Making Your Services Easy to Find

2.20.1 Problem

You want to make it easy for users to find the services you offer.

2.20.2 Solution

Give your servers "functional" domain names. For example, most users will expect to find an organization's FTP server at the domain name ftp.domain-name-of-zone. In most cases, the domain name can be an alias for the canonical name of the host running the service; that's not possible with name servers or mail servers, though.

Other common functional domain names include:

domain-name-of-zone

The zone's domain name, by convention, owns one or more A records that point to the organization's web server, and one or more MX records that tell mailers where to deliver mail addressed to the organization's users.

imap.domain-name-of-zone

An IMAP mail server.

mail.domain-name-of-zone

An SMTP mail server. Note that this domain name can't be an alias; it must own an A record. Moreover, the mail server must recognize itself as this domain name in order to prevent mail loops.

ns[N].domain-name-of-zone

The authoritative name servers for your zone. Since there are often more than one, use an integer to distinguish between them: ns1, ns2, etc. Or, for the unapologetically geeky, ns0, ns1, etc. Note that these domain names can't be aliases; they must own A records.

ntp.domain-name-of-zone

An NTP (Network Time Protocol) server. If you have more than one, disambiguate them by using ntp1, ntp2, etc.

pop.domain-name-of-zone

A POP mail server.

smtp.domain-name-of-zone

An alternative to mail.domain-name-of-zone. As with mail.domain-name-of-zone, this must own an A record.

www.domain-name-of-zone

This convention is so common it's almost not worth discussing, but most users expect to find an organization's web site here.

2.20.3 Discussion

One big benefit of using functional domain names is that you can move a service from one host to another by changing only the A or CNAME record for the functional domain name, and without changing the configuration of every client of that service. For example, if you moved your NTP server from a.foo.example to b.foo.example, you could just change the ntp.foo.example CNAME record to:

ntp.foo.example. IN CNAME b.foo.example.

Assuming you'd configured your NTP clients to refer to your NTP server by the domain name ntp.foo.example, you wouldn't have to make any changes to your clients' configuration.

The domain names of mail servers and name servers are special because of the way they're used. The domain name of a name server will usually appear in an NS record, delegating a zone to that name server. A name server sending that NS record in a referral will only add A records for the name server's domain name to the response. If the domain name owns a CNAME record, the name server won't find it.

Likewise, mail servers sending mail to your email addresses expect to find A records for the mail servers you list in your MX records. If you use CNAME records, they won't find the address they're after.

Also, if one of your backup mail servers receives the email, it will "trim" the list of MX records by removing itself and any less-preferred mail servers. If it doesn't recognize itself in the list because you've used an alias in an MX record, it may try to send mail to itself, or to a less-preferred mail server.

Категории