To:
Cricket Liu <Cricket@verisign.com>
cc:
<dnsop@cafax.se>
From:
Sam Trenholme <namedroppers@artemas.reachin.com>
Date:
Sun, 22 Apr 2001 00:01:56 -0700 (PDT)
In-Reply-To:
<016c01c0ca8d$640802e0$7cc2a8ce@elsie>
Sender:
owner-dnsop@cafax.se
Subject:
Re: Tips for DNS zone administration
Thanks a lot for all of the excellent suggestions. I have incorporated them in to the web page in question. BTW, I initially learned to set up a zone and nameserver from the first edition of "DNS and BIND". > > * Never have the same computer names used for NS records for your > > domain be used for anything else, such as MX records or CNAME > > records. > > Why? The reason for this is because, if one ever changes the IP of one of the name servers, and has a critial service (such as a web page or incoming MTA) pointing to the machine in question, they have to wait for their registrar to change the IP for the nameserver in question before that service will function again. I was bitten by this once. > > * Avoid using CNAME records--they can increase the number of DNS > > queries needed to resolve a given host name. > > I think there are some good reasons to use CNAME records, and CNAME > records that point from one domain name in a zone to another domain name > in the same zone doesn't increase the number of queries required to look up > a domain name. True enough, with BIND. Both DjbDNS and MaraDNS (my name server) do not currently have this behavior. And yes, in the comments of MaraDNS, I have this noted as something MaraDNS needs to do. It's about 20 lines of code I need to write up. More if I bother with a bailiwick check. > How exactly do they support those constructs? If these name servers dole > out > > example.com. IN MX 10 192.168.0.64 > > how do they also prevent the mailer that looked up the record from trying to > look up the A RR for the domain name 192.168.0.64? Well, both Qmail and Postfix know that a host name in that form means "the DNS admin was clueless and meant to put in an IP". Both DjbDNS' caching nameserver (DjbDNS has two programs--a caching-only and an authoritative only DNS server) and MaraDNS will synthesize an A record whenever they are asked for a host name in this form. Of course, since MaraDNS is currently only an authoritative nameserver, its kinda useless with MaraDNS right now, but may become useful when she becomes caching. And, yes, MaraDNS does warn the admin whenever she sees this kind of construct. - Sam