DNS, Do A Record wildcards have priority over more-specific CNAMEs

cname-recorddomain-name-system

We have a wildcard set up to handle all subdomains for "example.com"

A RECORD: *.example.com points to 10.10.10.10

We have a more specific A record to handle a special subdomain (this works fine):

A Record: staging.example.com points 10.10.10.9

The problem we're having is we're migrating staging to a new hosting environment and we've been instructed to use a CNAME:

CNAME: new-staging.example.com points to proxy.heroku.com

We thought this would work. However, new-staging.example.com resolves to the top-level wildcard 10.10.10.10 and doesn't point to proxy.heroku.com.

What am I missing? Is this not possible? Or is this bad practice? Thanks,

Best Answer

The answer is generally "No" - the more specific record should win, so this should work as you described/expected. My guess is you have the wildcard A record cached somewhere, and need to wait for that cache to expire.

a quick test with BIND 9.6.2-P2/FreeBSD 8.1:
A zone containing the records:

example.net.                IN      A      127.0.0.2
*.test.example.net.         IN      A      127.0.0.1
specific.test.example.net.  IN      CNAME  example.net.

Resolves as follows:

% dig specific.test.example.net

; <<>> DiG 9.6.2-P2 <<>> specific.test.example.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 17222
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 2, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:
;specific.test.example.net. IN  A

;; ANSWER SECTION:
specific.test.example.net. 3600 IN  CNAME   example.net.
example.net.               3600 IN  A   127.0.0.2

;; AUTHORITY SECTION:
example.net.        3600    IN  NS  ns1.example.net.

;; ADDITIONAL SECTION:
ns1.example.net.    3600    IN  A   127.0.0.1

(Returns the CNAME)
and

% dig nonspecific.test.example.net

; <<>> DiG 9.6.2-P2 <<>> nonspecific.test.example.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 26980
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 2, ADDITIONAL: 2

;; QUESTION SECTION:
;nonspecific.test.example.net.  IN  A

;; ANSWER SECTION:
nonspecific.test.example.net. 3600 IN   A   127.0.0.1

;; AUTHORITY SECTION:
example.net.        3600    IN  NS  ns1.example.net.


;; ADDITIONAL SECTION:
ns1.example.net.    3600    IN  A   127.0.0.1

(Returns the wildcard A record)

Related Topic