairly canonical
> docs, sometimes. I'm not sure I even recognize "ua", and I suspect I
> deal with two-letter ISO 3166 country names more than most folks do.
> Maybe Ukraine? :-)
Of course it's Ukraine. .uk was already taken, even though the two lette=
r
iso-code for this country is officially .gb. We're in an exclusive club =
of
two nations that generally don't use their official iso-code in the DNS. =
No
prizes for guessing which the other one is.
Cheers,
Matthew
[*] Little known factoid, but there are two legal exceptions to the 'CNAM=
E
and other data' rule. You can have RRSIG or NSEC records at the same lab=
el
as CNAME -- see RFC 4035. Obscure DNS trivia for 100, Alex...
--=20
Dr Matthew J Seaman MA, D.Phil. 7 Priory Courtyard
Flat 3
PGP: http://www.infracaninophile.co.uk/pgpkey Ramsgate
Kent, CT11 9PW
--------------enig8D48B21E1AC1E1303AB038FF
Content-Type: application/pgp-signature; name="signature.asc"
Content-Description: OpenPGP digital signature
Content-Disposition: attachment; filename="signature.asc"
-----BEGIN PGP SIGNATURE-----
Version: GnuPG v2.0.13 (FreeBSD)
Comment: Using GnuPG with Mozilla - http://enigmail.mozdev.org
iEYEAREIAAYFAkrh6GkACgkQ8Mjk52CukIx8yQCdGYh4itMoev2kFd5664OG3DJx
i5MAniLVRZwSZMliDl90IyO6+EpG9No4
=qWiE
-----END PGP SIGNATURE-----
--------------enig8D48B21E1AC1E1303AB038FF--
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?4AE1E864.5000500>