To: bind-users@lists.isc.org (bind-users)

On 09/07/2020 14:21, @lbutlr wrote:

Given a domain that is hosted and used for email and web, is an A
record for that domain actually required?

It's not *required*. But see below.

That is, if bob.tld is hosted by example.com can you simply have

NS ns1.example.com
NS ns2.example.com
MX mx.example.com

www CNAME www.example.com

Without specifying

A 11.22.33.444

These days, many folk try to reach websites by typing just the bare
domain name without the "www" prefix.

If a user types "bob.tld" into a browser, the browser will issue an
address lookup for "bob.tld", causing the resolver to ask for A and AAAA records for "bob.tld". If you don't have an A record at the zone apex,
the browser will not get back any address and display an error message
for the user. An alert user might try "www.bob.tld" but most users are
likely to just give up.

So while it's not *required* to have an address record at the apex, it's
good practice to have one.

Anand

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Copy: Bind-users@lists.isc.org (bind-users)

At this stage one still needs A records to be reachable by everyone. One should also ensure you are reachable over IPv6 as lots of the world behind IPv6 only links as their ISPs don’t have enough IPv4 addresses for every one. Instead they have to use
some form of IPv4 as a service which is significantly more expensive to operate compared to straight routers.

--
Mark Andrews

On 9 Jul 2020, at 22:22, @lbutlr <kremels@kreme.com> wrote:

Given a domain that is hosted and used for email and web, is an A record for that domain actually required?

That is, if bob.tld is hosted by example.com can you simply have

NS ns1.example.com
NS ns2.example.com
MX mx.example.com

www CNAME www.example.com

Without specifying

A 11.22.33.444

(I am pretty sure this is *technically* allowed, but is it really OK to do or are there reasons not to do this?)

--
And there were all the stars, looking remarkably like powered
diamonds spilled on black velvet, the stars that lured and
ultimately called the boldest towards them…

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.

Given a domain that is hosted and used for email and web, is an A record for that domain actually required?

That is, if bob.tld is hosted by example.com can you simply have

NS ns1.example.com
NS ns2.example.com
MX mx.example.com

www CNAME www.example.com

Without specifying

A 11.22.33.444

(I am pretty sure this is *technically* allowed, but is it really OK to do or are there reasons not to do this?)



--
And there were all the stars, looking remarkably like powered
diamonds spilled on black velvet, the stars that lured and
ultimately called the boldest towards them…

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On a related issues there were (perhaps long ago) issues if the A record
for a domain had an SMTP server on it, where email could sometimes be
delivered to that A record rather than the MX. I had (again long ago:
10-15 years) actually seen this occur.

Do people think that this problem could still occur these days? What sort
of transient (presumably DNS) failure might cause an SMTP server to deliver
to A rather than MX?

Best wishes,
Matthew

------

From: Anand Buddhdev <anandb@ripe.net>
To: "@lbutlr" <kremels@kreme.com>, bind-users <bind-users@lists.isc.org>
Cc:
Date: Thu, 9 Jul 2020 14:43:04 +0200
Subject: Re: Dumb Question is an A or AAAA record required?

On 09/07/2020 14:21, @lbutlr wrote:

Given a domain that is hosted and used for email and web, is an A
record for that domain actually required?

It's not *required*. But see below.

That is, if bob.tld is hosted by example.com can you simply have

NS ns1.example.com
NS ns2.example.com
MX mx.example.com

www CNAME www.example.com

Without specifying

A 11.22.33.444

These days, many folk try to reach websites by typing just the bare
domain name without the "www" prefix.

If a user types "bob.tld" into a browser, the browser will issue an
address lookup for "bob.tld", causing the resolver to ask for A and AAAA >records for "bob.tld". If you don't have an A record at the zone apex,
the browser will not get back any address and display an error message
for the user. An alert user might try "www.bob.tld" but most users are
likely to just give up.

So while it's not *required* to have an address record at the apex, it's
good practice to have one.

Anand
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Copy: bind-users@lists.isc.org (bind-users)

Missing MX, there’s actually syntax accepted by major SMTP servers to disable SMTP for domain:

example.com. MX 0 .

Ondrej
--
Ondřej Surý — ISC

On 9 Jul 2020, at 16:06, Matthew Richardson <matthew-l@itconsult.co.uk> wrote:

On a related issues there were (perhaps long ago) issues if the A record for a domain had an SMTP server on it, where email could sometimes be delivered to that A record rather than the MX. I had (again long ago:
10-15 years) actually seen this occur.

Do people think that this problem could still occur these days? What sort
of transient (presumably DNS) failure might cause an SMTP server to deliver to A rather than MX?

Best wishes,
Matthew

------

From: Anand Buddhdev <anandb@ripe.net>
To: "@lbutlr" <kremels@kreme.com>, bind-users <bind-users@lists.isc.org>
Cc:
Date: Thu, 9 Jul 2020 14:43:04 +0200
Subject: Re: Dumb Question is an A or AAAA record required?

On 09/07/2020 14:21, @lbutlr wrote:

Given a domain that is hosted and used for email and web, is an A
record for that domain actually required?

It's not *required*. But see below.

That is, if bob.tld is hosted by example.com can you simply have

NS ns1.example.com
NS ns2.example.com
MX mx.example.com

www CNAME www.example.com

Without specifying

A 11.22.33.444

These days, many folk try to reach websites by typing just the bare
domain name without the "www" prefix.

If a user types "bob.tld" into a browser, the browser will issue an
address lookup for "bob.tld", causing the resolver to ask for A and AAAA
records for "bob.tld". If you don't have an A record at the zone apex,
the browser will not get back any address and display an error message
for the user. An alert user might try "www.bob.tld" but most users are
likely to just give up.

So while it's not *required* to have an address record at the apex, it's
good practice to have one.

Anand
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.

bind-users mailing list
bind-users@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

To: bind-users@lists.isc.org (bind-users)

On 09/07/2020 16:06, Matthew Richardson wrote:

On a related issues there were (perhaps long ago) issues if the A record
for a domain had an SMTP server on it, where email could sometimes be delivered to that A record rather than the MX. I had (again long ago:
10-15 years) actually seen this occur.

Note that *delivery* will only happen if that A record were actually
listening on tcp/25 and accepting SMTP connections. No-one should be
opening up the SMTP port on a server meant to serve only HTTP(S)
traffic. Anyone who does that deserves what they get for making such
poor decisions.

Anand

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

On 09.07.20 15:06, Matthew Richardson wrote:

On a related issues there were (perhaps long ago) issues if the A record
for a domain had an SMTP server on it, where email could sometimes be >delivered to that A record rather than the MX. I had (again long ago:
10-15 years) actually seen this occur.

If there is MX record for a domain, a MTA MUST only use MX record when delivering to that domain.

If there is no MX record for a domain, but an A record is available, MTA
uses default MX with preference of 0 pointing to that A records.

This is how it's defined to work, this is not "an issue about that".

Do people think that this problem could still occur these days? What sort
of transient (presumably DNS) failure might cause an SMTP server to deliver >to A rather than MX?

the only DNS failure that could cause this (and I can think of now) is if
DNS server incorrectly returned NODATA for MX record (effectively saying there's no MX).

--
Matus UHLAR - fantomas, uhlar@fantomas.sk ; http://www.fantomas.sk/
Warning: I wish NOT to receive e-mail advertising to this address.
Varovanie: na tuto adresu chcem NEDOSTAVAT akukolvek reklamnu postu.
Spam = (S)tupid (P)eople's (A)dvertising (M)ethod

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

My question is raised because of such "poor decisions" by certain web
hosting providers (naming no names!) whose provisioning systems require
records for both www and the domain root pointing to their systems, and
where those systems DO LISTEN on port 25.

In these modern days, should one be concerned about this for a domain where
the MX records point to proper enterprise grade email services? The
problem is that the web hosting provider's poor decision might interfere
with the enterprise email system.

I think Matus may be correct that this is only an issue if the MX query
returns NODATA rather than timing out. In the old days (10-15 years ago),
I think a timeout may have triggered the failback from MX to A, but I am
not sure.

Best wishes,
Matthew

------

From: Anand Buddhdev <anandb@ripe.net>
To: Matthew Richardson <matthew-l@itconsult.co.uk>, bind-users <bind-users@lists.isc.org>
Cc:
Date: Thu, 9 Jul 2020 17:06:13 +0200
Subject: Re: Dumb Question is an A or AAAA record required?

On 09/07/2020 16:06, Matthew Richardson wrote:

On a related issues there were (perhaps long ago) issues if the A record
for a domain had an SMTP server on it, where email could sometimes be
delivered to that A record rather than the MX. I had (again long ago:
10-15 years) actually seen this occur.

Note that *delivery* will only happen if that A record were actually >listening on tcp/25 and accepting SMTP connections. No-one should be
opening up the SMTP port on a server meant to serve only HTTP(S)
traffic. Anyone who does that deserves what they get for making such
poor decisions.

Anand

--- SoupGate-Win32 v1.05
* Origin: fsxNet Usenet Gateway (21:1/5)

Copy: bind-users@lists.isc.org

Very soon you will be able to specify HTTPS records. BIND has a implementation that is just waiting for the draft to go to the RFC editor. The type codes are already allocated.

This still requires clients to lookup the records but the browser vendors are on board.

--
Mark Andrews

On 10 Jul 2020, at 02:03, Matthew Richardson <matthew-l@itconsult.co.uk> wrote:

My question is raised because of such "poor decisions" by certain web hosting providers (naming no names!) whose provisioning systems require records for both www and the domain root pointing to their systems, and
where those systems DO LISTEN on port 25.

In these modern days, should one be concerned about this for a domain where the MX records point to proper enterprise grade email services? The
problem is that the web hosting provider's poor decision might interfere
with the enterprise email system.

I think Matus may be correct that this is only an issue if the MX query returns NODATA rather than timing out. In the old days (10-15 years ago),
I think a timeout may have triggered the failback from MX to A, but I am
not sure.

Best wishes,
Matthew

------

From: Anand Buddhdev <anandb@ripe.net>
To: Matthew Richardson <matthew-l@itcons

This is a cryptographically signed message in MIME format.

On 7/9/20 6:43 AM, Anand Buddhdev wrote:

If you don't have an A record at the zone apex, the browser will not
get back any address and display an error message for the user.

There was a point in time when the big web browsers would try connecting
to www.<domain>.<tld> if connecting to <domain>.<tld> failed.

I don't know what the current state of affairs is.



--
Grant. . . .
unix || die


MIAGCSqGSIb3DQEHAqCAMIACAQExDzANBglghkgBZQMEAgEFADCABgkqhkiG9w0BBwEAAKCC CzkwggUhMIIECaADAgECAhA53zcXtFD9dENby64EqrKqMA0GCSqGSIb3DQEBCwUAMIGWMQsw CQYDVQQGEwJHQjEbMBkGA1UECBMSR3JlYXRlciBNYW5jaGVzdGVyMRAwDgYDVQQHEwdTYWxm b3JkMRgwFgYDVQQKEw9TZWN0aWdvIExpbWl0ZWQxPjA8BgNVBAMTNVNlY3RpZ28gUlNBIENs aWVudCBBdXRoZW50aWNhdGlvbiBhbmQgU2VjdXJlIEVtYWlsIENBMB4XDTE5MTExOTAwMDAw MFoXDTIwMTExODIzNTk1OVowKzEpMCcGCSqGSIb3DQEJARYaZ3RheWxvckB0bmV0Y29uc3Vs dGluZy5uZXQwggEiMA0GCSqGSIb3DQEBAQUAA4IBDwAwggEKAoIBAQCwIZcEJcuE7mUfxJnD I8oOSX/TvAhoP11agD++8L7Ok8fFJhJK0lOVRsq1M6lF2E2Vzuyffg2ppbecWvHcIRadsaiG imnrJQasdkhj/JUtqPUXnC0SVA0AzYLrLReQB+9j/jTgB5JnFLyC2lEn9KTA6JmDGjvVkv2T k+I2+v24nI4/2lGjD+jIKQiFXkE1uqablXJAw1c9Mh9d4/wjnIM9zLGv1i3xxOLdQ1PXSUZL 12wOy1r7CsGAnNSNhGaceB2tdhdleFEyIHgSgDWtWResHdu/ubZqFiHxaLRJlafOHMj3yC6x NOA1IdcNJsaRkQHxSkayKzeE5JK3TxlV83dbAgMBAAGjggHTMIIBzzAfBgNVHSMEGDAWgBQJ wPL8C9qU21/+K9+omULPyeCtADAdBgNVHQ4EFgQUU6bXebmKM+efFHN0MBjYuJO9Za8wDgYD VR0PAQH/BAQDAgWgMAwGA1UdEw