mbkitmgr
asked on
A Record significance
I am trying to clarify what function the A record performs in the following scenario
I have a client who owns the domain name xyz.com.au.
They run on prem exchange, use remote access from outside for contractors and staff, and connect to gov't entities to access data. They have another party who developed their website.
I registered the domain name for the client, and set up DNS entries for MX, WWW etc, with only the WWW A record pointing to a different IP Address
The website developer is demanding the A record for the domain be pointed at the third party webserver hosting the website. Why? is it important to him that the generic A record for the domain point to the webserver? What am I not understanding about his request and what are the consequences.
I assumed that all external non www requests should go the main gateway.
I have a client who owns the domain name xyz.com.au.
They run on prem exchange, use remote access from outside for contractors and staff, and connect to gov't entities to access data. They have another party who developed their website.
I registered the domain name for the client, and set up DNS entries for MX, WWW etc, with only the WWW A record pointing to a different IP Address
The website developer is demanding the A record for the domain be pointed at the third party webserver hosting the website. Why? is it important to him that the generic A record for the domain point to the webserver? What am I not understanding about his request and what are the consequences.
I assumed that all external non www requests should go the main gateway.
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
HI and thanks for the comments.
I was traditionally happy to have the naked domain point to a 3rd parties webserver rather than the external gateway of a clients WAN/LAN for two reasons
The website developer is having a bit of a meltdown because I have asked him to clarify why the naked domain to the website host IP. The real issue is that since he came on board 2 yrs ago, we've had to change the naked domain IP several times to address problems with the website access. The client has SSL/Encrypted connections to Gov entities for data exchange and we keep having issues with SSL from those GOV and healthcare providers looking at his web server for the certs instead of our cert authority, which as you can guess messes up the process.
In essence he was welcome to it but I feel this is a case of "for the greater good of the whole I.T. Infrastructure we should leave the naked domain poiting to the clients gateway".
As for the SSL looing at the wrong server, thats a whole separate issue, one that I am gathering data as it happens
I was traditionally happy to have the naked domain point to a 3rd parties webserver rather than the external gateway of a clients WAN/LAN for two reasons
- to "catch" those who dont type in the WWW. prefix
- It was one less "advertisement" of the clients external gateway IP and hence invite to some degree, those who would scan the IP to detect the firewall or device/s behind it with the intention of looking for vulnerabilties.
The website developer is having a bit of a meltdown because I have asked him to clarify why the naked domain to the website host IP. The real issue is that since he came on board 2 yrs ago, we've had to change the naked domain IP several times to address problems with the website access. The client has SSL/Encrypted connections to Gov entities for data exchange and we keep having issues with SSL from those GOV and healthcare providers looking at his web server for the certs instead of our cert authority, which as you can guess messes up the process.
In essence he was welcome to it but I feel this is a case of "for the greater good of the whole I.T. Infrastructure we should leave the naked domain poiting to the clients gateway".
As for the SSL looing at the wrong server, thats a whole separate issue, one that I am gathering data as it happens
If you have a website that redirects www to the naked domain, then the situation above becomes much more problematic.