November 1st, 2001, 04:48 AM
How does this look?
I recently moved to a dedicated server (Linux RH 6.2) and have been trying
to get DNS setup. Does the record below look OK?
domain.com. IN SOA NS1.NAMESERVER.NET. webmaster.domain.com. (
domain.com. IN NS NS1.NAMESERVER.NET.
domain.com. IN NS NS2.NAMESERVER.NET.
domain.com. IN A 188.8.131.52
www.domain.com. IN CNAME domain.com.
mail.domain.com. IN CNAME domain.com.
ftp.domain.com. IN CNAME domain.com.
smtp.domain.com. IN CNAME domain.com.
pop.domain.com. IN CNAME domain.com.
domain.com. IN MX 10 domain.com.
November 1st, 2001, 06:17 AM
>> Does the record below look OK?
1) Don't use CNAME, use multiple A records at all time
Setting up subnets
2) Don't use UPPERCASE, use only lowercase. Yes, domain name is case-insensitive. When you use UPPERCASE, it's slower and it makes differences.
3) If you have only one A record, it should be FQDN. domain.com is NOT FQDN.
4) SMTP server relies on DNS the most. Give it highest preference at all time if you have just ONE static IP.
5) Use mail.domain.com for both pop and smtp.
Here is a revision:
domain.com. IN SOA ns1.nameserver.net. webmaster.domain.com. (
domain.com. IN NS ns1.nameserver.net.
domain.com. IN NS ns2.nameserver.net.
mail.domain.com. IN A 184.108.40.206
domain.com. IN A 220.127.116.11
www.domain.com. IN A 18.104.22.168
ftp.domain.com. IN A 22.214.171.124
domain.com. IN MX 0 mail.domain.com.
November 2nd, 2001, 08:06 AM
I've still some problems with this remark:
I agree that your queries (1 actually) might be quicker, but CNAMEs where invented to:
a. show that it is an alias
b. make administrationlife easier.
You point to another discussion where a dozen A-records point to the same IP-address. This leads only to confusion when someone decides to change the IP-address and forgets to edit one. When using CNAMEs, non of that can happen.
Furthermore, you're talking about speed. That is true (for the first query, after that it's cached for some time at the DNS-server you're querying), but where talking bytes here, not Megabytes.
According to your "theory" we should use IP-addresses instead of domain-names when sending email, because it might safe you some bytes.
Basically this discussion is about bandwidth against RFC. I go for the last one.
November 2nd, 2001, 10:14 AM
>> show that it is an alias
There is no such thing as alias in the true DNS world. The thing is, for performance and reliability concerns, use the best available configuration.
>> make administrationlife easier
No at all when someone run to you and say I see an error message in my smtp log that say "CNAME lookup failure temporary". Why?.
>> for the first query, after that it's cached for some time at the DNS-server you're querying
When using CNAME, dns client requires to query the A record of the associates A record starting from root servers and it requires further lookup and often may take forever depending on the level. In BIND, they incorrectly believe all answers from anywhere are to be correct and can be trust, therefore, they cache everything more than you want it to cache. This leads to several BIND exploits when hackers making up some DNS info in purpose to trick BIND to believe that everything on the Internet can be trust.
In djbdns, it only caches data from authoritative servers whose authority
can be traced to the roots. That said, djbdns trusts answers and cache it only from authoritative servers.
>> we should use IP-addresses instead of domain-names when sending email
No as that defeats the purpose of DNS in the first place.
>> Basically this discussion is about bandwidth against RFC
Unfortunately there are many design flaws in DNS protocol. Why don't you or whoever reading this thread take a few moment and read thru this short page -> http://cr.yp.to/djbdns/notes.html and give yourself a better clue what DNS really is, and the disadvantage of using BIND.