Wildcard Support
A wildcard character is supported by Multihoming’s A records and AAAA records for resolving domain names. However, the wildcard character * can only be used without other character being involved. Mixture of a wildcard character and other ASCII characters, such as “*abc”, “abc*”, “a*bc” and “*.abc”, will not be accepted by Multihoming. A wildcard character matches the DNS queries for any hostname that is not stated in any NS record, primary name server, external subdomains and other A/AAAA records of a domain, and so that the specified A/AAAA policy matches.
For example, we have a domain example.com and its resource records as followings:
Primary name server=ns1, IPv4 Address=10.10.10.1
NS Record: Name Server=ns2, IPv4 Address=10.10.10.2
A Record: Host Name=www, To Policy=policy_www
A Record: Host Name=ftp, To Policy=policy_ftp
A Record: Host Name=*, To Policy=policy_wildcard
External Sudomain Record: Subdomain Name=subdomain1
NS Record of the subdomain: Name Server=ns3, IPv4 Address=20.20.20.1
Any DNS query for hostnames and subdomain excepting “www”, “ftp”, “ns1”, “ns2”, “subdomain1” and
“ns3.subdomain1” will match the wildcard A record and be answered according to the wildcard policy policy_ wildcard.
- Request for example.com will be answered with 10.10.10.1. l Request for ns2.example.com will be answered with 10.10.10.2.
- Request for subdomain1.example.com will be answered with 20.20.20.1. l Request for ftp.example.com will be answered by policy_ftp. l Request for www.example.com will be answered by policy_www.
- Requests for FQDNs such as example.com, abc.d.example.com and abc.d.e.example will be answered by policy_wildcard.
Note that wildcard character is not acceptable to records (NS, MX, TXT and etc.) except A/AAAA.
CName Record
CName (Canonical Name) records are used to alias one hostname to another, so that a host can be known by more than one hostname. The hostname of a host that is stated in an A/AAAA record is called the canonical name of the host. It always require an A/AAAA record for the host first to point an alias to the canonical name in a CName record then. An host can have multiple alias name, but an alias can only be assigned to one host.
| Alias | Alias name for a host. This field can be configured in two formats: a hostname (prefix) or a FQDN.
Hostname (prefix) Text string (dot characters within is acceptable) specified here that does not end with a dot character is regarded as a prefix of the alias name, and the base domain specified previously will be appended automatically to this prefix in Multihoming system backend. For example entering “www” or “www.abc” here, if you want to alias a target host1.example.com to www.example.com or www.abc.example. FQDN On the contrary, text string (dot characters within is acceptable) specified here that ends with a dot character is regarded as a FQDN of the alias name, and the base domain specified previously will not be appended to it in backend. For example entering “www.example.com.” or “www.abc.example.com.” here, if you want to alias a target host1.example.com to www.example.com or www.abc.example. |
|
| Target | Canonical name (the real name) of the host that you want to alias. This field can be configured in two formats: a hostname (prefix) or a FQDN.
Hostname (prefix) Text string specified here that does not contain a dot character is regarded as a hostname (prefix) of the target, and the base domain specified previously will be appended automatically to this hostname in Multihoming system backend. For example entering “host1” here if you want to alias host1.example.com to www.example.com. In this case, this name must be stated in an A/AAAA record first. FQDN Text string specified here that contains dot characters is regarded as a FQDN of the target (but text string that ends with a dot character is not acceptable), and the base domain specified previously will not be appended automatically to it in backend. For example entering “host1.example.com” here if you want to alias host1.example.com to www.example.com, or entering “host.otherdomain.com” here if you want to alias an external target host.otherdomain.com to www.example.com. This can be used to configure a CName record for DKIM signing. |
|
| TTL | Set the TTL (Time to Live) for the CName record. | |
CName record is a better way to manage alias for a real host than creating multiple A/AAAA records for it, but all the name resolving via CName records will be redirected to the only one A/AAAA record, which is applied to the one A/AAAA record policy. If a host is aliased through multiple A/AAAA records, different A/AAAA records might be applied to each of them.
DName Record
DName (Delegation Name) records are used to alias an entire subtree of a domain to another. An domain can have multiple alias, but an alias can only be assigned to one domain.
| Alias | Alias name for a domain. Note that domain name of the domain you are setting for will be appended to the value you specify here, to become the final alias name. For example, specifying the Alias field here with “another” in base domain example.com means you alias a domain (the domain you are required to set in Target field) to another.example.com. | |
| Target | Target domain that you want to alias.
For in-zone redirection, you should enter “example.com” for the target if you are setting the DName records in the base domain example.com. For example, queries for www.another.example.com will be redirected to www.example.com. For out-zone redirection, you could enter another domain name here such as “another.com” or others. Queries for www.another.example.com will be redirected to www.another.com then. Of cause, domain another.com must be delegated first. |
|
| TTL | Set the TTL (Time to Live) for the DName record. | |
SRV Record
| Service | Specify the symbolic name prepended with an underscore, for example, _http, _ftp or _imap. |
| Protocol | Specify the protocol name prepended with an underscore, for example, _tcp or _udp. |
| Priority | Specify the relative priority of this service (0 – 65535). Lowest is highest priority. |
| Weight | Specify the weight of this service. Weight is used when more than one service has the same priority. The highest is most frequently delivered. Leave is blank or zero if no weight should be applied. |
| Port | Specify the port number of the service. |
| Target | The hostname of the machine providing this service. |
| TTL | Set the TTL (Time to Live) for the SRV record. |
MX Record
MX (Mail Exchanger) record specifies a mail server responsible for accepting recipient email messages for your domain.
| TTL | Set the TTL (Time to Live) for the MX record. | |
| Host Name | The domain name that the mail servers are responsible for. This field can be configured in two formats: a hostname (prefix) or a FQDN.
Hostname (prefix) Text string (dot characters within is acceptable) specified here that does not end with a dot character is regarded as a prefix of the domain, and the base domain specified previously will be appended automatically to this prefix in Multihoming system backend. For example, if a mail server is responsible for the recipient emails such as user@mail.example.com, enter “mail” here. If the mail server is responsible for the recipient emails such as user@example.com, leave this field blank. FQDN Text string (dot characters within is acceptable) specified here that ends with a dot character is regarded as a FQDN of the domain, and the base domain specified previously will not be appended to it in backend. For example, if a mail server is responsible for the recipient emails such as user@mail.example.com, enter “mail.example.com.” here. If the mail server is responsible for the recipient emails such as user@example.com, enter “example.com.” here. |
|
| Priority | The priority of the mail servers. This value is used to prioritize mail delivery if multiple mail servers for a domain are available (Note that each mail server requires a corresponding MX record).The higher the priority is, the lower the number is. | |
| Mail Server | The host name of the mail server responsible for the domain specify in Host Name field. The host must be manually predefined in an A/AAAA record or a CName record. This field can be configured in two formats: a hostname (prefix) or a FQDN.
Hostname (prefix) Text string specified here that does not contain a dot character is regarded as a hostname (prefix) of the mail server, and the base domain specified previously will be appended automatically to this hostname in Multihoming system backend. For example entering “ms1” here if ms1.example.com is the mail sever responsible for domain mail.example.com or example.com. In this case, this name must be stated in an A/AAAA record first. FQDN Text string specified here that contains dot characters is regarded as a FQDN of the mail server (but text string that ends with a dot character is not acceptable), and the base domain specified previously will not be appended automatically to it in backend. For example entering “ms1.example.com.” here if ms1.example.com is the mail sever responsible for domain mail.example.com or example.com, or entering an external mail server “ms.otherdomain.com” here if it is responsible for domain mail.example.com or example.com. |
|
For example, to route emails for recipient user@mail.example.com to a mail server mail1.example.com, it requires the following A/AAAA record and MX record:
- A/AAAA record: Host Name=mail1, When=All-Time, Source IP=Any Address, To
Policy=Policy_A l MX record: Host Name=mail, Priority=10, Mail Server=mail1
If you want to route emails for recipient user@example.com to mail servers mail1.example.com and mail2.example.com, it requires the following A/AAAA record and MX record:
- A/AAAA record: Host Name=mail1, When=All-Time, Source IP=Any Address, To
Policy=Policy_A l A/AAAA record: Host Name=mail2, When=All-Time, Source IP=Any Address, To
Policy=Policy_B l MX record: Host Name=[blank], Priority=10, Mail Server=mail1 l MX record: Host Name=[blank], Priority=20, Mail Server=mail2
Mail server mail1.example.com has higher priority and is the more preferred for recipient emails user@example.com.
TXT Record (multiple TXT records on one hostname is allowed)
TXT (Text) record provides text information a host. The text can be used for a variety of purposes depending on what you’re using the TXT record for. For example, Sender Policy Framework (SPF) is one of the most common uses for TXT records. TXT records can also be used to describe a server, network, data center, and other accounting information by containing human readable information.
| TTL | Set the TTL (Time to Live) for the TXT record. |
| Host Name | The prefix of a domain name that the TXT record is used for. This field can be configured in two formats: a hostname (prefix) or a FQDN.
Hostname (prefix) Text string specified here that does not contain a dot character is regarded as a hostname (prefix) of the domain, and the base domain will be appended automatically to this hostname in Multihoming system backend. For example, if this TXT record is used for a domain mail.example.com, enter “mail” here. If the TXT record is used for base domain example.com, leave this field blank. FQDN Text string specified here that contains dot characters is regarded as a FQDN of the domain, and the base domain will not be appended automatically to this it in backend. For example, if this TXT record is used for a domain mail.example.com, enter “mail.example.com” here. If the TXT record is used for base domain example.com, enter “example.com” here. |
| TXT | Free form text data of any type or information in format <attribute name>=<attribute value> for specific purposes. For example using a TXT record for SPF to fight spam, you could specify “v=spf1 a:mail ip4:10.16.130.2/24 ~all” here, which means emails sent from domain IP 10.16.130.2/24 are effective, while emails sent from other IPs are assumed as spams. |
External Subdomain Record (available only in non-relay mode)
External subdomain records are used to delegate the responsibility for subdomains to other name servers, which means the responsibility for the administration of a subdomain (such as child) of the base domain (such as example.com) will be delegated to another management group (such as child.example.com). Multihoming (the name server of base domain example.com) is responsible for redirecting all the queries which end with child.example.com to the subdomain name servers.
| Subdomain Name | The prefix of the delegated subdomain. For example, if the delegated subdomain is child.example.com, enter child here. Note that this name can not be a duplicate of what is specified to the A/AAAA, NS, CName, DName or MX record in the base domain. | |
| NS Record | Specify the external name servers that the subdomain is delegated to. The NS records here will point the subdomain to the responsible name servers. Note that Multihoming only answers the IP addresses of external name servers authoritative for the subdomain to the queries for anything in the subdomain. So please have the external name servers (another machines) configured and online first. If the name servers authoritative for the subdomain is not a FortiWAN running Multihoming, inbound load balancing is not available for the subdomain. | |
| Name Server | Hostname (prefix) or FQDN of the external name server authoritative for the subdomain. Enter “ns1” or “ns1.child.example.com.”, if the name server’s FQDN is “ns1.child.example.com” for example. See section NS Record above for details. | |
| IPv4 Address | IPv4 address of the name server. | |
| IPv6 Address | IPv6 address of the name server. | |