DNS fortune cookies
Abbreviated answers to frequently
asked questions about the Domain Name System.
Third parties are unlikely to keep any caching name servers open for the public indefinitely. SMTP does not allow a CNAME alias in a mail address. If there is no MX record for a domain, but an A record exists, mail will be sent according to the latter. If your provider’s caching name servers have problems, you can often circumvent them by running your own server. Private IP addresses should never show up in the public DNS. Computers running Microsoft Windows may use Windows name resolution protocols. If you ask for help regarding your DNS setup, do not obscure its details. BIND will run on Windows, usually quite easily. example.com and www.example.com are different domains. The hostmaster email address for a domain can be found in the SOA record. Domain names are case-insensitive. hosts files precede the DNS, both historically and in the context of individual name resolution attempts. Consumer-grade IP connections are usually configured using DHCP. Malware might mess with your resolver settings and your hosts file. When registering a domain, always make sure you become the administrative contact and the registrant.
By default, modern versions of BIND send their queries from ephemeral ports. This can be tuned using the query-source option. If your firewall logs record incoming 53/ udp packets from your provider, those are likely responses to your own DNS queries. If your reverse DNS does not work, you may experience problems using some network services. The AA flag indicates an authoritative response. If the flag is not set, the response is likely to be cached. Sub-domains are delegated using NS records but may also need glue A records. When updating zones, remember to increment the serial number and to reload. When troubleshooting connection problems, check name resolution separately from IP connectivity. In order to host your own domains, you should have at least two name servers in separate locations. Mail or web traffic will never go through using NS delegation alone. Contact information for domains and networks can be found by using Whois. Relying on ‘dynamic DNS’ for incoming mail is reckless. If in doubt, use your provider’s name servers to host your domains. If you want to change your reverse DNS name, contact your network service provider. The BIND version number might be found in the
version.bind. CH TXT record. The DNS cannot redirect HTTP requests to a URI path. A slave checks the serial number of its master whenever either the refresh timer fires or the slave receives a notify message. You can use the * wildcard character on the left hand side of a record. @ stands for the current origin. You cannot have both CNAME and other data for the same name. It is often a good idea to separate one’s caching servers from one’s authoritative servers. ‘No default TTL set using SOA minimum instead’ means that you need to put e.g. ‘TTL 1D’ at the top of the zone file. ‘mail loops back to me (MX problem?)’ means that the mail server does not recognise the domain as local. The default origin concept allows you to serve identically configured domains from one zone file. When you do not want search list entries to be appended, add a trailing dot to the domain name. Master servers should be placed so that zone updates are convenient to perform. Slaves should be placed near their users. BIND will choke on Microsoft WINS or WINS-R records. These should therefore not be included in zone transfers. When nslookup complains ‘Can’t find server name for address’, reverse DNS for your name server is probably broken. There is nothing magic about names such as mail or www. Set new authoritative name servers up as slaves. Promote them to masters later, if necessary.
Use high SOA timer values whenever possible. Use low TTL values when you anticipate changes. When you re-delegate a domain, make sure that the old delegatee removes your zones. The DNS is defined in publicly available RFC documents. If you make your WINS servers show dynamic leases in the DNS, do not have static records for those same entries. Every DNS server should be authoritative for 0.in-addr.arpa, 0.0.127.in-addr.arpa, 255.in-addr.arpa and localhost. You should have exactly one PTR record per IP address. Junk mail has killed the usefulness of remote backup MX servers. Do not make your servers masters for domains or networks that are not entirely yours. BIND views will allow you to return different (such as internal vs. public) data for the same zone, depending on the client’s address. Reverse DNS for IP addresses in one network might point to names in multiple domains. A records for names in one domain might point to IP addresses in multiple networks. Consider giving organisational units their own sub-domains to administer, at least for internal use. Thou shalt not chain CNAMEs. Reverse pointers have no bearing on whether a name is fully qualified. Whois is a simple, text-based protocol that can easily be used with a telnet client or with netcat.
Link to this page:
Google’s use of the DART cookie enables Google to serve ads to you based on your visits to this and other websites.
If you do not wish to use the DART cookie, please opt out on the
Additionally, you can usually specify your cookie preferences in your browser settings.
Any trademarks or registered trademarks mentioned on this site belong to their respective owners.
Conventional hyperlinking to this site is welcome.
However, none of the content on this site may be shown, even partly, in a context inferring or claiming it to be part of
or sponsored by any other organisation or site.
Such prohibited techniques include (but are not limited to) framesets, interstitial pages,
kiosk mode pop-ups and reverse proxies. — For information on advertising, please click on the ‘Ads by Google’ or ‘AdChoices’ link next to any advertisement.
Saturday, 30-Aug-2014 12:28:37 GMT