I'm learning DNS. Please give me your advice.
My book tells me that Bind checks names that considered hostnames.
It says Hostnames are in the name fields of A and MX records. Hostnames are also in the data fields of SOA and NS records - yes, I agree.
However, it says that CNAMEs do not have to conform to the host-naming rules because they can point to names that are not hostnames.
I think CNAME has hostname in its data field anyway, does it not ?
Does this mean CNAMEs could be recursive so that CNAME do not have to conform host-naming rules in BIND ?
It depends on the DNS server that you are adding your CNAMEs to.
http://en.wikipedia.org/wiki/CNAME_record
For example, I have seen a few poorly written DNS servers allow for a CNAME which points back to itself. Other DNS servers like bind require strict naming and formatting for the CNAME entry or it will reject the config. Having said that, there is also and option in bind to disable strict name checking so that it allows more free-form entries.
When using CNAMEs it is best to use RFC standard entries because you rarely know all of the clients that will be consuming the CNAME. If you start using something questionable then you will run into all sorts of weird one-offs that do not work.
Related
I have a site where users can point their own custom domain through the use of DNS records.
For example, someone might point example.com to theirsite.mysite.com so that they are free to use their own domain rather than a subdomain.
Which record would be best for users to set up?
An ALIAS record pointing to mysite.com
An A record pointing to xxx.xx.xx.xx
A CNAME pointing to mysite.com
What are the advantages of using each one?
Which is best depends on the specifics of what you're establishing. Here are the differences:
If you set up an A record, the DNS will resolve to an IP and the end user's browser will make a call to that IP with the host name. That's the call that you have to listen for and handle. Since it's direct to IP right from the start, at scale that IP should be a redirector or load balancer.
Otherwise if you need to switch it to a different machine as an endpoint, you have to deal with inconsistencies on how that traffic is routed due to DNS cacheing and whatever TTL you set expiring. Beyond that the biggest issue you're going to run into is that the customer registers their domain and if it's an A record you give them, they're putting in that IP and to change it you're going to have to get the customer to do it, which is definitely not best practice.
CNAME and ALIAS records are similar. In the brief outline you give above, either of these would seem to be better than an A record. You can give them a domain to enter and that doesn't ever change on their side - but you can switch the end IP they're going to as your architecture expands. There are a few minor differences, but the only significant one is that a CNAME cannot be used as an apex record, e.g. example.com, so most likely you'd need to use an ALIAS record.
If you want to read more about the differences between CNAME and ALIAS, there is a good article on it here.
I have a random number of domains (sub.client1.example, sub.client2.example, etc.) that I ask my clients to delegate to my name servers through a NS record.
The configuration for every delegated domain should be exactly the same (a CNAME to a fixed domain that we own and a record for SSL validation).
How to configure my DNS servers to accept requests for any domain name and return the correct configuration for it? Is there a hosted service like Route53 or DynDNS that would provide vanity name servers with support for that use case?
You are not saying with which nameservers.
With most of them, like Bind, you can write your zonefile in such a way that the domain name itself does not appear in the labels.
Basically you write www CNAME www.whatever.example and the missing dot at the end of www forces the nameserver to automatically add the domain name.
So with a zonefile written like that, you can configure your nameserver for all domain names it should be authoritative on and use that same exact zonefile.
This is one among many other options.
To be a little more on-topic for this programming Q&A website you could also:
use a nameserver that allows to use as source, instead of a static text file, content of a database (that some program of yours could fill in) or even directly a program that will get called to reply to each DNS packet
use some templating mechanism and some program to build all zonefile text files from other sources (like a database) before starting the nameserver.
Note that the first case with a "generic" zonefile text file is by far the easiest so that should be your first try.
Of course various providers on line could give you the same features more or less, starting with your registrar that could give you DNS hosting also. But it is also achievable by yourself if you agree to install and maintain a nameserver.
Also, you do not need any vanity server to do all of that, and I recommend you to just not follow that leads as it will not give you any kind of benefit.
This is a code example from MSDN: getaddrinfo.
You can use "baidu.com" and "www.baidu.com" to test.
Because baidu.com and www.baidu.com are different addresses!
www.example.com is registered in DNS with an A type record (or a CNAME, which points to an A record - this is slightly simplified) An A record is a name, in this case www that points to an IP Address 12.34.56.78. (as I'm sure you already know!)
example.com can also have an A record registered (though not a CNAME) this is called the Apex (or naked!) domain. example.com's A record could very well point to 123.45.67.89
A little history
Part of the reason that this came about, is that in the early days of the internet, a server would have a hostname of something like LOCUS.UC.EDU because it can be difficult to know what services LOCUS might provide. you could attach the CNAME FTP.UC.EDU to point to that machine. that way people knew what services it offered. at that point, www was just another service, it had no special place in the collective consciousness. (all of this was happening over the decade or two that the internet was developing!) but you could also quite probably want bob#UC.EDU to work. so UC.EDU needed to be a host name also
In actual fact it started with just the hostname (and host records that got telexed - I do love that fact) - but we'll ignore that for this case.
back to the facts
What usually - should - happen is that there is an A record registered at the Apex and a CNAME registered at www But there is certainly no requirement for this and you can have whatever records you wish at your domain.
I was looking to do something similar to
https://en.wikipedia.org/wiki/Reverse_DNS_lookup#Records_other_than_PTR_records
and place a SRV record in the reverse DNS tree.
In particular I was hoping to be able to add a srv record for a chunk
of the address space by using a wildcard. Something like the
following....
_service._tls.*.26.19.in-addr.arpa. IN SRV 1 1 443 service.example.com
However it turns out that my understanding of wildcard domains was inadequate according to:
SRV RRSet at a Wildcard Domain Name
https://www.rfc-editor.org/rfc/rfc4592#section-4.5
The above is confusing but basically explains (I think) that my
single wildcard SRV record above won't work. I think I need a SRV
record for each and every ip address I wanted to cover with the
wildcard domain.
In IPv4 I know I can use things like Bind's $GENERATE directive to automate the creation of all the records. But how would something like this be handled in IPv6 particularly if I also wanted to use DNSSEC to have all the records signed?
Any insights would be greatly appreciated.
I was wondering if it's possible to dynamically add subdomains that point to dynamic IP addresses, and how I would go about doing that? In other words, "how is dyndns/no-ip implemented" :-)? (The part I don't get is adding/changing the DNS entries... I understand how the client sends a packet every few minutes -___-). I can tell all my users to just use DynDNS/No-IP, of course, but having it integrated with the application would be much cooler.
Thanks,
Robert
To be able to directly update/control where a domain/subdomain resolves to, you must have your own name server. When you register a domain under a TLD (for example, .com), that TLD has a nameserver. Anytime a client needs to look up the IP to something.com, they ask the .com nameserver where to find the nameserver for something. That nameserver in turn returns data about the domain or subdomain.
When you register a domain at a place like GoDaddy or Network Solutions, and you use their online tools to point your various subdomains to IP addresses, you are creating entries on their nameserver. When a client requests your domain, the root nameserver tells them to check with GoDaddy's nameserver. If you look through the configuration options of your registrar, you'll generally find a place to specify your own nameserver instead of entering domain IPs. Setting that will tell the chain of nameservers to defer resolution of your subdomains to that nameserver. Obviously at that point, having direct control over the mechanism of name-address resolution, you can do whatever you like.
Here's one list of open-source name servers. There are many others, ranging from free OSS to custom, proprietary and very expensive. Technically you could also write your own, as BIND is a public, standard format.
As you've partially said, the way DynDNS and other dynamic IP services work is that they update their server's DNS records based on a heartbeat from a client every few minutes.
The trick is that they use extremely short TTL times so that caches for the record expire very quickly and need to re-query the DynDNS server (which makes dynamic IP changes propagate quickly).
If you wanted to implement this, either find a DNS host that offers an API, or programatically update the DNS on your own server with a short TTL.