Experienced DNS Admins please help me understand…
I run a small DNS server in a development environment that runs resolution for at most 5 domain names at any one time. My question stems from a discussion here: What's the difference…
My question is this:
- What should I use when I have a
domain name and at least one
subdomain pointing to that domain?
One Answer is this:
- I argue that the appropriate
solution to this is to use Cnames.
This will allow me to change an IP
address once and affect multiple
hosts names (the cnames) at the same
time. This will help me keep things
uncomplicated. This will also make
managing TTL records much more
straight forward and reliable. I am
prone to making mistakes so this
will also limit my chances of making
mistakes.
Another Answer is this:
- Others argue that queries will be
speed up by using A Name records (I
don't necessarily argue against that
fact).
I know that either will work but the adopted standards based on the RFCs for DNS lead me to believe that we should use Cnames and A Names correctly and were appropriate. Rules can be broken, but what's the point if you can't rely on them.
Please only respond to this question if you run a large DNS server or have experience doing so. Otherwise don't expect your opinion to change my opinion. I've been told that it's all a matter of personal preference and I'd like for this to be otherwise.
Forgive me if you believe I'm belaboring a very old point.
Best Answer
ok, the answer is hidden in your question:
Usually DNS lookups are done rarely, and are cached in the app anyway or on the requesting system. So, this 'speed up' argument is just hypothetical.
I run reasonably large DNS infrastructure that locally serves several thousand hosts with over 300 different domains.
I keep A records to a minimum and use CNAMEs whenever possible and when it makes logical sense. Rule of thumb is: A record only for the primary interface for the node, and that which need reverse resolving to it as well. Everything else (like services running on the server) is a CNAME.
Reason for not having multiple A's ais also that you'd expect (not a requirement though!!) to have a corresponding PTR. But you can't if you only have 1 IP.
in other words:
is ok, but
is not so (in fact you don't really want to have the last entry!)
but then again, it is really a matter of common sense and preference, there are no hard rules.