3

Previously our domain, let's call it ourdomain.com, pointed to an IP address (our web host). In addition, we use Office 365 to handle our domain email accounts. DNS records:

ourdomain.com    A        XXX.XXX.XXX.XXX
ourdomain.com    MX 10    our-domain.protection.mail.outlook.com

Now we have moved to Azure's cloud environment. It is recommended to not use A records and rather CNAME records, as IP addresses are not guaranteed to be retained.

So we removed the A record and added the CNAME:

ourdomain.com    CNAME    ourcloudsite.cloudapp.net
ourdomain.com    MX 10    our-domain.protection.mail.outlook.com

Now our email is not being received. The result of an nslookup for MX records on ourdomain.com is also incorrect.

I've read that we need to have an A record for MX records to resolve. What A record are we supposed to use then?

We could use the IP of ourcloudsite.cloudapp.net, but then we risk having downtime.

Dave New
  • 155
  • 7
  • 4
    You **MUST NOT** use a CNAME for a bare domain (eg `example.com`). This will be breaking **everything** else. See lots of posts on SF to that effect, such as http://serverfault.com/questions/494473/adding-cname-without-putting-the-subdomain/494474#494474 . – MadHatter May 18 '14 at 11:57
  • 2
    This is one of the reasons people still use www. in website addresses. It catches a surprisingly large number of people by surprise the first time they encounter it, including those who have a decent understanding of DNS. – Grant May 18 '14 at 12:58
  • @Grant Yes, the way `CNAME` works in combination with the lack of `SRV` support for http/https in web browsers is certainly a factor. (As for what constitutes "a decent understanding", this can obviously be debated. One could argue that understanding the `CNAME` record type would be included.) – Håkan Lindqvist May 18 '14 at 13:10
  • @HåkanLindqvist Decent = knows how A and CNAME records work. Good includes knowing why you can't use a CNAME at the top of your domain. – Grant May 18 '14 at 14:09
  • @Grant My impression is rather that the typical source of confusion in this matter is precisely that many have the wrong idea about the meaning of a `CNAME` record. I would go as far as saying that a lot of common "knowledge" regarding the record type is incorrect. Example: The very first sentence of the [Wikipedia article on CNAME records](http://en.wikipedia.org/wiki/Cname) gets it wrong in a way that will lead the reader, should they base their reasoning on an explanation along those lines, down a path where things like this issue will make little or no sense. – Håkan Lindqvist May 18 '14 at 15:05

1 Answers1

8

You can't use a CNAME record at the zone apex. This is because a CNAME record defines one name to be an alias of another regardless the requested record type.

This, in turn, also means that a CNAME record cannot coexist with other records as that would be a conflict/inconsistency.

The zone apex always has at least SOA and NS records, which means there can never be a CNAME there.

As the CNAME suggested by the service provider is not an option, one possible solution to avoid the risk of being caught out by an address change (that would work specifically for a web site) would be to instead add an A record pointing to an address of a different web server that does have a static address. This server would be set up to do an http redirect (301) from eg http://example.com/ to http://www.example.com/, where www.example.com is then set up with the CNAME record suggested by the service provider.

(It's quite likely that you would want to redirect one of the names to the other anyway, one usually does not want all resources to be duplicated with multiple URIs.)

Håkan Lindqvist
  • 33,741
  • 5
  • 65
  • 90