Experienced DNS Admins please help me understand...
I run a small DNS server in a development environment that runs resolution for at most 5 domain names at any one time. My question stems from a discussion here: What's the difference...
My question is this:
- What should I use when I have a domain name and at least one subdomain pointing to that domain?
One Answer is this:
- I argue that the appropriate solution to this is to use Cnames. This will allow me to change an IP address once and affect multiple hosts names (the cnames) at the same time. This will help me keep things uncomplicated. This will also make managing TTL records much more straight forward and reliable. I am prone to making mistakes so this will also limit my chances of making mistakes.
Another Answer is this:
- Others argue that queries will be speed up by using A Name records (I don't necessarily argue against that fact).
I know that either will work but the adopted standards based on the RFCs for DNS lead me to believe that we should use Cnames and A Names correctly and were appropriate. Rules can be broken, but what's the point if you can't rely on them.
Please only respond to this question if you run a large DNS server or have experience doing so. Otherwise don't expect your opinion to change my opinion. I've been told that it's all a matter of personal preference and I'd like for this to be otherwise.
Forgive me if you believe I'm belaboring a very old point.
ok, the answer is hidden in your question:
Usually DNS lookups are done rarely, and are cached in the app anyway or on the requesting system. So, this 'speed up' argument is just hypothetical.
I run reasonably large DNS infrastructure that locally serves several thousand hosts with over 300 different domains.
I keep A records to a minimum and use CNAMEs whenever possible and when it makes logical sense. Rule of thumb is: A record only for the primary interface for the node, and that which need reverse resolving to it as well. Everything else (like services running on the server) is a CNAME.
Reason for not having multiple A's ais also that you'd expect (not a requirement though!!) to have a corresponding PTR. But you can't if you only have 1 IP.
in other words:
is ok, but
is not so (in fact you don't really want to have the last entry!)
but then again, it is really a matter of common sense and preference, there are no hard rules.
Have an
A
record for the server's primary (or "infrastructure") hostname.The websites hosted on it should then use
CNAME
records pointing at that hostname.The exception is if you want "bare" domain names (i.e. without a
www.
or similar prefix) to work. DNS rules mean you can't usually use aCNAME
for those, which unfortunately means that those records have to beA
records instead, i.e.:You want credentials? See my profile...
I'm not sure what your definition of a "large" DNS system is. I've worked on one of about 30, and one of about 50.
I'd say that you can't accurately answer this question for all setups. Your performance profile, your available resources, the frequency with which you need to update IP addresses, and the tools available to you will all influence this decision.
For example, an administrator trying to squeeze the last drops of performance out of a system who rarely changes IPs or has access to a tool to easily make broad changes will have a different answer from an administrator who has more performance than time. How many IP addresses and/or host machines you manage may have an effect. Your clients' needs may have an effect.
Personally, when there are only a few machines involved and a large number of domains, I use CNAMEs. When I have relatively few domains per server, I prefer A records. So, despite your implication that it can be answered definitively, I think it is heavily dependent on situation, resources, and (yes) personal preference.