SRV, www.*, news.*

Post by Ivan Shmakov
Do I understand it correctly that the only "user" protocols
widely deployed in the Internet of today that don't use the SRV
(or MX, etc.) records (and thus may want separate DNS names,
such as www.example.org and news.example.org) are HTTP and NNTP?

In the scheme of things, the use of MX or SRV records is an exception
rather than a rule. Most protocols use A records. In addition to the omes
you mention, prominent examples include SMTP mail submission (from MUA to
MSA), POP, IMAP, DNS, SSH, IRC, NTP and Whois. There is also a myriad of
poorly known protocols implemented over TCP by various application makers
to perform specific tasks.

Post by Ivan Shmakov
Now, is there any other function that the "www" DNS name prefix
could serve? Shouldn't thus, e. g., http://www.debian.org/,
http://www.gnu.org/ and http://www.w3.org/, become simply
http://debian.org/, and so on? FWIW, there're
http://duckduckgo.com/, http://freecode.com/, and a number of
other similar ones. As long as the site in question doesn't
plan to deploy NNTP, it seems more than reasonable to drop the
leading "www".

I think it makes sense to avoid using subdomains for web hosting. In many
cases, the web site is the most important use for a domain name. It seems
to become more and more common to use plain example.com for the website
and foo.example.com, bar.example.com et cetera for other services.

--
Thor Kottelin
http://www.anta.net/

Ivan Shmakov

2012-07-07 08:57:24 UTC

In the scheme of things, the use of MX or SRV records is an exception
rather than a rule. Most protocols use A records.

And, hopefully, AAAA ones.

Post by Thor Kottelin
In addition to the ones you mention, prominent examples include SMTP
mail submission (from MUA to MSA), POP, IMAP,

Indeed, though these seem to me rather "site-local" most of the
time.

Post by Thor Kottelin
DNS,

Don't the NS records offer a level of indirection already?

Post by Thor Kottelin
SSH,

While the other mentioned protocols offer a way to connect to a
"service" (and, e. g., HTTP allows for a server to host several
"Web sites", thanks to the use of the Host: header field), the
SSH protocol is intended to provide access to the server itself.
So, its reliance on "plain" AAAA and A records may be justified.
Or it may be not.

Post by Thor Kottelin
IRC, NTP

Indeed, though it may be nearly as unfortunate as in the cases
of HTTP and NNTP.

Post by Thor Kottelin
and Whois.

I don't know much of the details of Whois, but Wikipedia reads:

--cut: http://en.wikipedia.org/wiki/Whois --
WHOIS information can be stored and looked up according to either a
thick or a thin data model:

Thick

one WHOIS server stores the complete WHOIS information from all
the registrars for the particular set of data (so that one WHOIS
server can respond with WHOIS information on all .org domains,
for example).

Thin

one WHOIS server stores only the name of the WHOIS server of the
registrar of a domain, which in turn has the full details on the
data being looked up (such as the .com WHOIS servers, which
refer the WHOIS query to the registrar where the domain was
registered).
--cut: http://en.wikipedia.org/wiki/Whois --

From that, I conclude that there is a level of indirection, so
that the query for example.net or example.org may be served by
servers with arbitrary DNS names.

Post by Thor Kottelin
There is also a myriad of poorly known protocols implemented over TCP
by various application makers to perform specific tasks.

I'm most concerned with those standard protocols that are more
or less widely deployed over Internet.

FWIW, it's not infrequent to use IP addresses instead of DNS
names when applications are used within a LAN.

[...]

As long as the site in question doesn't plan to deploy NNTP, it
seems more than reasonable to drop the leading "www".

I think it makes sense to avoid using subdomains for web hosting. In
many cases, the web site is the most important use for a domain name.
It seems to become more and more common to use plain example.com for
the website and foo.example.com, bar.example.com et cetera for other
services.

ACK, thanks.

--
FSF associate member #7257

Thor Kottelin

2012-07-07 10:08:00 UTC

Post by Thor Kottelin
DNS,

Don't the NS records offer a level of indirection already?

Yes, but recursive lookups still rely on finding an A -- or AAAA, as you
pointed out -- record for whatever is on the right side of the NS record.
Of course, the authoritative name servers for example.com can be located
outside the example.com namespace. Ditto for MX records when routing mail.

Post by Thor Kottelin
Whois.

I conclude that there is a level of indirection, so
that the query for example.net or example.org may be served by
servers with arbitrary DNS names.

Indeed, although those arbitrary DNS names do need A or AAAA records.
Registries running Whois services often use the label 'whois' to name that
service in the DNS.

--
Thor Kottelin
http://www.anta.net/

Ivan Shmakov

2012-07-08 17:49:21 UTC

Post by Thor Kottelin
DNS,

Don't the NS records offer a level of indirection already?

Yes, but recursive lookups still rely on finding an A -- or AAAA, as
you pointed out -- record for whatever is on the right side of the NS
record.

Which is exactly the same procedure as performed for the SRV
case.

Post by Thor Kottelin
Of course, the authoritative name servers for example.com can be
located outside the example.com namespace. Ditto for MX records when
routing mail.

The end result is that the @example.org "host" part of e-mail's
To: may be served by any designated server, with possibly a
completely unrelated FQDN, such as, e. g., mx.invalid -- just as
in the case of XMPP's "host" part, or Kerberos 5 realm, or the
very DNS lookup itself.

Though my guess is that there're a number of services that may
benefit from such an indirection, while lacking support for it.

Post by Thor Kottelin
Whois.

I conclude that there is a level of indirection, so that the query
for example.net or example.org may be served by servers with
arbitrary DNS names.

Indeed, although those arbitrary DNS names do need A or AAAA records.
Registries running Whois services often use the label 'whois' to name
that service in the DNS.

And that's good, as we certainly don't want any other DNS
records to specify the IPv6 and IPv4 addresses. Or do we?

--
FSF associate member #7257

Ivan Shmakov

2012-08-18 19:34:30 UTC

[...]

Post by Ivan Shmakov
Now, is there any other function that the "www" DNS name prefix
could serve? Shouldn't thus, e. g., http://www.debian.org/,
http://www.gnu.org/ and http://www.w3.org/, become simply
http://debian.org/, and so on? FWIW, there're
http://duckduckgo.com/, http://freecode.com/, and a number of other
similar ones. As long as the site in question doesn't plan to
deploy NNTP, it seems more than reasonable to drop the leading
"www".

I think it makes sense to avoid using subdomains for web hosting. In
many cases, the web site is the most important use for a domain name.
It seems to become more and more common to use plain example.com for
the website and foo.example.com, bar.example.com et cetera for other
services.

There's a catch, however, as I've just discovered: it may be
impossible to use the same DNS name for /both/ e-mail /and/
HTTP, should the latter be served by a "third party" hosting
provider.

Such a setup is likely to require one to set up a CNAME record
for HTTP, which, obviously, cannot be combined with any MX ones.

--
FSF associate member #7257 http://sf-day.org/

Thor Kottelin

2012-08-18 19:57:46 UTC

Post by Thor Kottelin
I think it makes sense to avoid using subdomains for web hosting. In
many cases, the web site is the most important use for a domain name.
It seems to become more and more common to use plain example.com for
the website and foo.example.com, bar.example.com et cetera for other
services.

There's a catch, however, as I've just discovered: it may be
impossible to use the same DNS name for /both/ e-mail /and/
HTTP, should the latter be served by a "third party" hosting
provider.
Such a setup is likely to require one to set up a CNAME record
for HTTP

Why? If memory serves me, it is not even legal to have a CNAME as well as
other data for the same name.

; The website is hosted at 192.0.2.0
example.com. IN A 192.0.2.0
;
;
; The mail exchanger is mx.example.net
example.com. IN MX 10 mx.example.net.

--
Thor Kottelin
http://www.anta.net/

Thor Kottelin

2012-08-18 20:09:00 UTC

Post by Ivan Shmakov
it may be
impossible to use the same DNS name for /both/ e-mail /and/
HTTP, should the latter be served by a "third party" hosting
provider.
Such a setup is likely to require one to set up a CNAME record
for HTTP

Why? If memory serves me, it is not even legal to have a CNAME as well
as other data for the same name.
; The website is hosted at 192.0.2.0
example.com. IN A 192.0.2.0
;
;
; The mail exchanger is mx.example.net
example.com. IN MX 10 mx.example.net.

Wait. I think I know what you mean. You would like to have something like:

example.com. IN CNAME webfarm.example.net.

And you are right: that would not work, precisely because CNAMEs and other
data do not mix (and of course, you already knew that).

The solution is to use an A record pointing to the IP address of the web
server. Admittedly, this is less elegant than the CNAME solution that can
be used for subdomains (e.g. www.example.com), as the A record must be
updated if the IP address of the web server is changed.

--
Thor Kottelin
http://www.anta.net/

Ivan Shmakov

2012-08-19 13:12:55 UTC

it may be impossible to use the same DNS name for /both/ e-mail
/and/ HTTP, should the latter be served by a "third party" hosting
provider.
Such a setup is likely to require one to set up a CNAME record for
HTTP

[...]

Wait. I think I know what you mean. You would like to have something
example.com. IN CNAME webfarm.example.net.
And you are right: that would not work, precisely because CNAMEs and
other data do not mix (and of course, you already knew that).
The solution is to use an A record pointing to the IP address of the
web server.

(... And an AAAA one...)

Admittedly, this is less elegant than the CNAME solution that can be
used for subdomains (e. g. www.example.com), as the A record must be
updated if the IP address of the web server is changed.

There's a problem if that server is provided by a third party.
It's up to them then to specify whether they'll maintain a set
of IP addresses, or a single DNS name for CNAME to point to.
(And given the trouble, I deem that they're unlikely to choose
the former.)

--
FSF associate member #7257 http://sf-day.org/

Ivan Shmakov

2012-09-20 05:10:40 UTC

[...]

Wait. I think I know what you mean. You would like to have
example.com. IN CNAME webfarm.example.net.
And you are right: that would not work, precisely because CNAMEs and
other data do not mix (and of course, you already knew that).

JFTR: the primary issue with that is that CNAME's don't mix with
the NS records, which are required in this case.

The solution is to use an A record pointing to the IP address of the
web server.

To note is that while many domain's operators choose to add the
appropriate address records to the name, they're not always
consistent with those for the "www" name. Consider, e. g.:

$ dig +noadditional +noauthority any www.gnu.org \
| grep -E -- '^[^;]'
www.gnu.org. 54 IN CNAME wildebeest.gnu.org.
$ dig +noadditional +noauthority any wildebeest.gnu.org \
| grep -E -- '^[^;]'
wildebeest.gnu.org. 39 IN SSHFP 1 1 A2B0FA94793B921FC7A835A313CE8557F8D989E1
wildebeest.gnu.org. 39 IN A 208.118.235.148
wildebeest.gnu.org. 39 IN AAAA 2001:4830:134:3::a
$

OTOH:

$ dig +noadditional +noauthority any gnu.org \
| grep -E -- '^[^;]'
gnu.org. 300 IN SSHFP 1 1 A2B0FA94793B921FC7A835A313CE8557F8D989E1
gnu.org. 300 IN MX 10 eggs.gnu.org.
gnu.org. 300 IN TXT "v=spf1 ip4:140.186.70.0/24 ip4:208.118.235.0/24 ip4:46.43.37.64/27 ip4:74.94.156.208/28 a:nitzan.inter.net.il a:specnaz.aaso.pl ~all"
gnu.org. 300 IN A 208.118.235.148
gnu.org. 300 IN SOA ns1.gnu.org. hostmaster.gnu.org. 2011071556 3600 120 1209600 3600
gnu.org. 300 IN NS ns3.gnu.org.
gnu.org. 300 IN NS ns2.gnu.org.
gnu.org. 300 IN NS ns1.gnu.org.
gnu.org. 300 IN NS ns4.gnu.org.
$

As could be seen, the AAAA record is missing for the latter.
(I'll try to check if there's a mailing list to report the
issue.)

[...]

--
FSF associate member #7257

D. Stussy

2012-07-07 22:30:04 UTC