2

If we set an A record and a CNAME record for the same sub-domain, how is the DNS lookup done?

For example,

A record: 
example.com => xx.xx.xx.xx
www.example.com => xx.xx.xx.xx

CNAME record:
www. => example.com

When resolving www.example.com, does the DNS resolver directly look up the A record for the subdomain www and get the ip, or look up the CNAME for www to get the redirect domain(example.com), then look up the A record of example.com to get the ip in the end?

William
  • 69
  • 2
  • 10
  • 4
    It is a violation of the RFC to have any other type of record for the same subdomain if a `CNAME` exists. – tater Dec 27 '20 at 11:59
  • 1
    AFAIK the issue is moot and purely hypothetical as your DNS server should prevent you from doing that as a CNAME record is not allowed to co-exist with any other data.... – Bob Dec 27 '20 at 12:02
  • @HermanB But I did create an A record and a CNAME record for subdomain www in my domain registrar. – William Dec 27 '20 at 12:44
  • That's possible with some web configuration panels, but the DNS server won't answer with both. Either the `CNAME` replaces the `A` or not, if it's somehow handled and removed as an error. – Esa Jokinen Dec 27 '20 at 15:49

1 Answers1

3

What are CNAME records?

What a CNAME record does is to define the owner name (the name where the record is added) to be an alias for the name in CNAME record value (the canonical name, as per the name of the record type).
Note that this definition of being an alias is on the name level, completely disregarding record types.

One implication of the owner name being an alias is that it cannot also have other records, as that would be in direct conflict with it just being an alias for another name.

From the resolver perspective, if you query for A, the valid options for a response is an A typed answer if the name was not an alias or a CNAME typed answer if the name was an alias. Getting both for the same name is not an option (not one that is allowed by the standard and would have defined behavior, anyway).

Then how can my DNS service provider do this?

Assuming that the claim that they allow you to add CNAME and A records side by side is true, there is something non-obvious going on with their service.

I would split it into two main options, without knowing more it's not really possible to know which is relevant in your case:

  • Their system is not directly using the user input, but one way or another transforming it into something that would be valid. Either they might add one of the conflicting records but not the other (which would mean the UI is kind of bad), alternatively it might have some form of "CNAME flattening" functionality where they do not actually serve the CNAME records entered by the user, but rather resolve the relevant records from the canonical name from their end and serve those as if they were directly at the alias name (which is non-standard functionality, but some services have implemented this type of dynamic lookups to "flatten" CNAME).
  • Their system is broken, allowing the user to add inconsistent data that is not allowed in the specs and can be expected to cause strange problems one way or another (either by their service breaking or by their service actually serving inconsistent data that may break things on the resolver side). The user would be shooting themselves in the foot by making use of this type of breakage in their service.
Håkan Lindqvist
  • 33,741
  • 5
  • 65
  • 90