Date: Fri, 11 Oct 1996 09:23:21 -0700 From: John Polstra <jdp@polstra.com> To: jkh@time.cdrom.com Cc: hackers@FreeBSD.org Subject: Re: Site maintainers for subdomains under freebsd.org - please read! Message-ID: <199610111623.JAA04887@austin.polstra.com> In-Reply-To: <824.845039160@time.cdrom.com>
next in thread | previous in thread | raw e-mail | index | archive | help
I have an important clarification for one part of Jordan's message:
> CNAMES:
>
> The following CNAMEs should be in place, just to make it easier
> for us to figure out name server topology when things are broken:
>
> ns.<dom>.freebsd.org
>
> Your main name server. If you have secondaries, they
> should be ns2.<dom>.freebsd.org, ns3... and so on.
If a name such as "ns.<dom>.freebsd.org" is actually _used_ to specify a
name server (i.e., is referenced by a NS record), then it must not be a
CNAME. Instead, you should use an extra A record, like this:
NS ns.eastjesus.freebsd.org.
ns IN A 111.222.333.444
realname IN A 111.222.333.444
The same goes for MX records, by the way. They are only allowed to
reference A records, not CNAME records.
Here is the explanation, from an old comp.protocols.tcp-ip.domains FAQ:
Date: Wed Mar 1 11:14:10 EST 1995
Subject: Q5.6 - NS is a CNAME
Q: Can I do this ? Is it legal ?
@ SOA (.........)
NS ns.host.this.domain.
NS second.host.another.domain.
ns CNAME third
third IN A xxx.xxx.xxx.xxx
A: No. Only one RR type is allowed to refer, in its data field, to a
CNAME, and that's CNAME itself. So CNAMEs can refer to CNAMEs but
NSs and MXs cannot.
BIND 4.9.3 (Beta11 and later) explicitly syslogs this case rather than
simply failing as pre-4.9 servers did. Here's a current example:
Dec 7 00:52:18 gw named[17561]: \
"foobar.com IN NS" points to a CNAME (foobar.foobar.com)
Here is the reason why:
Nameservers are not required to include CNAME records in the
Additional Info section returned after a query. It's partly an
implementation decision and partly a part of the spec. The
algorithm described in RFC 1034 (pp24,25; info also in RFC 1035,
section 3.3.11, p 18) says 'Put whatever addresses are available
into the additional section, using glue RRs [if necessary]'.
Since NS records are speced to contain only primary names of
hosts, not CNAMEs, then there's no reason for algorithm to
mention them. If, on the other hand, it's decided to allow CNAMEs
in NS records (and indeed in other records) then there's no
reason that CNAME records might not be included along with A
records. The Additional Info section is intended for any
information that might be useful but which isn't strictly the
answer to the DNS query processed. It's an implementation
decision in as much as some servers used to follow CNAMEs in
NS references.
--
John Polstra jdp@polstra.com
John D. Polstra & Co., Inc. Seattle, Washington USA
"Self-knowledge is always bad news." -- John Barth
Want to link to this message? Use this URL: <https://mail-archive.FreeBSD.org/cgi/mid.cgi?199610111623.JAA04887>