It's not *required*. But see below.
These days, many folk try to reach websites by typing just the bare
domain name without the "www" prefix.

If a user types "bob.tld" into a browser, the browser will issue an
address lookup for "bob.tld", causing the resolver to ask for A and AAAA
records for "bob.tld". If you don't have an A record at the zone apex,
the browser will not get back any address and display an error message
for the user. An alert user might try "www.bob.tld" but most users are
likely to just give up.

So while it's not *required* to have an address record at the apex, it's
good practice to have one.

Anand

At this stage one still needs A records to be reachable by everyone. One should also ensure you are reachable over IPv6 as lots of the world behind IPv6 only links as their ISPs don’t have enough IPv4 addresses for every one. Instead they have to use some form of IPv4 as a service which is significantly more expensive to operate compared to straight routers.
--
Mark Andrews

Would the lack of A records affect pointer records? Seems like it would.


Jim

"If you always do what you always did you will always get what you always got."

-----Original Message-----
From: bind-users <bind-users-***@lists.isc.org> On Behalf Of Mark Andrews
Sent: Thursday, July 9, 2020 8:56 AM
To: @lbutlr <***@kreme.com>
Cc: bind-users <Bind-***@lists.isc.org>
Subject: [Non-DoD Source] Re: Dumb Question is an A or AAAA record required?

All active links contained in this email were disabled. Please verify the identity of the sender, and confirm the authenticity of all links contained within the message prior to copying and pasting the address to a Web browser.




----

At this stage one still needs A records to be reachable by everyone. One should also ensure you are reachable over IPv6 as lots of the world behind IPv6 only links as their ISPs don’t have enough IPv4 addresses for every one. Instead they have to use some form of IPv4 as a service which is significantly more expensive to operate compared to straight routers.

--
Mark Andrews
_______________________________________________
Please visit Caution-https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

ISC funds the development of this software with paid support subscriptions. Contact us at Caution-https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-***@lists.isc.org
Caution-https://lists.is

Only CNAME is perfectly fine, except if you want the site work without the www-prefix like someone already pointed out. Of course there must be A record for that name where the cname points to somewhere, but I read the question that this is not your concern.

Jukka

-----Alkuperäinen viesti-----
Lähettäjä: bind-users <bind-users-***@lists.isc.org> Puolesta @lbutlr
Lähetetty: 9. heinäkuuta 2020 14:22
Vastaanottaja: bind-users <bind-***@lists.isc.org>
Aihe: Dumb Question is an A or AAAA record required?

Given a domain that is hosted and used for email and web, is an A record for that domain actually required?

That is, if bob.tld is hosted by example.com can you simply have

NS ns1.example.com
NS ns2.example.com
MX mx.example.com

www CNAME www.example.com

Without specifying

A 11.22.33.444

(I am pretty sure this is *technically* allowed, but is it really OK to do or are there reasons not to do this?)



--
And there were all the stars, looking remarkably like powered
diamonds spilled on black velvet, the stars that lured and
ultimately called the boldest towards them…

_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-***@lists.isc.o

pointer records are independent on A/CNAME records and irelevant in thie
case.

On a related issues there were (perhaps long ago) issues if the A record
for a domain had an SMTP server on it, where email could sometimes be
delivered to that A record rather than the MX. I had (again long ago:
10-15 years) actually seen this occur.

Do people think that this problem could still occur these days? What sort
of transient (presumably DNS) failure might cause an SMTP server to deliver
to A rather than MX?

Best wishes,
Matthew

------

Missing MX, there’s actually syntax accepted by major SMTP servers to disable SMTP for domain:

example.com. MX 0 .

Ondrej
--
Ondřej Surý — ISC

If there is MX record for a domain, a MTA MUST only use MX record when
delivering to that domain.

If there is no MX record for a domain, but an A record is available, MTA
uses default MX with preference of 0 pointing to that A records.

This is how it's defined to work, this is not "an issue about that".
the only DNS failure that could cause this (and I can think of now) is if
DNS server incorrectly returned NODATA for MX record (effectively saying
there's no MX).

Many spammers send in addition to MX to A records, if available. Still, it is a good practice to not to publish an A record for the mail zone, if not specifically needed for something else. Of course if it points to somewhere else than the receiving SMTP server, not much harm done mail-traffic-wise.


Jukka

-----Alkuperäinen viesti-----
Lähettäjä: bind-users <bind-users-***@lists.isc.org> Puolesta Matthew Richardson
Lähetetty: 9. heinäkuuta 2020 16:06
Vastaanottaja: bind-users <bind-***@lists.isc.org>
Aihe: Re: Dumb Question is an A or AAAA record required?

On a related issues there were (perhaps long ago) issues if the A record for a domain had an SMTP server on it, where email could sometimes be delivered to that A record rather than the MX. I had (again long ago:
10-15 years) actually seen this occur.

Do people think that this problem could still occur these days? What sort of transient (presumably DNS) failure might cause an SMTP server to deliver to A rather than MX?

Best wishes,
Matthew

------
_______________________________________________
Please visit https://lists.isc.org/mailman/listinfo/bind-users to unsubscribe from this list

ISC funds the development of this software with paid support subscriptions. Contact us at https://www.isc.org/contact/ for more information.


bind-users mailing list
bind-***@lists.isc.org
https://lists.isc.org/mailman/listinfo/bind-users

Note that *delivery* will only happen if that A record were actually
listening on tcp/25 and accepting SMTP connections. No-one should be
opening up the SMTP port on a server meant to serve only HTTP(S)
traffic. Anyone who does that deserves what they get for making such
poor decisions.

Anand

why should it be a good practice not publish an A record?

nothing better can happen than a spammer trying the wrong server at all
as you don't accept random unauthenticated inbound mail on random machines

My question is raised because of such "poor decisions" by certain web
hosting providers (naming no names!) whose provisioning systems require
records for both www and the domain root pointing to their systems, and
where those systems DO LISTEN on port 25.

In these modern days, should one be concerned about this for a domain where
the MX records point to proper enterprise grade email services? The
problem is that the web hosting provider's poor decision might interfere
with the enterprise email system.

I think Matus may be correct that this is only an issue if the MX query
returns NODATA rather than timing out. In the old days (10-15 years ago),
I think a timeout may have triggered the failback from MX to A, but I am
not sure.

Best wishes,
Matthew

------

Very soon you will be able to specify HTTPS records. BIND has a implementation that is just waiting for the draft to go to the RFC editor. The type codes are already allocated.

This still requires clients to lookup the records but the browser vendors are on board.
--
Mark Andrews

There was a point in time when the big web browsers would try connecting
to www.<domain>.<tld> if connecting to <domain>.<tld> failed.

I don't know what the current state of affairs is.