I would choose a consistent approach across the entire environment. Both solutions work fine and will remain compatible with most applications. There is a difference in manageability, though.
I go with the short name as the HOSTNAME setting, and set the FQDN as the first column in /etc/hosts
for the server's IP, followed by the short name.
I have not encountered many software packages that enforce or display a preference between the two. I find the short name to be cleaner for some applications, specifically logging. Maybe I've been unlucky in seeing internal domains like server.northside.chicago.rizzomanufacturing.com
. Who wants to see that in the logs or a shell prompt?
Sometimes, I'm involved in company acquisitions or restructuring where internal domains and/or subdomains change. I like using the short hostname in these cases because logging, kickstarts, printing, systems monitoring, etc. do not need full reconfiguration to account for the new domain names.
A typical RHEL/CentOS server setup for a server named "rizzo" with internal domain "ifp.com", would look like:
/etc/sysconfig/network:
HOSTNAME=rizzo
...
-
/etc/hosts:
127.0.0.1 localhost localhost.localdomain localhost4 localhost4.localdomain4
::1 localhost localhost.localdomain localhost6 localhost6.localdomain6
172.16.100.13 rizzo.ifp.com rizzo
-
[root@rizzo ~]# hostname
rizzo
-
/var/log/messages snippet:
Dec 15 10:10:13 rizzo proftpd[19675]: 172.16.100.13 (::ffff:206.15.236.182[::ffff:206.15.236.182]) - Preparing to
chroot to directory '/app/upload/GREEK'
Dec 15 10:10:51 rizzo proftpd[20660]: 172.16.100.13 (::ffff:12.28.170.2[::ffff:12.28.170.2]) - FTP session opened.
Dec 15 10:10:51 rizzo proftpd[20660]: 172.16.100.13 (::ffff:12.28.170.2[::ffff:12.28.170.2]) - Preparing to chroot
to directory '/app/upload/ftp/SRRID'
I realize this question is pretty old but for anyone who may find it useful I'll mention what works for me:
- use CN to enter some human friendly name like "our cool JIRA server" ;-)
- enter san like this:
-ext san=dns:jira,dns:jira.example.com
BTW, you can also add IP addresses if you like. I personaly use the following for my development computer:
keytool -certreq ... -file server.csr -keystore server.keystore ... -ext san=dns:localhost,dns:myComputerName,ip:127.0.0.1,ip:::1
NOTE: I use java8 keytool; I hope this works in java7 keytool as well but I haven't tested it
Best Answer
It is legal in form 001.example.com, you can add a hostname 001 as a record on DNS server and you will be able to ping and work with 001.example.com, I'm not sure if any *nix service will fail to work with that, it is according to standards and they should all support it, but you will have problems when omitting the domain.
$ ping 001.example.com
Pinging 001.example.com [127.0.0.5] with 32 bytes of data:
For instance ping, traceroute and many other tools will for 001 return an IP representation of the decimal number, which in this case is 0.0.0.1
$ ping 001
Pinging 0.0.0.1 with 32 bytes of data: PING: transmit failed. General failure. PING: transmit failed. General failure. PING: transmit failed. General failure. PING: transmit failed. General failure.
Highest number you can go that way is 30064771070 which represents 255.255.255.254
ping 30064771070
Pinging 255.255.255.254 with 32 bytes of data:
$ ping 30064771071 Ping request could not find host 30064771071. Please check the name and try again.
For number 30064771071 it will fail as it represents 255.255.255.255, and for numbers 30064771072 and higher it will resolve to IP if the hostname exists, for smaller numbers it always tries IP representation of the decimal number
$ ping 30064771072
Pinging 30064771072 [127.0.0.4] with 32 bytes of data: Reply from 127.0.0.4: bytes=32 time<1ms TTL=128 Reply from 127.0.0.4: bytes=32 time<1ms TTL=128
There was a similar question on UNIX SE