Hosting multiple TLDs
Jonathan de Boyne Pollard
J.deBoynePollard at tesco.net
Wed Aug 27 11:51:55 UTC 2003
MC> So is there a problem with hosting multiple 2nd-level domains,
MC> combining .edu's and .org's? is there some rule against it?
There's no rule against it imposed by the top-level domain owners. However,
there _is_ a problem with it, that is overcome by employing good practice. It
is good practice for the intermediate domain names, used in the delegations
for the subdomains of each top-level domain, to be subdomains of the _same_
top-level domain. If one doesn't follow this good practice, one's delegations
will be effectively glueless.
Taking "gwu.edu." as an example:
The intermediate domain names used in the "gwu.edu." delegation are
"NS.gwu.edu.", "NS2.gwu.edu.", and "AUTH4.DNS.RCN.NET.". Because the third
intermediate name is a subdomain of "net.", not of "edu.", it is effectively
glueless. Even if the "edu." content DNS servers _were_ to publish an "A"
resource record set for that name (which they currently do not), they wouldn't
be believed. A secure resolving proxy DNS server has to start a second,
parallel, query resolution to look up that name in order to obtain the
"glue". Whereas with the two other, non-glueless, intermediate domain names
the glue can be trusted, since it is within the bailiwick ("edu.") of the
content DNS servers that are publishing the delegation. For the "gwu.edu."
delegation to be entirely non-glueless, all of the intermediate domain names
used in the delegation must be subdomains of "edu.".
That is _good_ practice. _Best_ practice is for all of the intermediate
domain names to be subdomains of the domain being delegated itself. (For
example, all of the intermediate domain names used in the delegation of
"gwu.edu." would be subdomains of "gwu.edu." itself.) The reason for this is
that it allows server softwares such as BIND, "tinydns", and Microsoft's DNS
server to continually refresh the cached delegation information with each
response that they send. This optimization reduces the query load on the
"edu." content DNS servers, because (as long as the "gwu.edu." content DNS
servers are queried regularly enough) the "gwu.edu." delegation information is
continually refreshed and never expires, and so doesn't have to be re-obtained
from the "edu." content DNS servers every 2 days. However: If the
intermediate domain names in the delegation are _not_ subdomains of the domain
itself, the delegation information that is included in the responses, with the
intent of refreshing the cache, is discarded as poison and the cache is either
only partially refreshed or not refreshed at all. In the latter case (which
is not quite the case with "gwu.edu."), resolving proxy DNS servers looking up
a particular domain have no option but to fall back and make an extra query to
the superdomain content DNS servers every 2 days. In the former case, the
load on the "gwu.edu." content DNS servers becomes uneven, since the cached
delegation information pointing to 128.164.141.11 and 128.164.141.12 is
refreshed and remains whereas the cached delegation information pointing to
207.172.3.22 is not refreshed and expires.
More information about the bind-users
mailing list