Some people will say no public DNS records should ever disclose private IP addresses….with the thinking being that you are giving potential attackers a leg up on some information that might be required to exploit private systems. Personally, I think that obfuscation is a poor form of security, especially when we are talking about IP … Read more
You need to have separate SPF records for each subdomain you wish to send mail from. The following was originally posted on openspf.org, which used to be a great resource for this kind of thing. Latest link http://www.open-spf.org/FAQ/The_demon_question/ The Demon Question: What about subdomains? If I get mail from pielovers.demon.co.uk, and there’s no SPF data … Read more
The way described is the way you create multiple records on Route 53. Entering two values in the textarea separated by a newline will result in two distinct records in the DNS. This is why Amazon call it a “record set” – it is a set of records.
When I use the term “DNS Round Robin” I generally mean in in the sense of the “cheap load balancing technique” as OP describes it. But that’s not the only way DNS can be used for global high availability. Most of the time, it’s just hard for people with different (technology) backgrounds to communicate well. … Read more
To facilitate failover schemes, a common technique is to use DNS CNAME records (DNS Aliases) for different machine roles. Then instead of changing the Windows computername of the actual machine name, one can switch a DNS record to point to a new host. This can work on Microsoft Windows machines, but to make it work … Read more
From RFC 1034 – Domain names – concepts and facilities: Domain names in RRs which point at another name should always point at the primary name and not the alias. This avoids extra indirections in accessing information. For example, the address to name RR for the above host should be: 52.0.0.10.IN-ADDR.ARPA IN PTR C.ISI.EDU rather … Read more
You can work around this issue in one of two ways, both of which are in the VirtualBox manual: Enabling DNS proxy in NAT mode The NAT engine by default offers the same DNS servers to the guest that are configured on the host. In some scenarios, it can be desirable to hide the DNS … Read more
Think of it like this: DNS is the phone directory/yellow pages. When someone wants to call your phone, they can look up your name and get your phone number and call that phone. DNS does the same but for computers – when someone wants to go to www.example.com they ask DNS for the IP address … Read more
Yes, that’s an appropriate use of CNAMEs. In the discussions I’ve been part of, the arguments tend to go like this: Against CNAMEs: There is a (tiny) performance penalty, as the downstream DNS caches need to perform 2 DNS lookups, one for the CNAME and one for the A-Record the CNAME points to. Vague, bogus … Read more
I wouldn’t run my own DNS server – in my case, the hosting company that hosts my website provides free DNS service. There are also alternatives, companies that do nothing but DNS hosting (DNS Made Easy comes to mind, but there are many others) which are the kind of thing you should probably look into. … Read more