Many A-records
Jeff Lasman
blists at nobaloney.net
Mon Apr 5 15:58:39 UTC 2004
On Sunday 04 April 2004 10:05 pm, fih wrote:
> Unfortunatley i was not thinking when stating that a NIC should only
> have one A-record since a NIC can have subinterfaces. (Sorry folks)
That's not the only reason.
> An IP should only have one A-record and services should be pointed
> out using Cnames.
And from where do you get the "should"? Did you read that somewhere,
written by someone who doesn't understand DNS?
Every time you create a CNAME where you could have used an A record you
create a situation where every resolver looking for your service must
do two lookups instead of one. Why would you do this?
There's only one good reason I can think of to use a CNAME record
instead of an A record: because you're pointing to a URL for which you
don't control the A record and therefore cannot tell what it is to
change your record if the target A record changes.
> Of cource if you have choosen to let http be the
> default service for a domain you will have to add a A-record for the
> domain name but this will be an exception to the rule. (I'm not sure
> this was ment to be (I could be totally wrong)).
I don't understand what you mean here. If you mean a domain that must
have it's own zone file (example.com), then it must always have an A
record.
> If webhosting companies uses "virtual name based hosting" they should
> use one A-record and many Cnames.
Illegal according to RFCs. Won't work. Breaks DNS. If you insist on
it, you're wrong.
> If webhosting companies uses subinterfaces they should have one
> A-record per subinterface.
Since you're writing under a hotmail address I don't know who you are
but I sure hope you're not anyone in a position to actually administer
DNS, since if you insist on doing it your way, you're breaking DNS.
> If we have boght a SSL certificate that will protect www.www.com and
> one of our customer want's to reach that service using their own DNS
> namespace www.customer.com it will not work smooth since the
> certificate was made for www.www.com.
Which is as it should be. While most people presume a cert is simply to
secure and encrypt data transfer, the important other role of the cert
is to identify the website.
Jeff
--
Jeff Lasman, nobaloney.net, P. O. Box 52672, Riverside, CA 92517 US
Professional Internet Services & Support / Consulting / Colocation
Our blists address used on lists is for list email only
Phone +1 909 324-9706, or see: "http://www.nobaloney.net/contactus.html"
More information about the bind-users
mailing list