7

Experienced DNS Admins please help me understand...

I run a small DNS server in a development environment that runs resolution for at most 5 domain names at any one time. My question stems from a discussion here: What's the difference...

My question is this:

  • What should I use when I have a domain name and at least one subdomain pointing to that domain?

One Answer is this:

  • I argue that the appropriate solution to this is to use Cnames. This will allow me to change an IP address once and affect multiple hosts names (the cnames) at the same time. This will help me keep things uncomplicated. This will also make managing TTL records much more straight forward and reliable. I am prone to making mistakes so this will also limit my chances of making mistakes.

Another Answer is this:

  • Others argue that queries will be speed up by using A Name records (I don't necessarily argue against that fact).

I know that either will work but the adopted standards based on the RFCs for DNS lead me to believe that we should use Cnames and A Names correctly and were appropriate. Rules can be broken, but what's the point if you can't rely on them.

Please only respond to this question if you run a large DNS server or have experience doing so. Otherwise don't expect your opinion to change my opinion. I've been told that it's all a matter of personal preference and I'd like for this to be otherwise.

Forgive me if you believe I'm belaboring a very old point.

Patrick R
  • 2,925
  • 1
  • 18
  • 27

3 Answers3

11

ok, the answer is hidden in your question:

...small DNS server...at most 5 domain names...

...queries will be speed up by using A Name records...

Usually DNS lookups are done rarely, and are cached in the app anyway or on the requesting system. So, this 'speed up' argument is just hypothetical.

I run reasonably large DNS infrastructure that locally serves several thousand hosts with over 300 different domains.

I keep A records to a minimum and use CNAMEs whenever possible and when it makes logical sense. Rule of thumb is: A record only for the primary interface for the node, and that which need reverse resolving to it as well. Everything else (like services running on the server) is a CNAME.

Reason for not having multiple A's ais also that you'd expect (not a requirement though!!) to have a corresponding PTR. But you can't if you only have 1 IP.

in other words:

name1 IN A IP1
IP1 IN PTR arpa.name1
name2 IN CNAME name1

is ok, but

name1 IN A IP1
IP1 IN PTR arpa.name1
name2 IN A IP1
IP2 IN PTR arpa.name2

is not so (in fact you don't really want to have the last entry!)

but then again, it is really a matter of common sense and preference, there are no hard rules.

rytis
  • 2,324
  • 1
  • 18
  • 13
  • +1 for pointing out that the dns is cached (which inevitably leads to "have you cleared you cache" answer for why a computer is loading the old url) – Patrick R Feb 09 '10 at 23:28
  • @pulegium - I'm going to open this back up to get some more information. – Patrick R Feb 22 '10 at 17:48
5

Have an A record for the server's primary (or "infrastructure") hostname.

The websites hosted on it should then use CNAME records pointing at that hostname.

The exception is if you want "bare" domain names (i.e. without a www. or similar prefix) to work. DNS rules mean you can't usually use a CNAME for those, which unfortunately means that those records have to be A records instead, i.e.:

$ORIGIN example.net. ; host is in this domain
@      IN SOA ...
       IN NS ...
server IN A 192.0.2.1

$ORIGIN example.com. ; website is in this domain
@      IN SOA ...
       IN NS ...
       IN A 192.0.2.1 ; can't be a CNAME - other RRs already here
www    IN CNAME server.example.net.

You want credentials? See my profile...

Alnitak
  • 20,901
  • 3
  • 48
  • 81
  • 1
    +1 for pointing out why cname rules *don't* work on "bare" domain names. That hadn't even crossed my mind. – Patrick R Feb 09 '10 at 23:29
  • Thanks for the "bare" mention. I guess the only option is then to use a different domain to name hosts (eg, machine1.example.net, machine2.example.net, machine3.example.net) and then use CNAMEs to point to those machines (eg, youtube.com -> machine1.example.net, flickr.com -> machine2.example.net), right? – Rafa Apr 26 '12 at 14:32
2

I'm not sure what your definition of a "large" DNS system is. I've worked on one of about 30, and one of about 50.

I'd say that you can't accurately answer this question for all setups. Your performance profile, your available resources, the frequency with which you need to update IP addresses, and the tools available to you will all influence this decision.

For example, an administrator trying to squeeze the last drops of performance out of a system who rarely changes IPs or has access to a tool to easily make broad changes will have a different answer from an administrator who has more performance than time. How many IP addresses and/or host machines you manage may have an effect. Your clients' needs may have an effect.

Personally, when there are only a few machines involved and a large number of domains, I use CNAMEs. When I have relatively few domains per server, I prefer A records. So, despite your implication that it can be answered definitively, I think it is heavily dependent on situation, resources, and (yes) personal preference.

Ben Doom
  • 684
  • 3
  • 6