#1
  1. No Profile Picture
    Junior Member
    Devshed Newbie (0 - 499 posts)

    Join Date
    Oct 2001
    Posts
    3
    Rep Power
    0

    How does this look?


    I recently moved to a dedicated server (Linux RH 6.2) and have been trying
    to get DNS setup. Does the record below look OK?


    $ttl 38400
    domain.com. IN SOA NS1.NAMESERVER.NET. webmaster.domain.com. (
    1002993212
    10800
    3600
    604800
    38400 )
    domain.com. IN NS NS1.NAMESERVER.NET.
    domain.com. IN NS NS2.NAMESERVER.NET.
    domain.com. IN A 66.80.45.25
    www.domain.com. IN CNAME domain.com.
    mail.domain.com. IN CNAME domain.com.
    ftp.domain.com. IN CNAME domain.com.
    smtp.domain.com. IN CNAME domain.com.
    pop.domain.com. IN CNAME domain.com.
    domain.com. IN MX 10 domain.com.
  2. #2
  3. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jan 2001
    Posts
    4
    Rep Power
    0
    >> Does the record below look OK?

    Not quite.

    1) Don't use CNAME, use multiple A records at all time
    Setting up subnets
    2) Don't use UPPERCASE, use only lowercase. Yes, domain name is case-insensitive. When you use UPPERCASE, it's slower and it makes differences.
    3) If you have only one A record, it should be FQDN. domain.com is NOT FQDN.
    4) SMTP server relies on DNS the most. Give it highest preference at all time if you have just ONE static IP.
    5) Use mail.domain.com for both pop and smtp.
    Here is a revision:

    $ttl 38400
    domain.com. IN SOA ns1.nameserver.net. webmaster.domain.com. (
    200111010318
    10800
    3600
    604800
    38400 )
    domain.com. IN NS ns1.nameserver.net.
    domain.com. IN NS ns2.nameserver.net.
    mail.domain.com. IN A 66.80.45.25
    domain.com. IN A 66.80.45.25
    www.domain.com. IN A 66.80.45.25
    ftp.domain.com. IN A 66.80.45.25
    domain.com. IN MX 0 mail.domain.com.
  4. #3
  5. No Profile Picture
    Junior Member
    Devshed Newbie (0 - 499 posts)

    Join Date
    May 2000
    Location
    Heerlen, The Netherlands
    Posts
    24
    Rep Power
    0
    1) Don't use CNAME, use multiple A records at all time
    I've still some problems with this remark:

    I agree that your queries (1 actually) might be quicker, but CNAMEs where invented to:
    a. show that it is an alias
    b. make administrationlife easier.

    You point to another discussion where a dozen A-records point to the same IP-address. This leads only to confusion when someone decides to change the IP-address and forgets to edit one. When using CNAMEs, non of that can happen.

    Furthermore, you're talking about speed. That is true (for the first query, after that it's cached for some time at the DNS-server you're querying), but where talking bytes here, not Megabytes.

    According to your "theory" we should use IP-addresses instead of domain-names when sending email, because it might safe you some bytes.

    Basically this discussion is about bandwidth against RFC. I go for the last one.

    Kind regards,

    Peter
  6. #4
  7. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jan 2001
    Posts
    4
    Rep Power
    0
    >> show that it is an alias

    There is no such thing as alias in the true DNS world. The thing is, for performance and reliability concerns, use the best available configuration.

    >> make administrationlife easier

    No at all when someone run to you and say I see an error message in my smtp log that say "CNAME lookup failure temporary". Why?.

    >> for the first query, after that it's cached for some time at the DNS-server you're querying

    When using CNAME, dns client requires to query the A record of the associates A record starting from root servers and it requires further lookup and often may take forever depending on the level. In BIND, they incorrectly believe all answers from anywhere are to be correct and can be trust, therefore, they cache everything more than you want it to cache. This leads to several BIND exploits when hackers making up some DNS info in purpose to trick BIND to believe that everything on the Internet can be trust.
    In djbdns, it only caches data from authoritative servers whose authority
    can be traced to the roots. That said, djbdns trusts answers and cache it only from authoritative servers.

    >> we should use IP-addresses instead of domain-names when sending email

    No as that defeats the purpose of DNS in the first place.

    >> Basically this discussion is about bandwidth against RFC

    Unfortunately there are many design flaws in DNS protocol. Why don't you or whoever reading this thread take a few moment and read thru this short page -> http://cr.yp.to/djbdns/notes.html and give yourself a better clue what DNS really is, and the disadvantage of using BIND.

IMN logo majestic logo threadwatch logo seochat tools logo