So I'm setting up this server right now that'll host multiple websites / domains. What are the current best practices with regard to DNS records? I admit to 'just having done something' up to now, which is pretty bad. Mea culpa. And though it has worked for me in the past, I'd like to know what the best way of doing things is, so here's a couple of questions about it:
I think it probably makes the most sense to setup the main hostname like this
192.168.0.1 A example.com 192.168.0.1 A host.example.com www CNAME example.comand then a single PTR record for 192.168.0.1 back to example.com. Should the www CNAME point to the example.com or to the host.example.com A records? What makes more sense and why?
Would it then make the most sense to create a CNAME for each Virtualhost on this server to the example.com A record (or the host.example.com A record), or to create individual A records for each Virtualhost to the main IP address?
The SMTP server on this host will identify itself as host.example.com. Is SPF uptake broad enough already that I can create an SPF record for each hosted domain and have that take care of other domains possibly rejecting mail from this host?
Addressing 1 and 2: In most cases, I would recommend doing a single "A" record for the actual IP associated with the box and CNAME everything you need to that. If you are going to have a lot of somethings.example.com, I would make use of a wildcard entry
The benefit being that you don't have to do a lot of DNS maintenance as whatever .example.com you use will already match. You just let apache figure out what to do with it based on the name given. This would result in 2 look-ups, and I would only do many CNAMEs to one A, and not try doing CNAME->CNAME. Additionally MX records must only point to an A record name.
If you ever need to break a vhost off to its own IP addres, you can then just add an "A" record for that one host and the most-specific answer will win.
Any given IP address can have as many A RR's pointing to it as you want. You can have then:
You only need one PTR for 192.168.0.1. In this particular case the most appropriate seems to be:
However, any of the other choices would be equally correct, as long as it is one.
This happens because when a machine (A) connects to a server (B), it does not know the name of A, only its IP address. By posing a PTR query on the DNS, it gets a name as a response. So now B knows that whoever connected on him is (probably) named A. To verify that is asks again the DNS "what is the IP address of A?" and expects the answer to contain the IP address it already knows about A from the connection data. What happens when the response does not match what is expected is a matter of server administration policy.
You can create CNAMEs instead of multiple records if you wish. This means that when someone wants to find out the IP address of B (so as to connect to it) it asks the DNS twice: First, "what is the real name of B?" and then "what is the IP address of that name?".
Note though that you cannot have CNAMEs combined with MX records, and therefore if for some particular reason you need to accept email directed to [email protected], then www.example3.com has to be an A record.
Here you have a very good and free tool to check your configuration:
For each domain you need to create a separate zone file, e.g. for example.com you'll create a file called
db.com.example.Next set up your SOA record:
It is largely up to you whether you use a
www CNAMEorwww Arecord. Something to be aware of is that large organisations sometimes have trouble when there are too many CNAME chains. This is unlikely to be a problem for you, however.The PTR record (reverse look-up) will not exist in this zone file. It will probably be located in a zone file operated by your internet service provider.
See http://tldp.org/HOWTO/DNS-HOWTO-5.html
Setting up records as A theoretically should be faster as in the CNAME scenario two DNS requests are needed.