DNS zones, RFCs &/or best practices
Jul. 23rd, 2005 12:48 pm![[personal profile]](https://www.dreamwidth.org/img/silk/identity/user.png){kind=small}
ferenDear Lazyweb,
I'm trying to find any form of documentation available to (in)validate a behavior on the Internet that involves DNS and lazy, web browsing users. It is not uncommon for DNS administrators to put something akin to the following in their zone files for a particular domain (assume best practices followed for SOA including proper $ORIGIN statements, etc):
This has the effect of allowing somebody to type "http://black-panther.us/" into their web browser and get to my web page because an A RR (207.36.86.138) is returned that would be the same as if they typed in "http://www.black-panther.us/". As I said above, this is primarily done to allow lazy web browsers such as myself to type only the domain in the URL bar and get taken to the website. I could go so far as to say that this is now expected behavior on the public Internet. However, just because something is expected doesn't mean it's correct (the opposite is far too often the case, where broken behavior has come to be expected or even accepted as correct). Hence, I ask you, the all-knowing web: where is this behavior documented as being acceptable in the relevant RFCs or DNS best practices papers? So far I have reviewed a slew of RFCs, including 1912, 2181, and 1033, and I have yet to see this described as something that is actually approved and correct. RFC 2219 somewhat references the behavior I'm describing in the second paragraph of section 1 ("Rationale"), but is using it to outline a case for the remainder of the RFC. I've found no allusion to this in the "Best Practices" documentation I've scanned during my scrounging, either.
So is this just a common practice by lazy administrators like myself to keep lazy users like myself from kvetching, or is this actually documented somewhere as being appropriate?
I find it both amusing and, simultaneously, frustrating that I can tell you which RFC indicates an underscore cannot be used in a name (RFC 952) but I'm drawing a complete blank on this.
I'm trying to find any form of documentation available to (in)validate a behavior on the Internet that involves DNS and lazy, web browsing users. It is not uncommon for DNS administrators to put something akin to the following in their zone files for a particular domain (assume best practices followed for SOA including proper $ORIGIN statements, etc):
IN A 207.36.86.138
www IN A 207.36.86.138This has the effect of allowing somebody to type "http://black-panther.us/" into their web browser and get to my web page because an A RR (207.36.86.138) is returned that would be the same as if they typed in "http://www.black-panther.us/". As I said above, this is primarily done to allow lazy web browsers such as myself to type only the domain in the URL bar and get taken to the website. I could go so far as to say that this is now expected behavior on the public Internet. However, just because something is expected doesn't mean it's correct (the opposite is far too often the case, where broken behavior has come to be expected or even accepted as correct). Hence, I ask you, the all-knowing web: where is this behavior documented as being acceptable in the relevant RFCs or DNS best practices papers? So far I have reviewed a slew of RFCs, including 1912, 2181, and 1033, and I have yet to see this described as something that is actually approved and correct. RFC 2219 somewhat references the behavior I'm describing in the second paragraph of section 1 ("Rationale"), but is using it to outline a case for the remainder of the RFC. I've found no allusion to this in the "Best Practices" documentation I've scanned during my scrounging, either.
So is this just a common practice by lazy administrators like myself to keep lazy users like myself from kvetching, or is this actually documented somewhere as being appropriate?
I find it both amusing and, simultaneously, frustrating that I can tell you which RFC indicates an underscore cannot be used in a name (RFC 952) but I'm drawing a complete blank on this.
![[identity profile]](https://www.dreamwidth.org/img/silk/identity/openid.png){kind=small}
no subject
Date: 2005-07-23 05:58 pm (UTC)I really think that this is something that is brought on by media outlets and people just dropping the 'www' from names when giving them out, becuase 'double-you, double-you, double-you' is a PITA to say when trying to get words out quickly - like in a radio commercial spot.
RFC 2219 also mentions that some web browsers try first, then www. if they get an NXDOMAIN. That's a reasonably acceptable way to do it, as long as they report back (should www. not be found either) that their initial requested URL wasn't found.
And you're right - just because something is 'expected' as being right behavior on the Internet, doesn't mean that it's correct or valid in terms of RFCs and IETF drafts. Of course, this is a common ploy used by some software vendors (eg, microsoft) that through sheer flooding of the marketplace due to marketshare dominance, they can bully the standards groups into making something that's expected into a standard.
no subject
Date: 2005-07-23 06:18 pm (UTC)Okay, you have confirmed for me that there is nothing out there to say this is required or standardized (read: approved) behavior. I'll infer from your commentary that there is, reciprocally, no RFC or best practices document that says or even hints this should not be done. Dammit.
I'm okay with web browsers providing a "Value Add" for lazy users (in this case by prefacing with the "www") but I don't like to see kludges infiltrating protocols. Sometimes I hate the mentality (with regard to RFCs) of "that which is not explicitly forbidden is implicitly allowed." By using $ORIGIN, you're kluding a way of providing the label for the entry While, after inserting $ORIGIN, it's a technically accurate record that fulfills the requirement listed under section 5 of RFC2181 ("Each DNS Resource Record (RR) has a label, class, type, and data,") it really violates the spirit of the specification on some fundamental levels.
no subject
Date: 2005-07-23 06:34 pm (UTC)There is no difference to putting
than there is to putting
After all, this is already common usage for specifying the NS and MX RRtypes that are associated with a particular zone apex. There is nothing at all that denies putting an A RRtype for the zone apex either, or any other type of valid RRtype.
Wherein I show my ignorance...
Date: 2005-07-23 09:18 pm (UTC)no subject
Date: 2005-07-23 07:19 pm (UTC)no subject
Date: 2005-07-23 08:47 pm (UTC)You've been reading through my zone file again, haven't you.
But seriously -- I have no "other" site that users should see as opposed to www.black-panther.us. Allowing the domain to resolve to the webserver isn't a "problem," it's simply a technical quirk I've been engaged in some discussion over. It struck me as an inelegance so I wanted some verification as to the legitimacy of the practice.
no subject
Date: 2005-07-23 09:05 pm (UTC)no subject
Date: 2005-07-23 09:07 pm (UTC)no subject
Date: 2005-07-23 09:24 pm (UTC)no subject
Date: 2005-07-23 07:45 pm (UTC)no subject
Date: 2005-07-23 09:05 pm (UTC)My personal take on them is that they can create a performance penalty (if you have www.black-panther.us as a CNAME to panther.black-panther.us, you have to do a lookup for www and then for panther after you get the CNAME back) and should be used sparingly -- but can be useful when you've got a lot of records in a zone that all point back to one place (ex: a machine that's doing virtual hosting for a number of subdomains... like feren.black-panther.us, points.black-panther.us, etc and they all go to "www") and you know the "main" machine regularly changes provider space, resulting in an IP change. You make all the subs a CNAME to the main machine, then you only have to change one A record -- all the rest will naturally follow. That makes maintaining the zone file so much easier that I can see the attraction of it.
It's also really handy when you want to "follow" a machine outside of your domain. I know a lot of folks who use DynDNS for tracking their workstation at home on a cablemodem, then use a CNAME on their vanity domain to point to that DynDNS name.
But given the precautions on using CNAME I don't think this is a case where it would be applied.
no subject
Date: 2005-07-23 11:12 pm (UTC)