[prev in list] [next in list] [prev in thread] [next in thread] 

List:       namedroppers
Subject:    Re: Domain transition.
From:       Robert Elz <kre () munnari ! oz ! au>
Date:       1995-09-21 16:08:27
[Download RAW message or body]

    Date:        Wed, 20 Sep 1995 14:36:06 -0500 (CDT)
    From:        Bill Dyess <Bill@Dyess.com>
    Message-ID:  <Pine.LNX.3.91.950920143223.3597B-100000@nohbody.sfo-nichols.com>


    You must use CNAME and not A(ddress) records for the old domain
    (cdplus.com).

My advice would be the exact opposite.  Never use a CNAME
unless you really know what you are doing, they work OK in
the simple cases (www.blah.dom.ain, ftp.blah.dom.ain) but
tend to cause anything even slightly fancier than this to
break (and while it is possible to argue about whether this
is an artifact of the spec or the implementation, doing so
is not really productive).

    Otherwise, when someone tries to verify a cdplus.com
    address by doing a reverse lookup, the check will fail.

Anyone doing that kind of verification should be boiled in
hot oil, its a meaningless and stupid thing to do.

What many sites do do, is verify address->name lookups by doing
the name->addr lookup, and checking that the addr returned
matches the original, that makes some sense (though the world
would be nicer if it was not necessary).  Any reasonable DNS
setup will allow that to work.   Forbidding multiple names
mapping onto the same A record (other than with CNAMEs) would
break half the universe, and certainly isn't a security feature.

kre

[prev in list] [next in list] [prev in thread] [next in thread]