Http://weibo.com/p/1001603804025475695045
I. Problem Source
Since our cloudxns system opened customer service QQ, the most asked question was: "Why does your system prompt that Mx and cname cannot coexist, but I don't have such a prompt when I use other domain name resolution systems?"
650) This. width = 650; "src =" http://ww4.sinaimg.cn/large/9304329dgw1eopayh7qbqj20qy0760t2.jpg "style =" border: 0px; margin: 0px auto; padding: 5px 0px; "alt =" 9304329dgw1eopay1_qbqj20qy0760t2.jpg "/>
Originally, many webmasters needed to use CDN, and most of the acceleration services provided the cname mode. At the same time, MX enterprise mail records must also be configured under the same node. Because many systems do not impose records mutex restrictions on Domain Name configuration management, it cannot work after we move to cloudxns according to our configuration habits in other systems.
Therefore, the above problem occurs.
Ii. Technical Analysis
RFC 1034 (http://tools.ietf.org/pdf/rfc1034) Section 3.6.2 states:
If acname RR is present at a node, no other data shoshould be present; this ensuresthat the data for a canonical name and its aliases cannot be different.
This means that if the cname resource record appears on a Domain Name node, to ensure that different resolution results are not displayed, this Domain Name node will no longer accept other record values.
Let's test it.
Assume that the following two records are registered for the DNS domain chinatesters.cn:
@ MX 10 mx.ym.163.com.
@ Cname fastweb.com.cn.
The following is the result of the dig query on the recursive server (the authorization server for this domain cannot be used:
The following is returned for querying the cname:
650) This. width = 650; "src =" http://ww4.sinaimg.cn/large/9304329dgw1eopb07iwftj20ox08twfz.jpg "style =" border: 0px; margin: 0px auto; padding: 5px 0px; "alt =" 9304329dgw1eopb07iwftj20ox08twfz.jpg "/> the returned result is:
650) This. width = 650; "src =" http://ww1.sinaimg.cn/large/9304329dgw1eopb0jun89j20pv09ejt0.jpg "style =" border: 0px; margin: 0px auto; padding: 5px 0px; "alt =" 9304329dgw1eopb0jun89j20pv09ejt0.jpg "/>
We can see that the MX record query result is inconsistent with the registration record above, and the MX record configured for its cname record value is the result of recursive query on the cname record.
However, if the ttl of the recursive server's cname record expires, the query will be performed again, but the query order will be reversed (that is, the MX record will be queried first and then the cname record will be queried) the expected results may be obtained.
To sum up, when the recursive DNS server queries a regular Domain Name Record (non-cname record), if the domain name already has a corresponding cname record in the local cache, this alias record is used to restart the query. In the preceding dig query MX record test example, this is the case.
Therefore, even though some domain name resolution system web pages do not limit users to enter both cname and MX, the above problems must exist as long as the cname and Mx are configured together, it may cause occasional exceptions in the mail service.
In fact, apart from cname and MX, domain name records registered with cname cannot be registered with DNSSEC (rrsig, nsec, etc) other types of records (including MX, A, NS, and other records ). The reason is the same as above. Here we will not demonstrate it one by one.
Iii. Solutions
The mutex settings and reminders of the cloudxns system on the standard record type fully comply with the DNS specification, but such a specification setting has caused some problems in domain name configuration.
However, careful Netizens found that cloudxns has an implicit cname extension record type (that is, link record), which can hide the current configuration and take over the results of the next layer directly. Therefore, cloudxns can also obtain a solution similar to "Configuring Mx and cname together.
As shown in, configure cname under WWW to the CDN service provider, configure Mx and link records under @, and use WWW as the domain name to be linked.
650) This. width = 650; "src =" http://ww4.sinaimg.cn/large/9304329dgw1eopb4u5izaj20r607kjs3.jpg "style =" border: 0px; margin: 0px auto; padding: 5px 0px; "alt =" 9304329dgw1eopb4u5izaj20r607kjs3.jpg "/>
Let's verify with DIG:
The query MX returns the following:
650) This. width = 650; "src =" http://ww4.sinaimg.cn/large/9304329dgw1eopb75aoq7j20ou08rmym.jpg "style =" border: 0px; margin: 0px auto; padding: 5px 0px; "alt =" 9304329dgw1eopb75aoq7j20ou08rmym.jpg "/> the query cname returns:
650) This. width = 650; "src =" http://ww1.sinaimg.cn/large/9304329dgw1eopbah1tr2j20r608utaa.jpg "style =" border: 0px; margin: 0px auto; padding: 5px 0px; "alt =" 9304329dgw1eopbah1tr2j20r608utaa.jpg "/>
Of course, this configuration will also cause occasional failure of the mail service.
Therefore, the cloudxns system is about to provide an ultimate solution to solve this problem perfectly! At that time, your mail service will always work normally and enjoy the pleasure of network acceleration.
We will launch the Network cloud security acceleration feature in the second week of June February 2015. This feature module will integrate some of the core content provided by our (@ Beijing Express Network) CDN service, it includes multiple acceleration and security protection functions, including access acceleration, website firewall, anti-leeching, anti-DDoS, and CC protection. At that time, you only need to give your domain name a switch to click, everything can rest assured.
Some pages are quietly disclosed:
650) This. width = 650; "src =" http://ww3.sinaimg.cn/large/9304329dgw1eopbbznky1j20rd0aojsf.jpg "style =" border: 0px; margin: 0px auto; padding: 5px 0px; "alt =" 9304329dgw1eopbbznky1j20rd0aojsf.jpg "/>
Iv. References
RFC 1034 English version: http://tools.ietf.org/pdf/rfc1034
Http://download.csdn.net/detail/weicq2000/4627738:
Why cannot cname and MX coexist?