Many A-records

Alan Schwartz alansz at tala.mede.uic.edu
Sun Apr 4 16:22:46 UTC 2004 

fih <frhak at hotmail.com> writes:
>Hello guys!
>
>I was once told that a network interface should have only one A-record and a
>corresponding PTR record. Since you probably know many people likes to tweak
>this and I'm doing my best to fight it.
>
>While fightning it i also gets alot of questions about why we can't have
>many A-records pointing to the same IP. Does any body know if there is a RFC
>or Best practise DNS documentation that i can refer to or am I totally
>wrong??

You absolutely may have multiple A records associating different
hostnames with the same IP address.

You may also have multiple PTR records associating the same IP address
with each hostname, but most implementations of DNS resolution don't
handle this very well (they only return one PTR), so you often see a
set of A records and a single PTR record mapping back to one of the
A hostnames.

You are correct that SSL certificates for web sites largely require
a separate IP address for each certificate, because of the
aforementioned PTR lookup issues.

>Also if my company likes to sell services based on DNS names and we have
>customers that can't see the external namespace we use for our services.
>They want me to add fake A-records in the customers namespace so our
>services will have different names depending who is asking. This i don't
>like
>at all and i allready know that i will get in trouble with  SSL
>certificates.
>In my world we should instead make our service zone available
>for the customer.
>
>In my world a Network interface should have one but only one A-record.
>
>Comments please!!!

What a wonderful world you must live in. :)

-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-
                       Alan Schwartz <alansz at uic.edu>
Author of: "Managing Mailing Lists", "Stopping Spam" (Schwartz & Garfinkel),
"Practical Unix & Internet Security, 3rd Ed" (Garfinkel, Spafford, Schwartz)
       Published by O'Reilly and Associates, Inc. (http://www.ora.com)
-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-

More information about the bind-users mailing list