I'm building an app that is hosted on Heroku. Heroku suggests that Apex Domains are a Very Bad Idea -- they suggest using CNAME records and a workaround service like Zerigo or DNSSimple. However, every other host I've used seems to have no issue with it. EngineYard is included in that list and they also host on Amazon EC2.
Should I get away from using A records in favor of using CNAMEs with a Zerigo workaround in the future? Is this really only a concern for high-availability apps? Is Heroku just being paranoid?
I would consider this text by Heroku you linked as only relevant for services hosted by Heroku and similar types of providers and don't think it's relevant eg. for a domain you host on a physical server (or a VM on your own KVM/Xen/ESXi) host.
In the Heroku context you don't control where your service runs and Heroku wants the flexibility to move stuff around without breaking customer systems. For this, their model usage of CNAME records makes sense.
For other systems, you have to consider if your environment would benefit at all from the flexibility offered by a DNS naming scheme as suggested by them.
The argument that they're making is that using a
CNAME
allows for another entity (them) to make updates to the addresses being used without your involvement.There is a legitimate case for that - but it really has nothing to do with scalability or cloudiness. It's beneficial for your provider to be able to move their servers around to different addresses without having to get their customers to all update
A
records.That's all there is to it. The article seems to try to conflate this with adding inherent resilience, specifically citing "massive on-premise datacenters" - which makes no sense at all.
It's beneficial for your provider to be able to move their servers around to different addresses without having to get their customers to all update A records.
This looks a pretty good reason to me, good enough to NOT using A records and stick to CNAME when possible on cloud services, heroku included, especially if your record has a big TTL.
Here is an interesting article about it (from a clearly heroku fan though, but it explains the situation pretty well): http://neilmiddleton.com/the-dangers-of-a-records-and-heroku/
Note, there is away to get around the problem by using DNSSimple 'Alias' record - read more at http://blog.dnsimple.com/introducing-the-alias-record/ - this is their own extension to DNS which gets around the problem if you use them for your DNS hosting.