DNS – Multiple A Records vs Single A Record with CNAMEs

domain-name-system

Lets say I have a webserver, called 'www'. www.example.com resolves to the IP address of that machine. Then I wanna make some virtual hosts, and DNS records for them, like webmail.example.com.

For 'webmail', should I put in an A record with www's IP address, or should I do a CNAME to www?

What's 'cleaner?, more robust? better?

Best Answer

There are two alternate views of this question, and it's one that is ultimately going to be debated forever. I'm not going to give my opinion (because I'm torn myself), but the general arguments each way typically are:

You should define A records for your physical machines, and then CNAME services onto those machines. This does make it rather clear as to what is what, and in the event that you need to renumber there's not a lot of records to change -- just the machine records. On the other hand, it does increase your DNS lookup load somewhat, and "auxiliary" IPs (think SSL vhosts) don't fit neatly into this model.
The literal meaning of "canonical name" (CNAME) is to define strict aliases of the same name (think mail and smtp), and if you have multiple services running on the same machine they should all have A records, because it reduces load on DNS and some services (NS records and, to a lesser extent, MX records) really aren't impressed with dealing with CNAMEs, so if you have to handle those services differently anyway, we may as well do it for everything.

Related Solutions

Setting up DNS records for a shared host

Addressing 1 and 2: In most cases, I would recommend doing a single "A" record for the actual IP associated with the box and CNAME everything you need to that. If you are going to have a lot of somethings.example.com, I would make use of a wildcard entry

example.com     A      192.168.0.1
*.example.com   CNAME  example.com

The benefit being that you don't have to do a lot of DNS maintenance as whatever .example.com you use will already match. You just let apache figure out what to do with it based on the name given. This would result in 2 look-ups, and I would only do many CNAMEs to one A, and not try doing CNAME->CNAME. Additionally MX records must only point to an A record name.

If you ever need to break a vhost off to its own IP addres, you can then just add an "A" record for that one host and the most-specific answer will win.

example.com     A      192.168.0.1
*.example.com   CNAME  example.com
new.example.com A      192.168.0.2

How are DNS PTR records managed

or are they stoerd in separate zones?

Separate zones, one per old C network (last byte in the octet).

What stops me from adding a PTR record saying that resolves to say gmail.com?

Nothing. But as this is not used exceptt for nice pings or some email validity checks, you achieved nothing. people will still go to gmail when they type in gmail.com. All people now see is gmail.com in a traceroute, nothing else.

The one real use for this is smtp - the HELO string given in SMTP should match the PTR record name given. Basically the server must say it is who the ptr record says it is. Note that it can still accept emails for other domains.

Best Answer

Related Solutions

Setting up DNS records for a shared host

How are DNS PTR records managed

Related Topic