DNS tips - flexibility within the rules

dns, website Updated

Getting DNS right can be tough, and getting it wrong can cause problems… Here are some of the useful snippets I've picked up and used.

CNAME records #

CNAME (Canonical Name) records are used to map one domain name to another, essentially allowing you to create an alias. This can be very useful in a number of scenarios.

Dynamic DNS + custom domains #

One I've found helpful is to use a custom domain with a free dynamic DNS provider. Say for example your provider gives you a domain: username.ddns.example. You could use this anywhere you need to access services hosted at your dynamic IP address, but if you ever need to switch providers you could end up with a lot of places to update this. One solution is to use a custom domain. This can be done using a CNAME record to point a custom domain (e.g. myhomelab.example.com) to the one from your provider. If you ever need to switch, then you have a nice central location to update it and hopefully a lot less work to keep everything running smoothly.

myhomelab.example.com. CNAME username.ddns.example.

CNAME flattening #

CNAMES are useful but not without their limitations. One major caveat to their use is that other DNS records cannot be added to a domain with a CNAME record. So for example, if you add a CNAME for your root domain pointing to a Netlify site, you can't add an MX record to your root domain for your mail service, or NS records to identify your nameservers. The official guidance from Netlify is to use the www subdomain and add a CNAME record to it, keeping your root domain free and unrestricted. However, if you don't want to use www you're not completely out of luck.

Some DNS providers, including Cloudflare, offer a way to work around this restriction without breaking the spec. Cloudflare call this feature CNAME flattening, other providers may call it ANAME or ALIAS records, but they're essentially the same thing. When they receive a DNS query, if there's a CNAME at the root they do some additional processing before responding. Instead of just returning the record, they attempt to recurse through the CNAME chain to resolve it to an A record. This means the client is blissfully unaware of the CNAME record and the rule breaking, is happy to receive the expected A record and continues as with any other 'normal' domain. A nice side effect of Cloudflare and others doing this DNS resolution is that it's often significantly faster than if clients were to do it themselves.

Some relevant docs: