On Friday 08 August 2008 23:29:17 Bill Honneus (honneus) wrote: Hi Bill,
I have a domain hosted at a third party site called my.domain.com.
In my company's zone file, we have NS records that refer to this third party hosting site, and we have an 'A' record set up that associates the my.domain.com domain to the IP address of a load balancer that balances traffic coming into the site between two web servers, all in a DMZ. We also have an MX record that refers the my.domain.com to a mail server host, also in the DMZ. Finally, we have PTR records that refer back to the load balancer and mail server hosts. All this is set up correctly, everything works, and all DNS checks pass.
I need to add a subdomain, call it sub.my.domain.com, and I would like to associate the subdomain to the same load balancer if possible. What is the best way to do this without disrupting the incoming traffic to the primary domain or the flow of incoming SMTP traffic to the mail server? Is it best in this situation to use a CNAME to map the subdomain, or to use a whole new 'A' record? If I create a new 'A' record, I would not want to add a new PTR record for the sub.my.domain.com as the IP address would be the same as the PTR that refers back to my.domain.com. This I believe, would cause DNS checks on my mail server to fail, since there would be two hostnames associated with the same IP address.
You have 2 options: 1. You can add a CNAME for sub.my.domain.com to point to my.domain.com. This will cause resolvers which are looking for A or MX records for sub.my.domain.com to restart their queries with my.domain.com. This is the simplest solution. However, I am personally not in favour of CNAMEs; some DNS administrators have been known to create chains of CNAMEs, causing resolvers to do a lot of extra work (RFC 1034 even discourages CNAME chains). Some resolvers will give up after 4 levels of indirection. 2. Alternatively, you can add an A record for sub.my.domain.com to point to the same address as my.domain.com. You do NOT have to create a corresponding PTR record, because you already have a PTR record for that address. Having said that, if you do create a second PTR record for that address, then a resolver will indeed get back two names. This isn't illegal, and won't cause any breakage that I know of, but it doesn't make sense. If you're following this second option, you'll also have to create an MX record for sub.my.domain.com to point to the name of the mail server that will handle mail for that sub domain. In summary, the CNAME solution is simpler and faster, but causes more work for resolvers. The second option provides an immediate answer to a resolver, but you have to create both A and MX records. Choose whichever method you prefer. -- Anand Buddhdev DNS Services Manager, RIPE NCC