# Naming hosts on a standalone server



## Gambler (May 20, 2009)

This is something I was wondering about for a long time. I'd say it's not uncommon (especially with the advent of VPS/VDS) to have one machine to perform as a web server, FTP server and mail gateway for a single website.  However, most manuals or other documents imply that you have separate physical machine for each of those tasks.

My question is, how do you name stuff in a single-server environment?

There is a hostname variable in /etc/rc.conf. It is used as a default in many places. Plus, there are host names (or IPs) you use in Apache configs. Plus, there are DNS records. Plus, there is mail server configuration. How do you deal with all of these?

Let's assume we have example.org domain registered.

1. Would you use http://www.example.org as you hostname in rc.conf, or would you make a name separate from common aliases, e.g. bsd1.example.org?
2. Apache virtual hosts have one host name and several aliases. Usually I use http://www.example.org as a host, and example.org as an alias. Are there any problems with reversing those?
3. Would you make a DNS record for mail.example.org pointing to the same machine?
4. What are advantages and disadvantages of using DNS wildcards instead of naming every single host explicitly?

There are few iron-clad rules in naming, and many setups will work, but I suspect some of them will work better than others. So it would be interesting to hear about your naming schemes.


----------



## SirDice (May 20, 2009)

Gambler said:
			
		

> Let's assume we have example.org domain registered.
> 
> 1. Would you use http://www.example.org as you hostname in rc.conf, or would you make a name separate from common aliases, e.g. bsd1.example.org?


I'd use a seperate hostname and CNAME www to it.



> 2. Apache virtual hosts have one host name and several aliases. Usually I use http://www.example.org as a host, and example.org as an alias. Are there any problems with reversing those?


No problems changing those.



> 3. Would you make a DNS record for mail.example.org pointing to the same machine?


Yes, again use mail as a CNAME to the real hostname



> 4. What are advantages and disadvantages of using DNS wildcards instead of naming every single host explicitly?


Can't really tell you this but wildcards will turn thisisabogushostname.example.org to the same server.


----------



## DutchDaemon (May 20, 2009)

Note: MX records must not point to a CNAME, so if you're using mail.example.org in MX records, make mail.example.org an A record. Using wildcards in DNS is totally discouraged, as spammers will take advantage of it and use 'fantasy hostnames' on your domain in sender addresses.


----------



## trev (May 20, 2009)

DutchDaemon said:
			
		

> Note: MX records must not point to a CNAME



For a detailed rebuttal of that absolute statement, see:
http://www.mengwong.com/misc/rfc1912-is-wrong.html

That said, I notice I setup A records for the MX entries in my domain's DNS  I think I can blame the Bat book for that.


----------



## vivek (May 20, 2009)

> 4. What are advantages and disadvantages of using DNS wildcards instead of naming every single host explicitly?


Run multiple website w/o creating dns entry. For e.g. support.example.com, forums.example.com, wiki.example.com and so on. Some software such as Wordpress MU needs subdomain to install each new users blog, so you need wildcard DNS entry.


----------



## Gambler (May 20, 2009)

Already some interesting info here.

Speaking of naming and spam, what would you use in a reverse DNS record for the IP of the server (still assuming it's a mail/ftp/www/etc server)?


----------



## DutchDaemon (May 20, 2009)

Doesn't really matter, as long as A record and PTR record match. I normally use the real $HOSTNAME for PTR in case of multiple A records.


----------



## SirDice (May 20, 2009)

Gambler said:
			
		

> Speaking of naming and spam, what would you use in a reverse DNS record for the IP of the server (still assuming it's a mail/ftp/www/etc server)?


Even without spam it's good netiquette to be able to reverse resolve an IP address.

Don't check if the sending mailserver has an MX record though. Most big companies split ingress and egress mailservers. Only ingress mailservers have an MX record. Egress servers don't, they can't receive anything so why would they need an MX record.


----------



## mwatkins (May 20, 2009)

Gambler said:
			
		

> My question is, how do you name stuff in a single-server environment?



Not differently than in a multi-server environment.

My convention (everyone will have their own style depending on need and preference) for public facing, mostly web/mail hosting, servers is to:

1) Choose names from a series; if the last server was based on vegetables, maybe the next is based on grains or fruits. Streetnames in a city is a good source. I like to keep the names logically different from machine to machine; others like to name all their "real" hosts in a series.

2) request and get PTR records using the forementioned names for all IP's real and aliased hosted on the server

3) The rest depends on whether the server is running jails or not. Now that we have more than one IP address permitted in a Jail, I expect every new server I config to run jails.
i) If the server is not running jails: the primary (real) IP address will be assigned to a mail server, if one is running; the mail server (always Postfix here) will be bound to only this address; 
ii) With Jails, if the machine has to also run a vanity DNS I give it the first two aliased IP's; mail gets the next; web and/or user accounts get the following.




> There is a hostname variable in /etc/rc.conf. It is used as a default in many places. Plus, there are host names (or IPs) you use in Apache configs. Plus, there are DNS records. Plus, there is mail server configuration. How do you deal with all of these?



I document where I've allocated IP's in each machine's /etc/rc.conf where the real and aliased IPs are defined. One nice thing about using Jail is that single-IP jails do simplify the application level IP maintenance issue - they can only bind to one externally visible (plus the loopback in some cases) IP.

On jail-less machines, which I really believe will be few and far between for me going forward, I make notations in /etc/rc.conf as to which apps are bound to what. 



> Let's assume we have example.org domain registered.
> 
> 1. Would you use http://www.example.org as you hostname in rc.conf, or would you make a name separate from common aliases, e.g. bsd1.example.org?



No, just to be clear. Apache is just one application; I see no reason to tie the primary hostname to one application (and infer one protocol via "www"). Instead I'd use whatever name the primary IP was given on a whim (and has a PTR) i.e. plum.foo.com;



> 2. Apache virtual hosts have one host name and several aliases. Usually I use http://www.example.org as a host, and example.org as an alias. Are there any problems with reversing those?



Both are assigned A records; my web server configuration for most users strips any requests for "www...." by doing a permanent redirect to the hostname without the www prefix. Some clients/users prefer otherwise, but not many. We don't need to assign special hostnames just to get a HTTP protocol, so why bother in this day and age? Plus it makes for shorter urls.



> 3. Would you make a DNS record for mail.example.org pointing to the same machine?



Outbound, the mail server is bound to whatever IP and therefore PTR I've assigned it. 

Inbound... it depends. On machines that serve SMTP to "users" as opposed to other mail hosts, I'd create smtp.host-or-domainname.tld; when that is not the case I tend to lean to using mx|mx1.host-or-domainname.tld depending on the need. If I have a surplus of IPs I'd prefer to have POP/IMAP bound to another IP distinct from the MX IP, and assign that a name of mail.host-or-domainname.tld. Users are less likely to confuse the "mx" host with something else they should rather care about.

Make sure your mail server is really only bound to one IP address with one hostname - make it unambiguous. A certain amount of almost always not well intended traffic will show up on every IP looking for port 25 open. Real mail traffic should only go to your defined MX host(s).


----------



## Gambler (May 22, 2009)

I recently bought a VPS server for my own projects outside of work. Made me re-read several chapters in DNS and Bind book I had. (Hence the questions.) The more I read, the less I like it.

Let me try to summarize the DNS config for the hypothetical server:

This is a conservative configuration:

```
IN A 123.45.67.8
bsd       IN A 123.45.67.8
mx        IN A 123.45.67.8

www       IN CNAME bsd.example.org.

          IN MX mx.example.org.
```
PTR record would have mx.example.org. as its target.

A much more elegant, but probably problematic config:

```
bsd       IN A 123.45.67.8

          IN CNAME bsd.example.org.
www       IN CNAME bsd.example.org.
mx        IN CNAME bsd.example.org.

          IN MX mx.example.org.
```
PTR record would have bds.example.org. as its target.

I'm guessing this won't work for mail, but I'm willing to try it, just to see what happens. Technically, reverse DNS should resolve to an address that resolves to the IP that matches the IP of the mail server. I guess in the worst case scenario I will just use bsd.example.org. as a name for mail server, or ask to change PTR record again.

...

The reason some hosts might still use archaic www. prefix is because of wildcard SSL certicicates. IIRC, those don't work on a domain name without any host. Hence, a small company can use a single certificate for webmail.example.com and http://www.example.com, but not for example.com. That's the only reason I can think of. Shorter names are all round better otherwise.


----------

