Can BIND setup with only A names and fully qualified host names work properly?

Clash Royale CLAN TAG#URR8PPP

up vote
1
down vote

favorite

I recently came across a zone file for BIND which used only Address records with fully qualified domain names for each IP.

Example snippet:

subdomain1.example.com. IN A 192.168.1.10
subdomain2.example.com. IN A 192.168.1.10
subdomain3.example.com. IN A 192.168.1.10

There are also multiple fully qualified names resolving to the same IP addresses.

Is there a issue with this configuration? (i.e. not using CNAME or ALIAS?)

Can this be done or will it cause issues?

Since I am not an expert I assume some issues include:

• Reverse lookup. (first response is considered correct?)


• Certificates (if not first response then cert error?)

linux domain-name-system bind internal-dns

share|improve this question

edited 36 mins ago

HBruijn

51k1083137

asked 1 hour ago

Nathan McCoy

160210

add a comment | 

up vote
1
down vote

favorite

I recently came across a zone file for BIND which used only Address records with fully qualified domain names for each IP.

Example snippet:

subdomain1.example.com. IN A 192.168.1.10
subdomain2.example.com. IN A 192.168.1.10
subdomain3.example.com. IN A 192.168.1.10

There are also multiple fully qualified names resolving to the same IP addresses.

Is there a issue with this configuration? (i.e. not using CNAME or ALIAS?)

Can this be done or will it cause issues?

Since I am not an expert I assume some issues include:

• Reverse lookup. (first response is considered correct?)


• Certificates (if not first response then cert error?)

linux domain-name-system bind internal-dns

share|improve this question

edited 36 mins ago

HBruijn

51k1083137

asked 1 hour ago

Nathan McCoy

160210

add a comment | 

up vote
1
down vote

favorite

up vote
1
down vote

favorite

I recently came across a zone file for BIND which used only Address records with fully qualified domain names for each IP.

Example snippet:

subdomain1.example.com. IN A 192.168.1.10
subdomain2.example.com. IN A 192.168.1.10
subdomain3.example.com. IN A 192.168.1.10

There are also multiple fully qualified names resolving to the same IP addresses.

Is there a issue with this configuration? (i.e. not using CNAME or ALIAS?)

Can this be done or will it cause issues?

Since I am not an expert I assume some issues include:

• Reverse lookup. (first response is considered correct?)


• Certificates (if not first response then cert error?)

linux domain-name-system bind internal-dns

share|improve this question

edited 36 mins ago

HBruijn

51k1083137

asked 1 hour ago

Nathan McCoy

160210

I recently came across a zone file for BIND which used only Address records with fully qualified domain names for each IP.

Example snippet:

subdomain1.example.com. IN A 192.168.1.10
subdomain2.example.com. IN A 192.168.1.10
subdomain3.example.com. IN A 192.168.1.10

There are also multiple fully qualified names resolving to the same IP addresses.

Is there a issue with this configuration? (i.e. not using CNAME or ALIAS?)

Can this be done or will it cause issues?

Since I am not an expert I assume some issues include:

• Reverse lookup. (first response is considered correct?)


• Certificates (if not first response then cert error?)

linux domain-name-system bind internal-dns

linux domain-name-system bind internal-dns

share|improve this question

edited 36 mins ago

HBruijn

51k1083137

asked 1 hour ago

Nathan McCoy

160210

share|improve this question

edited 36 mins ago

HBruijn

51k1083137

asked 1 hour ago

Nathan McCoy

160210

share|improve this question

share|improve this question

edited 36 mins ago

HBruijn

51k1083137

edited 36 mins ago

HBruijn

51k1083137

edited 36 mins ago

HBruijn

51k1083137

51k1083137

asked 1 hour ago

Nathan McCoy

160210

asked 1 hour ago

Nathan McCoy

160210

asked 1 hour ago

Nathan McCoy

160210

160210

add a comment | 

add a comment | 

2 Answers
2

active

oldest

votes

up vote
4
down vote

It's perfectly valid to have multiple A records pointing to the same IP. Reverse lookup has nothing to do with it; as that would a) be in a separate zone and b) would be using PTR records. Certificates are also irrelevant here.

share|improve this answer

answered 1 hour ago

bodgit

2,752520

add a comment | 

up vote
1
down vote

That is only a forward zone and as @bodgit answered that is perfectly valid for all use cases.

The main potential disadvantage of the above is an administrative one. For a single zone not too much of an issue but with many host names in many different domains much more so: in case of a change of ip-address every A record with that ip-address will need to be updated, where CNAME records will automtically follow the ip-address change of their target FQDN and would not need to be updated.

For a reverse zone, doing something almost similar is AFAIK also technically valid:

10.1.168.192.in-addr.arpa. IN PTR subdomain1.example.com.
10.1.168.192.in-addr.arpa. IN PTR subdomain2.example.com.
10.1.168.192.in-addr.arpa. IN PTR subdomain3.example.com.

but that won't have the effect people usually seem to expect.

subdomain1.example.com. will always point to 192.168.1.10 but the reverse lookup will most of the time NOT point back to subdomain1.example.com.

The above will become a round-robin DNS record where 1/3 of the responses will return an "incorrect" response of subdomain2.example.com. , 1/3 of the responses will return an also "incorrect" response of subdomain3.example.com. and only a 33% chance exists that the "correct" response of subdomain1.example.com. will be seen.

share|improve this answer

edited 10 mins ago

answered 36 mins ago

HBruijn

51k1083137

add a comment | 

Your Answer

StackExchange.ready(function()
var channelOptions =
tags: "".split(" "),
id: "2"
;
initTagRenderer("".split(" "), "".split(" "), channelOptions);

StackExchange.using("externalEditor", function()
// Have to fire editor after snippets, if snippets enabled
if (StackExchange.settings.snippets.snippetsEnabled)
StackExchange.using("snippets", function()
createEditor();
);

else
createEditor();

);

function createEditor()
StackExchange.prepareEditor(
heartbeatType: 'answer',
convertImagesToLinks: true,
noModals: true,
showLowRepImageUploadWarning: true,
reputationToPostImages: 10,
bindNavPrevention: true,
postfix: "",
imageUploader:
brandingHtml: "Powered by u003ca class="icon-imgur-white" href="https://imgur.com/"u003eu003c/au003e",
contentPolicyHtml: "User contributions licensed under u003ca href="https://creativecommons.org/licenses/by-sa/3.0/"u003ecc by-sa 3.0 with attribution requiredu003c/au003e u003ca href="https://stackoverflow.com/legal/content-policy"u003e(content policy)u003c/au003e",
allowUrls: true
,
onDemand: true,
discardSelector: ".discard-answer"
,immediatelyShowMarkdownHelp:true
);



);

 

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name Email

StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f938084%2fcan-bind-setup-with-only-a-names-and-fully-qualified-host-names-work-properly%23new-answer', 'question_page');

);

Post as a guest

Name Email

2 Answers
2

active

oldest

votes

2 Answers
2

active

oldest

votes

active

oldest

votes

active

oldest

votes

up vote
4
down vote

It's perfectly valid to have multiple A records pointing to the same IP. Reverse lookup has nothing to do with it; as that would a) be in a separate zone and b) would be using PTR records. Certificates are also irrelevant here.

share|improve this answer

answered 1 hour ago

bodgit

2,752520

add a comment | 

up vote
4
down vote

It's perfectly valid to have multiple A records pointing to the same IP. Reverse lookup has nothing to do with it; as that would a) be in a separate zone and b) would be using PTR records. Certificates are also irrelevant here.

share|improve this answer

answered 1 hour ago

bodgit

2,752520

add a comment | 

up vote
4
down vote

up vote
4
down vote

It's perfectly valid to have multiple A records pointing to the same IP. Reverse lookup has nothing to do with it; as that would a) be in a separate zone and b) would be using PTR records. Certificates are also irrelevant here.

share|improve this answer

answered 1 hour ago

bodgit

2,752520

It's perfectly valid to have multiple A records pointing to the same IP. Reverse lookup has nothing to do with it; as that would a) be in a separate zone and b) would be using PTR records. Certificates are also irrelevant here.

share|improve this answer

answered 1 hour ago

bodgit

2,752520

share|improve this answer

share|improve this answer

answered 1 hour ago

bodgit

2,752520

answered 1 hour ago

bodgit

2,752520

answered 1 hour ago

bodgit

2,752520

2,752520

add a comment | 

add a comment | 

up vote
1
down vote

That is only a forward zone and as @bodgit answered that is perfectly valid for all use cases.

The main potential disadvantage of the above is an administrative one. For a single zone not too much of an issue but with many host names in many different domains much more so: in case of a change of ip-address every A record with that ip-address will need to be updated, where CNAME records will automtically follow the ip-address change of their target FQDN and would not need to be updated.

For a reverse zone, doing something almost similar is AFAIK also technically valid:

10.1.168.192.in-addr.arpa. IN PTR subdomain1.example.com.
10.1.168.192.in-addr.arpa. IN PTR subdomain2.example.com.
10.1.168.192.in-addr.arpa. IN PTR subdomain3.example.com.

but that won't have the effect people usually seem to expect.

subdomain1.example.com. will always point to 192.168.1.10 but the reverse lookup will most of the time NOT point back to subdomain1.example.com.

The above will become a round-robin DNS record where 1/3 of the responses will return an "incorrect" response of subdomain2.example.com. , 1/3 of the responses will return an also "incorrect" response of subdomain3.example.com. and only a 33% chance exists that the "correct" response of subdomain1.example.com. will be seen.

share|improve this answer

edited 10 mins ago

answered 36 mins ago

HBruijn

51k1083137

add a comment | 

up vote
1
down vote

That is only a forward zone and as @bodgit answered that is perfectly valid for all use cases.

The main potential disadvantage of the above is an administrative one. For a single zone not too much of an issue but with many host names in many different domains much more so: in case of a change of ip-address every A record with that ip-address will need to be updated, where CNAME records will automtically follow the ip-address change of their target FQDN and would not need to be updated.

For a reverse zone, doing something almost similar is AFAIK also technically valid:

10.1.168.192.in-addr.arpa. IN PTR subdomain1.example.com.
10.1.168.192.in-addr.arpa. IN PTR subdomain2.example.com.
10.1.168.192.in-addr.arpa. IN PTR subdomain3.example.com.

but that won't have the effect people usually seem to expect.

subdomain1.example.com. will always point to 192.168.1.10 but the reverse lookup will most of the time NOT point back to subdomain1.example.com.

The above will become a round-robin DNS record where 1/3 of the responses will return an "incorrect" response of subdomain2.example.com. , 1/3 of the responses will return an also "incorrect" response of subdomain3.example.com. and only a 33% chance exists that the "correct" response of subdomain1.example.com. will be seen.

share|improve this answer

edited 10 mins ago

answered 36 mins ago

HBruijn

51k1083137

add a comment | 

up vote
1
down vote

up vote
1
down vote

That is only a forward zone and as @bodgit answered that is perfectly valid for all use cases.

The main potential disadvantage of the above is an administrative one. For a single zone not too much of an issue but with many host names in many different domains much more so: in case of a change of ip-address every A record with that ip-address will need to be updated, where CNAME records will automtically follow the ip-address change of their target FQDN and would not need to be updated.

For a reverse zone, doing something almost similar is AFAIK also technically valid:

10.1.168.192.in-addr.arpa. IN PTR subdomain1.example.com.
10.1.168.192.in-addr.arpa. IN PTR subdomain2.example.com.
10.1.168.192.in-addr.arpa. IN PTR subdomain3.example.com.

but that won't have the effect people usually seem to expect.

subdomain1.example.com. will always point to 192.168.1.10 but the reverse lookup will most of the time NOT point back to subdomain1.example.com.

The above will become a round-robin DNS record where 1/3 of the responses will return an "incorrect" response of subdomain2.example.com. , 1/3 of the responses will return an also "incorrect" response of subdomain3.example.com. and only a 33% chance exists that the "correct" response of subdomain1.example.com. will be seen.

share|improve this answer

edited 10 mins ago

answered 36 mins ago

HBruijn

51k1083137

That is only a forward zone and as @bodgit answered that is perfectly valid for all use cases.

The main potential disadvantage of the above is an administrative one. For a single zone not too much of an issue but with many host names in many different domains much more so: in case of a change of ip-address every A record with that ip-address will need to be updated, where CNAME records will automtically follow the ip-address change of their target FQDN and would not need to be updated.

For a reverse zone, doing something almost similar is AFAIK also technically valid:

10.1.168.192.in-addr.arpa. IN PTR subdomain1.example.com.
10.1.168.192.in-addr.arpa. IN PTR subdomain2.example.com.
10.1.168.192.in-addr.arpa. IN PTR subdomain3.example.com.

but that won't have the effect people usually seem to expect.

subdomain1.example.com. will always point to 192.168.1.10 but the reverse lookup will most of the time NOT point back to subdomain1.example.com.

The above will become a round-robin DNS record where 1/3 of the responses will return an "incorrect" response of subdomain2.example.com. , 1/3 of the responses will return an also "incorrect" response of subdomain3.example.com. and only a 33% chance exists that the "correct" response of subdomain1.example.com. will be seen.

share|improve this answer

edited 10 mins ago

answered 36 mins ago

HBruijn

51k1083137

share|improve this answer

share|improve this answer

edited 10 mins ago

edited 10 mins ago

edited 10 mins ago

answered 36 mins ago

HBruijn

51k1083137

answered 36 mins ago

HBruijn

51k1083137

answered 36 mins ago

HBruijn

51k1083137

51k1083137

add a comment | 

add a comment | 

 

draft saved

draft discarded

 

draft saved

draft discarded

Sign up or log in

StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name Email

StackExchange.ready(
function ()
StackExchange.openid.initPostLogin('.new-post-login', 'https%3a%2f%2fserverfault.com%2fquestions%2f938084%2fcan-bind-setup-with-only-a-names-and-fully-qualified-host-names-work-properly%23new-answer', 'question_page');

);

Post as a guest

Name Email

Sign up or log in

StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name Email

Sign up or log in

StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name Email

Sign up or log in

StackExchange.ready(function ()
StackExchange.helpers.onClickDraftSave('#login-link');
);

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Sign up using Google

Sign up using Facebook

Sign up using Email and Password

Post as a guest

Name Email

Name Email

Name

Email

Name Email

Name

Email