no-www.org
For several years, I’ve been trying to convince web surfers and domain owners that the “www” that prefaces most web addresses is now completely unnecessary. The practice of putting “www” before domain names for web pages was started in the early nineties to help web browsers distinguish HTTP-protocol web pages from other protocols such as gopher, ftp, etc. All modern browsers assume that you want to use the http protocol unless you specify otherwise, so the “www” is not necessary. Unfortunately, the vast majority of corporate marketing departments (probably out of ignorance) are still plugging their respective domain names prepended with www. Along with that is the fact that *many* clueless webmasters/sysadmins out there will only serve up their website of you go to the “www” form of their domain name. Ugh.
Anyway - all that to say that I stumbled across no-www.org yesterday. They’re on a campaign to do away with the scourge that is www. My website now validates as a “Class B” no-www site. This means that if you accidentally happen to visit www.andersonfam.org, you’ll get politely redirected to andersonfam.org.
I agree the whole adding www to the beginning of everything is ridiculous, thus stuff like http://www.bethelnet.bethel.edu (which I guess even got missed in the redesign way back) where it doesn’t redirect directly but tells the user. That said, the Internet != the www (it’s not even anywhere close to the biggest use), and a domain name != the http://www. I think there’s a good reason for having a http://www.domain hostname for the very legitimate reason that the domain name itself may point to a non-web machine. They even say that on their site, but the title and spirit is to drop it completely. They think there should at least be a redirect on the base domain, which I’d say isn’t always appropriate either. If browsers implemented something like srv (like xmpp) or mx (like smtp, although adding another type would be a mess), then I could see that the base domain should have a web service listed (provided the domain should even be valid for the web). They do seem to more be on the “pick one address” drive than anything, which is definitely a good goal.
Doesn’t Logic’s site require the WWW? Who’s the webmaster anyway?
http://logicpd.com/
It requires it from inside our firewall. This is due to an unfortunate decision made by the person who set up Active Directory here. They chose “logicpd.com” as the active directory domain, which conflicts with the external logicpd.com DNS domain. The ramifications of this is that internally, due to Active Directory’s limitations, “logicpd.com” has to resolve to the IP address of the domain controller. Externally, though, you can leave the www off and it’ll work fine.
I see. I didn’t realize it had anything to do with active directory. However, I’m not completely sure that I understand how choosing “logicpd.com” as the active directory domain conflicts with the “logicpd.com” DNS domain. It seems to me like that’s the right way to configure it (they’re the same thing), but I know nothing about active directory.
I think technically if you don’t have any non-Windows based machines that need to access the domain DFS and you don’t have any pre-2000 machines that need to use AD, you don’t need the domain controllers as A records for the root of the domain. I know from lots of tcpdump troubleshooting that they don’t even attempt to look up the A records on login. See Integrating Windows 2000 DNS into an existing…DNS namespace for some info on what’s really required for it to work. I’d say test it first before trying to push the records elsewhere.
Just don’t run a web server on the DCs.
Though they don’t access A records on login, they do when joining a computer to the domain. Once you’re joined to the domain, it knows where the DC is.
Erik is correct that it is unavoidable if you use the same name. A better naming convention, IMO, is to use .int instead (e.g. logicpd.int) for the AD domain name.
I’m curious about that, as I know some schools have done AD on the primary domain namespace without having those records added. Can you point me to an example of a join combination where it’s needed (other than pre-2000)? Everything I’ve seen just points to the _srv records and the A records for the DC. They specifically say “Net Logon registers the following DNS A records for the use of LDAP clients that do not support DNS SRV records (that is, clients that are non-SRV-aware). Locator does not use these records.” (from here) I also just captured a join attempt for W2K (attempt as it can’t reach the domain currently), and it went straight for looking up SRV _ldap._tcp.dc._msdcs.domainname, and then tried to look up the A records for the DCs but not the domain itself. I also pulled up example docs from MS about how to delegate just the necessary subdomains to share a DNS domain with non-AD servers, and the example root domain config doesn’t have any A records for the origin. None of their troubleshooting stuff mentions those records either.
Of course none of this takes into account that MS doesn’t recommend sharing domains and says the AD names shouldn’t even resolve from the Internet (although they do imply it should be a real DNS suffix that’s controlled)… I’m interested in how far it can be pushed though. I may have to set up a test forest to play with it a bit.