OK, question to the dns-hosting-it-specialists.
Say you have a host, e.g. haddock.moulinsart.tld, with ip address a.b.c.d.
There is an A record haddock.moulinsart.tld pointing to that ip, and a reverse pointer record d.c.b.a.in-addr.arpa which points back to haddock.moulinsart.tld.
You might of course have several other A’s and CNAME’s and more pointing to a.b.c.d.
This host also has extra ip addresses on (virtual adapters on) the same NIC, e.g. a.b.c.e, a.b.c.f, a.b.c.g.
Questions:
- 1. When this host acts as mail exchange, would you point the MX records to
haddock.moulinsart.tld or to another, maybe more relevant, A record?- 2. How would you ‘name’ those extra ip’s (as in which A records would be the primary name for that IP, and which A record would be the target of the pointer records for that ip?)
- 3. How would any of this be different if there is more than 1 physical network card, and hence more than 1 ip which could be called ‘primary’? (Note that I’m talking about a full hosting server, not just a router, for which there probably are other specific naming conventions.)
There obviously is no mandatory rule for this (AFAIK) and no RFC is very strict on this. I’m just curious what you guys think is the best and cleanest naming scheme.
2 Comments
I usually prefer to use functional names (eg mail, mx, dns, proxy..) even if they all point to the same IP address. That makes it easier afterwards to move some services to a different machine and if you have many machines, it is a whole lot easier to remember.
For systems that only run a single service, it is easy to give meaningful names to the ip or ips that are in use.
Systems that run multiple services (yuk) are more difficult because they often don’t have a primary function. In that case i use the non descriptive funny addresses you see everywhere simply because i like having reverse dns records that point back to my own domains.
This of course becomes more complicated when your servers are behind a firewall which performs address translation. Then you have internal and external dns to worry about and when ports from one public IP are mapped to different servers internally..
In my experience, within my environments, sticking to dedicated services per server is kind of difficult. I once managed a server called ‘www’ who was the internal mail server for over three years. I agree though with giving extra names (preferably CNAME’s but that’s not always possible, as for MX records).
I also prefer having my reverse names pointing to the primary A name, but sometimes that gets difficult, which is why I put this questions in the first place.
And, yes, NAT is evil for managing public services.