Many A-records

Jeff Lasman blists at nobaloney.net
Mon Apr 5 15:58:39 UTC 2004 

On Sunday 04 April 2004 10:05 pm, fih wrote:

> Unfortunatley i was not thinking when stating that a NIC should only
> have one A-record since a NIC can have subinterfaces. (Sorry folks)

That's not the only reason.

> An IP should only have one A-record and services should be pointed
> out using Cnames.

And from where do you get the "should"?  Did you read that somewhere, 
written by someone who doesn't understand DNS?

Every time you create a CNAME where you could have used an A record you 
create a situation where every resolver looking for your service must 
do two lookups instead of one.  Why would you do this?

There's only one good reason I can think of to use a CNAME record 
instead of an A record:  because you're pointing to a URL for which you 
don't control the A record and therefore cannot tell what it is to 
change your record if the target A record changes.

> Of cource if you have choosen to let http be the
> default service for a domain you will have to add a A-record for the
> domain name but this will be an exception to the rule. (I'm not sure
> this was ment to be (I could be totally wrong)).

I don't understand what you mean here.  If you mean a domain that must 
have it's own zone file (example.com), then it must always have an A 
record.

> If webhosting companies uses "virtual name based hosting" they should
> use one A-record and many Cnames.

Illegal according to RFCs.  Won't work.  Breaks DNS.  If you insist on 
it, you're wrong.

> If webhosting companies uses subinterfaces they should have one
> A-record per subinterface.

Since you're writing under a hotmail address I don't know who you are 
but I sure hope you're not anyone in a position to actually administer 
DNS, since if you insist on doing it your way, you're breaking DNS.

> If we have boght a SSL certificate that will protect www.www.com and
> one of our customer want's to reach that service using their own DNS
> namespace www.customer.com it will not work smooth since the
> certificate was made for www.www.com.

Which is as it should be.  While most people presume a cert is simply to 
secure and encrypt data transfer, the important other role of the cert 
is to identify the website.

Jeff
-- 
Jeff Lasman, nobaloney.net, P. O. Box 52672, Riverside, CA  92517 US
Professional Internet Services & Support / Consulting / Colocation
Our blists address used on lists is for list email only
Phone +1 909 324-9706, or see: "http://www.nobaloney.net/contactus.html"

More information about the bind-users mailing list