CNAME okay for primary DNS record

domain-name-system

I've setting up a Hosting service, as part of that service I need to automatically create DNS records in our nameservers for all the domains hosted.

Currently I'm using the following template:

;
; [USER] - [DOMAIN]
;
$TTL    604800
@    IN    SOA    [PRIMARY-NS].    [NS-ADMIN]. (
                       [SERIAL] ; Serial
                           10800 ; Refresh
                            3600 ; Retry
                         1209600 ; Expire
                           43200 ; Negative Cache TTL
)
;
@    IN    NS    [NS1]. ; Nameserver
@    IN    NS    [NS2]. ; Nameserver
@    IN    A     [SERVER-IP] ; Primary IP
*    IN    A     [CATCH-ALL-IP] ; Catch-all IP
@    IN    MX    0 mail

What I'm interested in knowing is, if I replace the primary A record statement with a CNAME to that server's DNS entry – will there be any adverse affects? This would make IP management on my servers far easier as I would only need to update one DNS record.

@    IN    CNAME     [SERVER-DOMAIN-NAME]
*    IN    CNAME     [SERVER-DOMAIN-NAME]

Is this a good idea? Or will this only cause trouble for DNS lookups on those records?

Best Answer

No, you can't do

@ IN CNAME ...

because the CNAME record type isn't allowed to co-exist with the (required) SOA and NS records that you have to have at your zone apex (or any other resource record type, for that matter, except for DNSSEC-related records).

See s3.6.2 of RFC 1034:

If a CNAME RR is present at a node, no other data should be present; this ensures that the data for a canonical name and its aliases cannot be different. This rule also insures that a cached CNAME can be used without checking with an authoritative server for other RR types.

Related Topic