[Pdns-users] Empty CNAME will result "server can't find: NXDOMAIN"

Peter van Dijk peter.van.dijk at netherlabs.nl
Sun May 6 08:26:28 UTC 2012

Hello Thomas,

On May 6, 2012, at 10:21 , Thomas Faddegon wrote:

> Google and amazon use CNAME's instead of A to point to their webservers. Some example: http://blog.cloudflare.com/zone-apex-naked-domain-root-domain-cname-supp#!/

amazon.com and www.amazon.com actually point to A records. Google.com points to A records that just serve redirs to www.google.com.

What cloudflare is doing is either broken (if they really do put CNAMEs on apexes) or a hack where they do the A lookup (which breaks geo-based load balancing).

> Amazon and Google have the right to modify the IP of their CNAME so if you use an A record to make http://example.com working and their modify the IP then http://example.com isn't working anymore.

Yes, this is true.

> I'll get more and more requests from customers that asked me to create an "apex cname" for there domains. Apex CNAME's in combination with Microsoft DNS works correctly (even the RFC isn't support this officially). Apex CNAME's in PowerDNS also works but the MX are broken after the change.

Broken MX is just the first thing you noticed. Putting CNAMEs on an apex breaks many things in unpredictable ways. We very strongly recommend against it.

> Is there any other way with PowerDNS to workaround this?  

You could do a pipebackend that does a fresh lookup of your CNAME target and returns the IPs. As noted above, this can break geo-based load balancing.

Kind regards,
Peter van Dijk
Netherlabs Computer Consulting BV - http://www.netherlabs.nl/

More information about the Pdns-users mailing list