Should CNAME Be Used For Subdomains?

Yes, that’s an appropriate use of CNAMEs. In the discussions I’ve been part of, the arguments tend to go like this:

Against CNAMEs:

  • There is a (tiny) performance penalty, as the downstream DNS caches need to perform 2 DNS lookups, one for the CNAME and one for the A-Record the CNAME points to.
  • Vague, bogus arguments about CNAMEs having less “authority” or compatibility issues.

In favor of CNAMEs:

  • They provide a clean abstraction between hardware (physical servers) and services.
  • They simplify DNS management — when a server moves, you only need to change one record.

After trying a couple of different ways to do this, I now have a personal favorite style. It is:

  • One A Record for each physical server; with a fairly low TTL (perhaps 30 minutes); giving the server a human-friendly name.
  • One CNAME for each service; with a high TTL (perhaps 24 hours); pointing to the above server names.
  • As the sole exeption to the rules above, the domain root is an A-Record, pointing to the webserver / web load balancer. (The @ is required to be an A-record.)

I find that this setup works well. It keeps extra DNS lookups for the CNAMES down; and if a server crashes I can still change public DNS around fairly fast.

Here’s a (improvised) example in BIND syntax:

;name     ttl   class rr     value 
server01  30m   IN    A      192.168.0.3
server02  30m   IN    A      192.168.0.4

webmail   24h   IN    CNAME  server01
extranet  24h   IN    CNAME  server02
ftp       24h   IN    CNAME  server02

Related Posts:

  1. Is a wildcard CNAME DNS record valid?
  2. Why can’t a CNAME record be used at the apex (aka root) of a domain?
  3. Is a CNAME to CNAME chain allowed?
  4. List all DNS records in a domain using dig?
  5. How to include multiple domains in an spf TXT Record
  6. What is a glue record?
  7. Why is DNS failover not recommended?
  8. Top level domain/domain suffix for private network?
  9. DNS – NSLOOKUP what is the meaning of the non-authoritative answer?
  10. What’s the meaning of ‘@’ in a DNS zone file?
  11. How can I see Time-To-Live (TTL) for a DNS record?
  12. What type of DNS record is needed to make a subdomain?
  13. Why can’t MX records point to an IP address?
  14. Should we host our own nameservers?
  15. How does ServerName and ServerAlias work?
  16. Vagrant / VirtualBox DNS 10.0.2.3 not working
  17. Multiple data centers and HTTP traffic: DNS Round Robin is the ONLY way to assure instant fail-over?
  18. Multiple TXT fields for same subdomain
  19. Do SPF Records For Primary Domain apply to subdomains?
  20. Private IP address in public DNS
  21. How can I convert MP3 file to a Base64 encoded string? [closed]
  22. What is a sanity test/check
  23. What is an instance variable in Java?
  24. Discord music bot not working
  25. did you specify the right host or port? error on Kubernetes
  26. How does Java’s PriorityQueue differ from a min-heap?
  27. What is a Memory Heap?
  28. 403 Forbidden vs 401 Unauthorized HTTP responses
  29. Advanced AREL or just Rails Query for has_many through search by association
  30. “If not” condition statement in python
  31. How can I sort a dictionary by key?
  32. What does ERR_SPDY_PROTOCOL_ERROR mean in nginx?
  33. What is a bitmask and a mask?
  34. C++ code file extension? What is the difference between .cc and .cpp
  35. How to convert .crt to .pem [duplicate]
  36. pagebreak in markdown while creating pdf
  37. Time Complexity of Prims Algorithm?
  38. Ping – Request timed out
  39. How do I remove version tracking from a project cloned from git?
  40. What’s the difference between & and && in MATLAB?
  41. azure error 502 – Web server received an invalid response while acting as a gateway or proxy server
  42. What is a Ray ID (Cloudflare)?
  43. How do I get a list of built-in data sets in R?
  44. java.text.ParseException: Unparseable date
  45. Difference between .o and .ko file
  46. R error: all arguments must have the same length
  47. What is the definition of a “disparity map”?
  48. Alternative to ui-grid(doesn’t support angular2/4)
  49. Tool for drawing parse trees?
  50. How do I install the OpenSSL libraries on Ubuntu?
  51. How can I specify a display?
  52. Clearing localStorage in javascript?
  53. Search all the occurrences of a string in the entire project in Android Studio
  54. Using map in Haskell
  55. R dates “origin” must be supplied
  56. How to one hot encode several categorical variables in R
  57. cannot load such file — bundler/setup (LoadError)
  58. Downgrade npm to an older version
  59. Mongoose.js: remove collection or DB
  60. slideToggle JQuery right to left
  61. Valgrind Invalid free() / delete / delete[] / realloc() in C
  62. Exception in thread “main” java.lang.reflect.InvocationTargetException
  63. “webxml attribute is required” error in Maven
  64. How can I change the color of my prompt in zsh (different from normal text)?
  65. mkdir c++ function
  66. C’s printf and fprintf(stdout,) are not printing
  67. What’s the difference between SoftReference and WeakReference in Java?
  68. reversing list in Lisp
  69. How to disable Windows Update Medic Service?
  70. Systrace for Windows
  71. Good way to encapsulate Integer.parseInt()
  72. TCP/IP packets and datagrams
  73. ArrayList of int array in java
  74. What are the differences between Mustache.js and Handlebars.js?
  75. Vim Opening File E325 Attention Error
  76. Terminating app due to uncaught exception ‘NSUnknownKeyException’
  77. Rewrite the base-url for single posts
  78. How to parse wordpress options json
  79. A post has a js redirection script. How to not redirect its category?
  80. Cannot understand WordPress error message
  81. How use custom image size + ACF + background image
  82. Pass AJAX variable to PHP functions WordPress plugin
  83. Redirect, Change URLs or Redirect HTTP to HTTPS in Apache – Everything You Ever Wanted to Know About mod_rewrite Rules but Were Afraid to Ask
  84. How to add dependency on a Windows Service AFTER the service is installed
  85. Monday morning mistake: sudo rm -rf –no-preserve-root /
  86. Delete Amazon EC2 terminated instance
  87. robocopy transfer file and not folder
  88. What’s the difference between include_tasks and import_tasks?
  89. rm on a directory with millions of files
  90. What ports to open for mail server?
  91. Why is Enterprise Storage so expensive?
  92. Should a wildcard SSL certificate secure both the root domain as well as the sub-domains?
  93. How to show all banned IP with fail2ban?
  94. How can I get diff to show only added and deleted lines? If diff can’t do it, what tool can?
  95. Why do systems generally disable virtualization by default in BIOS settings?
  96. 10 servers to administer and I’m a history major [closed]
  97. Making `wget` not save the page
  98. How do I list all connected Salt Stack minions?
  99. How to get Apache2 to redirect to a subdirectory
  100. What does that mean: packages excluded due to repository priority protections

Leave a Comment