[Swlug] DNS - do A & AAAA conflict with CNAME?

Justin Mitchell justin at discordia.org.uk
Fri Aug 8 13:25:26 UTC 2014 

CNAMEs are considered harmful.

a record which points to a CNAME must have no other records (excepting
some special dnssec ones)

CNAME gets looked for first, and if found it stops looking, replaces the
query with the right hand side and starts again, so an A or AAAA record
for the same thing will never be seen.

certain record types are not permitted to point to CNAMEs at all, etc
etc. there are lots of gotchas and things that are just not allowed,
best to avoid them entirely imho.




On Fri, 2014-08-08 at 13:58 +0100, Mark Summerfield wrote:
> Hi,
> 
> Do A and AAAA DNS records conflict with CNAME records or is it OK to
> have both?
> 
> Case #1.
> 
> I have domain digitalcardbox.com and a website for it on Google App
> Engine (GAE) at digitalcardbox.appspot.com
> 
> To make GAE use the digitalcardbox.com domain name I told GAE to verify
> my ownership which it did and then added a TXT record:
> 
>     @ 3600 IN TXT "google-site-verification=XXXX"
> 
> It (or me, I can't recall which) then added two CNAME records:
> 
>     * 10800 IN CNAME ghs.googlehosted.com.
>     www 10800 IN CNAME ghs.googlehosted.com.
> 
> And after a couple of days it seemed to work fine.
> 
> Case #2.
> 
> I also have domain qtrac.eu with the website hosted by plus.net.
> And I have a GAE version of the website at diffpdf.appspot.com.
> 
> Around 4am this morning plus.net shut down qtrac.eu on the grounds that
> there was too much traffic. They didn't say whether this was due to
> popularity (which I doubt) or a DoS attack or simple extortion on their
> part.
> 
> So, I tried to get GAE to take over the website.
> 
> First I reset the DNS back to gandi (from whom I get my domain names)
> from plus.net and that worked OK.
> 
> Unfortunately GAE couldn't create the TXT record so I did that manually:
> 
>     @ 10800 IN TXT "google-site-verification=XXXX"
> 
> But unlike with digitalcardbox, GAE did not give me any CNAMEs to add,
> so I added the two shown above.
> 
> GAE did ask me to add 4 A and 4 AAAA records (the A's look like IPv4 and
> the AAAA a bit like IPv6 but I'm guessing), which I duly added.
> 
> My question is: will the CNAME records I added (and which GAE didn't ask
> me to add) conflict with the A and AAAA records, or is it safe to have
> them all?
> 
> If you get the impression I don't understand any of this you'd be right.
> 
> Thanks!
>

More information about the Swlug mailing list