At 2:54 AM -0700 1/1/02, Don Yuniskis wrote:
>  >>Note that CNAMEs can be a problem with some tools.
>  >
>>My protest
>
>CNAMES are huge sources of potential screwups...

"CNAMES are a huge source of potential screwups" is a *MUCH* 
different statement than "CNAMEs can be a problem with some tools." 
DNS in general is a huge source of potential screwups ;-). That was 
why we were discouraging a newbie from attempting in the first place 
;-). That's also why the DNS and BIND book is so freaking huge. If 
you set up your files correctly, there is no difference between a 
CNAME and an A record WRT their ability to work with every tool & 
utility.

>As I said previously, DNS is not trivial to set up
>*right*...

Correct. Again, that is a much different statement than "CNAMEs don't 
work right".

As for your "examples"...all but one were the result of incorrect 
configuration on the part of the DNS administrator, whether just 
getting local config wrong, or by making longevity assumptions WRT 
other domains. That is not a shortcoming of the CNAME directive. The 
other "example" is a failing on the part of the "security officer" 
who is deluded into thinking that every machine on the Internet 
should validly have exactly one A record and a single PTR record. 
That ain't gonna happen. Not today, not ever. Example...do a lookup 
on ftp.apple.com, and you'll see that it points to 17.254.0.31, 
17.254.0.26, and 17.254.0.27. When you reverse those, you'll get 
ftp08., ftp06., and ftp07.apple.com. Lookup www.cnn.com, and you get 
5 IP addresses...only one of which should properly be reverse mapped 
to www.cnn.com ;-). Here's a few more:

alpha# nslookup pop3.mail.com
Name:    pop15.pr.outblaze.com
Address:  205.158.62.124
Aliases:  pop3.mail.com, mail-com-p3.pr.outblaze.com

reverse on this failed

alpha# nslookup pop.mail.com
Non-authoritative answer:
Name:    pop.mail.com
Address:  165.251.32.211

reverse on this produced 205-158-62-124.outblaze.com

Just some thoughts,
Mike
-- 
Bikers don't *DO* taglines.