Base domain resolution
J
usenet at linuxnuts.net
Mon Feb 25 23:05:13 UTC 2008
For years I've been taught to never put an A record on a base domain
(domain.tld). I know that just about every major domain does this
these days but that doesn't make it right. I'd like to be able to
support my losing position with technical answers so I can point out
the potential and future problems before they come back and bite us on
the ass (a CYA measure for me since I know I will lose this fight).
As I recall it, there were a number of technical reasons why one
should not have the base domain resolve to anything but I'm afraid I
no longer remember what all the reasons are any more. A couple cheesy
ones come to mind:
1) email to a domain without MXs (or if no MXs are responding IIRC)
will fall back on an A record lookup on the base domain. I've
actually seen a university with no MX receive mail through the base
domain's A record to a server that happened to have an old version of
Sendmail running on it with access to the users' mail spools.
Ingenious.
2) the existence of a non-specific (read: host) way to resolve
domain.tld inevitably leads to mis-use of the record for things other
than "users that can't be bothered to type in the full WWW url. I've
seen this happen on many occasions. Each of them greatly increased
support costs when the multiple functions provided by domain.tld were
split into multiple servers (ie, domain.tld was used for www, smtp,
and pop. smtp and pop were split off to another server which required
all MUA settings to be changed, the other option being the change of
every user website URL changing which was even worse). This is more
of a procedural/policy issue but still a problem nonetheless.
Other than that I forget the bigger technical reasons. So, what are
the technical reasons why one should never have an A record on a base
domain? I recall an email thread from many years ago the explained
the problem both from the DNS admin's point of view as well as that of
the web developer. The web developer wanted it because they were
being leaned on by marketing and CS departments who knew it could be
done and were tired of explaining the problem to lazy users. The DNS
admins had solid technical reasons on their side. It was a good
thread, possibly in this group. What were those reasons?
Thanks
J
More information about the bind-users
mailing list