[Swlug] DNS - do A & AAAA conflict with CNAME?

Dave Cridland dave at cridland.net
Fri Aug 8 13:23:59 UTC 2014 

On 8 August 2014 13:58, Mark Summerfield <mark at qtrac.eu> wrote:

> Hi,
>
> Do A and AAAA DNS records conflict with CNAME records or is it OK to
> have both?
>
>
It's not OK.

It's generally bad to have a CNAME. It's totally out to have a CNAME and
anything else, with the exception of an SOA record. There are also many
other cases where a CNAME is out.

Loosely, if a query hands back a CNAME, the query is restarted with the RHS
of the CNAME as the query domain. The LHS of a CNAME RR is called an
"alias", and the RHS is the "canonical name". The RHS of any record, if
it's a name, cannot be an alias, and so cannot result in a CNAME.

To put it another way, CNAME (and DNAME) records are a bit like DNS macros
rather than real records, and because they Do Things, unless you're happy
you understand what Things they Do, you're best off avoiding them if you
can.


> Case #1.
>
> I have domain digitalcardbox.com and a website for it on Google App
> Engine (GAE) at digitalcardbox.appspot.com
>
> To make GAE use the digitalcardbox.com domain name I told GAE to verify
> my ownership which it did and then added a TXT record:
>
>     @ 3600 IN TXT "google-site-verification=XXXX"
>
> It (or me, I can't recall which) then added two CNAME records:
>
>     * 10800 IN CNAME ghs.googlehosted.com.
>     www 10800 IN CNAME ghs.googlehosted.com.
>
> And after a couple of days it seemed to work fine.
>
>
Argh! Never never never never have a CNAME wildcard. It'll just ruin your
life.


> Case #2.
>
> I also have domain qtrac.eu with the website hosted by plus.net.
> And I have a GAE version of the website at diffpdf.appspot.com.
>
> Around 4am this morning plus.net shut down qtrac.eu on the grounds that
> there was too much traffic. They didn't say whether this was due to
> popularity (which I doubt) or a DoS attack or simple extortion on their
> part.
>
> So, I tried to get GAE to take over the website.
>
> First I reset the DNS back to gandi (from whom I get my domain names)
> from plus.net and that worked OK.
>
> Unfortunately GAE couldn't create the TXT record so I did that manually:
>
>     @ 10800 IN TXT "google-site-verification=XXXX"
>
> But unlike with digitalcardbox, GAE did not give me any CNAMEs to add,
> so I added the two shown above.
>
> GAE did ask me to add 4 A and 4 AAAA records (the A's look like IPv4 and
> the AAAA a bit like IPv6 but I'm guessing), which I duly added.
>
>
Good guess.


> My question is: will the CNAME records I added (and which GAE didn't ask
> me to add) conflict with the A and AAAA records, or is it safe to have
> them all?
>
>
No, stick with the A/AAAA records only. Ideally, go back to digitalcardbox
and see if you can replace the CNAME with the A/AAAA records.


> If you get the impression I don't understand any of this you'd be right.
>
> Thanks!
>
> --
> Mark Summerfield, Qtrac Ltd, www.qtrac.eu
>     Python and PyQt/PySide - training and consultancy
>         DiffPDF for Windows - PDF comparison tool
>             http://www.qtrac.eu/diffpdf.html
>
> _______________________________________________
> Swlug mailing list
> Swlug at mailman.lug.org.uk
> https://mailman.lug.org.uk/mailman/listinfo/swlug
>
-------------- next part --------------
An HTML attachment was scrubbed...
URL: <http://mailman.lug.org.uk/pipermail/swlug/attachments/20140808/cddffc2b/attachment.html>

More information about the Swlug mailing list