Default DNS CNAME zaznam

[Martin Mares]

Zdravim,

> zrejme by vam nezaskodilo si precitac dane rfc, ktore ma cislo rfc1357, kde sa
> o inych ako MX wildcardoch nehovori. Potom je tu este na ukazku FAQ sendmailu,
> kde na otazku: "Q4.1 -- Should I use a wildcard MX for my domain?" je hned
> odpoved "If at all possible, no", pricom je popisane ako na to, ale vyslovene
> to neodporucaju, vid: http://www.sendmail.org/faq/section4.html#4.1

   Opravdu nevim, proc by RFC 1357 melo byt jakkoliv relevantni k tomuto problemu,
jelikoz nese titulek "A Format for E-mailing Bibliographic Records" :-))

   RFC 1034 (Domain Names -- Concepts and Facilities) wildcard recordy definuje,
a to dokonce v obecnem resolvovacim algoritmu. Je tam pouze zminka, ze typicke
pouziti je pro MX.

   RFC 1912 (Common DNS Errors) dokonce explicitne rika:

|   Wildcard As and CNAMEs are possible too, and are really confusing to
|   users, and a potential nightmare if used without thinking first.  It
|   could result (due again to domain searching) in any telnet/ftp
|   attempts from within the domain to unknown hosts to be directed to
|   one address.  One such wildcard CNAME (in *.edu.com) caused
|   Internet-wide loss of services and potential security nightmares due
|   to unexpected interactions with domain searching.  It resulted in
|   swift fixes, and even an RFC ([RFC 1535]) documenting the problem.

   Muj nazor je presne tentyz -- pokud je to jen trosku mozne (a jeste jsem
nevidel pripad, kdy by nebylo), wildcard recordy pro cokoliv jineho nez MX
nepouzivat a pro MX opravdu s rozmyslem (je nutne si davat velky pozor
na konfiguraci serveru, na ktery takove MX ukazuje).

				Have a nice fortnight
--
Martin `MJ' Mares   <mj at ucw.cz>   http://atrey.karlin.mff.cuni.cz/~mj/
Faculty of Math and Physics, Charles University, Prague, Czech Rep., Earth
"Ctrl and Alt keys stuck -- press Del to continue."