DNS, should I be using A instead of CNAME

domain-name-systemhostingmx-recordreverse-dns

I'm doing a big reshuffle of our websites and hosting, moving about 10 domains to a new server. In doing so I had to make some changes to the DNS, pointing all of the domains at the new server.

Instead of pointing all of the DNS records at the IP address if the server I used a CNAME entry to point them at an A entry for the IP adress… if that doesn't make sense take a look at this:

mycompany.com
server1 A 12.34.56.78

domain1.com
@   CNAME server1.mycompany.com.
*   CNAME server1.mycompany.com.
www CNAME server1.mycompany.com.

domain2.com
@   CNAME server1.mycompany.com.
*   CNAME server1.mycompany.com.
www CNAME server1.mycompany.com.

domain3.com
@   CNAME server1.mycompany.com.
*   CNAME server1.mycompany.com.
www CNAME server1.mycompany.com.

etc...

Hopefully you'll see what I'm trying to do, to keep things tidy I have set a single A record to the servers IP address, and used CNAME records to point all of the other domains to it. This means if the IP has to change I only have to change it once, it also means I can easily tell where each record is pointing to, as some point to server2.mycompany.com and server3.mycompany.com etc.

Now we had a problem with our email this morning, whereby a recipient email server could not authenticate our mail server, email was rejected. I changed the @ record on our mail.domain1.com domain from CNAME server1.mycompany.com to the IP 12.34.56.78 and the email was sent successfully.

Question, despite being nice and readable, is there a reason I shouldn't be using CNAME to point to another DNS record. I believe @ is for the domain itself (i.e. domain1.com). It seemed that setting @ to a CNAME messed around with our email, but are there any rules as to when I should be using it?

Many thanks, Ben

Best Answer

It's an RFC violation to use a CNAME as an MX record. From RFC2181 section 10.3:

The domain name used as [...] part of the value of a MX resource record must not be an alias. [...] It can also have other RRs, but never a CNAME RR.

In practice it will often work, but some MTAs are aware that you shouldn't do it, so assume they can ignore you or misbehave when they're fed one.

Related Topic