#1
  1. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Oct 2001
    Posts
    310
    Rep Power
    13

    subdomain, cname or zone?


    I am still not sure, which one I should use CNAME or Zone for subdomain.. The subdomains will have same IP as main domain.

    If it's zone, then is this idea correct? The files are still same, so I just put in here what I am going to add..

    add this in named.conf:
    Code:
    zone "subdomain.mezzweb.com" in {
    	type master;
    	file "mezzweb.com";
    	notify yes;
    };
    add one line right before MX in mezzweb.com:
    Code:
    subdomain.mezzweb.com.	IN	A	65.27.58.186
    Thanks,
    Mezz
  2. #2
  3. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jan 2001
    Posts
    4
    Rep Power
    0
    >> which one I should use CNAME or Zone for subdomain

    None.

    >> then is this idea correct?

    No. subdomain.mezzweb.com is under your mezzweb.com's zone as:
    Code:
    zone "mezzweb.com" in {
    	type master;
    	file "mezzweb.com";
    	notify yes;
    };
    Therefore you don't create another zone as subdomain.mezzweb.com.

    There's one exception, that is, when you delegate host.subdomain.mezzweb.com to subdomain.mezzweb.com, but with one static IP you can't play this subdomain delegation stuff. That said, just add subdomain.mezzweb.com to:

    mezzweb.com:
    Code:
    $TTL	86400
    mezzweb.com.	IN	SOA	ns1.mezzweb.com.	hostmaster.mezzweb.com.	(
    			2002041200; Serial
    			12H	; Refresh
    			1800	; Retry
    			2W	; Expire
    			1D ); Minimum
    mezzweb.com.		IN	NS	ns1.mezzweb.com.
    mezzweb.com.		IN	NS	ns1.yourfriend.com.
    ns1.mezzweb.com.	IN	A	65.27.58.186
    mezzweb.com.		IN	A	65.27.58.186
    www.mezzweb.com.	IN	A	65.27.58.186
    subdomain.mezzweb.com.	IN	A	65.27.58.186
    mezzweb.com.		IN	MX	0	ns1.mezzweb.com.
  4. #3
  5. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Oct 2001
    Posts
    310
    Rep Power
    13
    Ok, I am getting understand more clearly..

    Thanks freebsd,
    Mezz
  6. #4
  7. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Oct 2001
    Posts
    310
    Rep Power
    13
    I am wondering would it be security hazel if I do *.mezzweb.com.? Cause the DNS spoof?

    Code:
    *.mezzweb.com.	IN	A	65.27.58.186
    I got * from MX Records for local SMTP server ..

    Thanks,
    Mezz
  8. #5
  9. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jan 2001
    Posts
    4
    Rep Power
    0
    Have a look at RFC 1912 (section 2.7), it's just a short paragraph so don't be lazy and go read it.
    Here's the additional info from me (not covered in RFC):

    Most admins use wildcard only on MX but wildcard slows things down so don't use it if at all possible. Just use explicit record, don't use wildcard.

    Q1: I have a lot of subdomains and I run BIND, therefore I want to use wildcard on A record to point all of them to my IP 12.34.56.78.

    A1: That's BIND ugly and inefficient zone format problem. When you have over 1000 A records in a BIND zone, it's very inefficient (not in tinydns because it's a thousand time faster). But using a wildcard on A just make your life easier on administering your zone, it actually is slower than defining one by one explicitly. If you are that type of lazy admin, your boss will likely fire you shortly, if you don't fire yourself.

    Q2: I don't have that many subdomains, but I do need to rely on the subdomain part for my dynamic site so people requesting foo.domain.com internal redirects to www.domain.com/index.php?foo

    A2: That's your design flaw, you shouldn't rely on foo.domain.com in the first place.

    Q3: Why?

    A3: Because your implementation is wasting your server resources when you can simply use: www.domain.com/foo -> www.domain.com/index.php?foo
    Note, when you make a query and its DNS turns out to be a wildcard, you don't cache the *, you cache each answer individually.
  10. #6
  11. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Oct 2001
    Posts
    310
    Rep Power
    13
    Yes, I already read this other days ago.. I am asking about if it can cause the security hazel such as DNS spoof or whatever too.. It's not important, because I ain't going to do wildcard on A anyway..

    Thanks,
    Mezz
  12. #7
  13. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Jan 2001
    Posts
    4
    Rep Power
    0
    Probably not DNS spoofing. Please read RFC 1912 section 2.7 as it covers several security concerns.

IMN logo majestic logo threadwatch logo seochat tools logo