blog.anta.net / DNS fortune cookies

Third parties are unlikely to keep any caching name servers open for the public indefinitely.
SMTP does not allow a CNAME alias in a mail address.
If there is no MX record for a domain, but an A record exists, mail will be sent according to the latter.
If your provider’s caching name servers have problems, you can often circumvent them by running your own server.
Private IP addresses should never show up on the public DNS.
Windows machines may use Windows name resolution protocols.
If you ask for help regarding your DNS setup, don’t obscure its details.
BIND will run on Windows, usually quite easily.
example.com and www.example.com are different domains.
The hostmaster email address for a domain can be found in the SOA record.
Domain names are case-insensitive.
hosts files precede the DNS, both historically and in the context of individual name resolution attempts.
Consumer-grade IP connections are usually configured using DHCP.
Malware might mess with your resolver settings and hosts file.
When registering a domain, always make sure you are the administrative contact and registrant.

By default, modern versions of BIND send their queries from ephemeral ports. This can be tuned using the query-source option.
If your firewall logs record incoming 53/udp packets from your provider, those are likely responses to your own DNS queries.
If your reverse DNS doesn’t work, you will experience problems using certain network services.
The AA flag indicates an authoritative response. If the flag is not set, usually the response is cached.
Subdomains are delegated using NS records, but might also need glue A records.
When updating zones, remember to increment the serial number and to reload.
When troubleshooting connection problems, check name resolution separately from IP connectivity.
In order to host your own domains, you should have at least two name servers in separate locations.
Mail or web traffic will never go through using NS delegation alone.
Contact information for domains and networks can be found using whois.
Relying on “dynamic DNS” for incoming mail is reckless.
If in doubt, use your provider’s name servers to host your domains.
If you want to change your reverse DNS name, contact your network service provider.
The BIND version number might be found in the version.bind. CH TXT record.

The DNS cannot redirect web requests to a URI path.
Slaves check their masters’ serial number whenever either the refresh timer fires, or the slave receives a notify message.
You can use the * wildcard character on the left hand side of a record.
@ stands for the current origin.
You cannot have both CNAME and other data for the same name.
It is often a good idea to separate one’s caching servers from one’s authoritative servers.
No default TTL set using SOA minimum instead means that you need to put e.g. $TTL 1D at the top of the zone file.
mail loops back to me (MX problem?) means that the mail server does not recognize the domain as local.
The default origin concept allows you to serve identically configured domains from one zone file.
When you do not want search list entries to be appended, put a dot at the end ot the domain name.
Master servers should be placed so that zone updates are convenient to perform. Slaves should be placed near their users.
BIND will choke on Microsoft WINS or WINS-R records. These should therefore not be included in zone transfers.
When nslookup complains ***Can’t find server name for address, reverse DNS for your name server is probably broken.
There is nothing magic about names such as mail or www.
Set new authoritative name servers up as slaves. Promote them to masters later, if necessary.

Use high SOA timer values whenever possible.
Use low TTL values when anticipating changes.
When you redelegate a domain, make sure the old delegate removes your zones.
The DNS is defined in publicly available RFC documents.
If you make your WINS servers show dynamic leases in the DNS, do not have static records for those same entries.
Every DNS server should be authoritative for 0.in-addr.arpa, 0.0.127.in-addr.arpa, 255.in-addr.arpa and localhost.
You should have exactly one PTR record per IP address.
Junk mail has killed the usefulness of remote backup MX servers.
Do not make your servers masters for domains or networks that are not entirely yours.
BIND views will allow you to return different (such as internal vs. public) data for the same zone depending on the client’s address.
Reverse DNS for IP addresses in one network might point to names in multiple domains. A records for names in one domain might point to IP addresses in multiple networks.
Consider giving organizational units their own subdomains to administer, at least for internal use.
Thou shalt not chain CNAMEs.
Reverse pointers have no bearing on whether a name is fully qualified.

blog.anta.net