[Pdns-users] Please test: ALIAS/ANAME apex record in PowerDNS

bert hubert bert.hubert at netherlabs.nl
Sun Sep 21 10:54:07 UTC 2014

Hi everybody,

Based on strong user interest, we are fast-tracking the implementation of
ALIAS/ANAME records, to solve the 'CNAME at apex' problem. Because of the
fast-tracking, we need rapid feedback to see if we got it right (see the end
of the mail for details).

In short, you can CNAME 'www.yourdomain.com' to a CDN or somewhere else, but
you can't CNAME 'yourdomain.com', since that breaks DNS. This blogpost by
CloudFlare expands on the problem:

Today, we implemented ALIAS support as an experimental PowerDNS feature,
which allows the following:

$ORIGIN example.com.
@       IN      SOA     ns1 ahu 2014091619 7200 3600 1209600 3600
@       IN      NS      ns1
@       IN      NS      ns2
www     IN      CNAME   xs.powerdns.com.
ns1     IN      A
ns2     IN      A
@       IN      ALIAS   www.powerdns.com.
@       IN      MX      25 outpost.ds9a.nl.
elsewhere       IN      CNAME   @

The branch can be found on https://github.com/PowerDNS/pdns/tree/alias and
we should have packages soon. 

The current semantics for the ALIAS pseudo-record are that they only match
if no real record did.  So in the case above, an MX query for example.com
would return "25 outpost.ds9a.nl".  But a query for AAAA would return the
IPv6 address obtained by following the www.powerdns.com CNAME chain to
xs.powerdns.com. This also works for all other record types, btw.

Our implementation uses a defined resolver to look up the actually requested
record, and adds the data found to the packet built so far. This means that
querying 'elsewhere.example.com' will include a CNAME to example.com, which
in turn will lead to processing of the ALIAS record.

Finally, for TTL, we currently use what the resolver gave us. But perhaps we
could use the TTL of the ALIAS record instead, or as a maximum? Or minimum?

Please let us know your thoughts based on the semantics outlined above.
Would this work for you? Do you miss anything? Is there a need for multiple
ALIAS statements for load balancing? Are we needlessly incompatible with
existing implementations? Is there standardization work we could align

Your input is highly welcome!


PS: the above is currently not yet supported for DNSSEC domains!

PowerDNS Website: http://www.powerdns.com/
Contact us by phone on +31-15-7850372

More information about the Pdns-users mailing list