CNAME Records and DNS Recursion – Must Authoritative DNS Allow Recursion?

cname-recorddomain-name-systemdreamhostherokurecursive

So I've got a domain registered with Dreamhost, which apparently does not do recursive lookups, and an app on Heroku. Heroku apps are always configured to use a CNAME record to proxy.heroku.com.

So:

Authoritative DNS:  ns1.dreamhost.com (for foo.com)

CNAME record:       app.foo.com -> proxy.heroku.com

Resolves to:        Set of A records for EC2 IPs

I've been told by some folks trying to connect to the app from behind a Windows Server 2003 DNS Server that it handles SERVFAIL differently and cannot resolve the DNS. I'm trying to understand if this is truly a configuration issue on my side or theirs, notably, per the title:

Must the authoritative DNS server for a domain be recursive to allow CNAME records pointing to other domains?

Best Answer

No you don't need to have recursion on for authoritative DNS servers. Depending on who you ask it's even considered good practice that (if possible) your authoritative server not be recursive as it's a line of defence against some DoS attacks. (Cisco's document is here for example)

A sample from my domain is below (Server is running Bind 9 and is non-recursive).

; <<>> DiG 9.5.1-P3 <<>> mail.<snip> @<my authoritative master>
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 1216
;; flags: qr aa rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 4, ADDITIONAL: 4

;; QUESTION SECTION:
;mail.<snip>.       IN  A

;; ANSWER SECTION:
mail.<snip>.        86400   IN  CNAME   ghs.google.com.
ghs.google.com.     158151  IN  CNAME   ghs.l.google.com.
ghs.l.google.com.   33    IN  A       74.125.47.121

;; AUTHORITY SECTION:
google.com.     153556  IN  NS  ns4.google.com.
google.com.     153556  IN  NS  ns2.google.com.
google.com.     153556  IN  NS  ns3.google.com.
google.com.     153556  IN  NS  ns1.google.com.

;; ADDITIONAL SECTION:
ns1.google.com.     169823  IN  A   216.239.32.10
ns2.google.com.     169823  IN  A   216.239.34.10
ns3.google.com.     169823  IN  A   216.239.36.10
ns4.google.com.     169823  IN  A   216.239.38.10

It sounds more like a DNS misconfiguration at the Windows 2003 DNS than anything else.

Related Solutions

How to configure DNS so that www.example.com goes to one server, *.example.com to another

You would need the following DNS entries in your zone file would do the job. The wild card entry should be the last.

example.com. A IP_ADDRESS_OF_STATIC_SERVER
www    A    IP_ADDRESS_OF_STATIC_SERVER
*      A    IP_OF_APP_SERVER

CNAME domain to heroku app

Heroku's documentation on the matter references DNSimple's ALIAS records. If Dreamhost doesn't offer something similar, you'll need to run a small server handling the apex record, use a service like wwwizer.com, or switch DNS providers to one like DNSimple.

Best Answer

Related Solutions

How to configure DNS so that www.example.com goes to one server, *.example.com to another

CNAME domain to heroku app

Related Topic