Re: [dns-wg] Subdomain Add Question
-
From: Anand Buddhdev anandb@localhost
-
Date: Sat, 9 Aug 2008 12:32:13 +0200
-
Cc: "Bill Honneus (honneus)" honneus@localhost
-
Organization: RIPE NCC
On Friday 08 August 2008 23:29:17 Bill Honneus (honneus) wrote:
Hi Bill,
> I have a domain hosted at a third party site called my.domain.com.
>
> In my company's zone file, we have NS records that refer to this third
> party hosting site, and we have an 'A' record set up that associates the
> my.domain.com domain to the IP address of a load balancer that balances
> traffic coming into the site between two web servers, all in a DMZ. We
> also have an MX record that refers the my.domain.com to a mail server
> host, also in the DMZ. Finally, we have PTR records that refer back to
> the load balancer and mail server hosts.
> All this is set up correctly, everything works, and all DNS checks pass.
>
> I need to add a subdomain, call it sub.my.domain.com, and I would like
> to associate the subdomain to the same load balancer if possible. What
> is the best way to do this without disrupting the incoming traffic to
> the primary domain or
> the flow of incoming SMTP traffic to the mail server? Is it best in
> this situation to use a CNAME to map the subdomain, or to use a whole
> new 'A' record? If I create a new 'A' record, I would not want to add a
> new PTR record for the sub.my.domain.com as the IP address would be the
> same as the PTR that refers back to my.domain.com. This I
> believe, would cause DNS checks on my mail server to fail, since there
> would be two hostnames associated with the same IP address.
You have 2 options:
1. You can add a CNAME for sub.my.domain.com to point to my.domain.com.
This will cause resolvers which are looking for A or MX records for
sub.my.domain.com to restart their queries with my.domain.com. This is the
simplest solution. However, I am personally not in favour of CNAMEs; some
DNS administrators have been known to create chains of CNAMEs, causing
resolvers to do a lot of extra work (RFC 1034 even discourages CNAME
chains). Some resolvers will give up after 4 levels of indirection.
2. Alternatively, you can add an A record for sub.my.domain.com to point to
the same address as my.domain.com. You do NOT have to create a
corresponding PTR record, because you already have a PTR record for that
address. Having said that, if you do create a second PTR record for that
address, then a resolver will indeed get back two names. This isn't
illegal, and won't cause any breakage that I know of, but it doesn't make
sense.
If you're following this second option, you'll also have to create an MX
record for sub.my.domain.com to point to the name of the mail server that
will handle mail for that sub domain.
In summary, the CNAME solution is simpler and faster, but causes more work
for resolvers. The second option provides an immediate answer to a
resolver, but you have to create both A and MX records. Choose whichever
method you prefer.
--
Anand Buddhdev
DNS Services Manager, RIPE NCC
|
you are here: RIPE -> RIPE Maillists > Archives
