So I've got a domain registered with Dreamhost, which apparently does not do recursive lookups, and an app on Heroku. Heroku apps are always configured to use a CNAME record to proxy.heroku.com
.
So:
Authoritative DNS: ns1.dreamhost.com (for foo.com)
CNAME record: app.foo.com -> proxy.heroku.com
Resolves to: Set of A records for EC2 IPs
I've been told by some folks trying to connect to the app from behind a Windows Server 2003 DNS Server that it handles SERVFAIL differently and cannot resolve the DNS. I'm trying to understand if this is truly a configuration issue on my side or theirs, notably, per the title:
Must the authoritative DNS server for a domain be recursive to allow CNAME records pointing to other domains?
Best Answer
No you don't need to have recursion on for authoritative DNS servers. Depending on who you ask it's even considered good practice that (if possible) your authoritative server not be recursive as it's a line of defence against some DoS attacks. (Cisco's document is here for example)
A sample from my domain is below (Server is running Bind 9 and is non-recursive).
It sounds more like a DNS misconfiguration at the Windows 2003 DNS than anything else.