How to overcome root domain CNAME restrictions

Question

We are hosting many web applications for our customers   As is obvious they want to use their own domains to refer to those applications  usually they want that any user that either type http   www customer1 example or http   customer1 example goes to their web application   The situation we are facing is that we need to have the flexibility to change IP addresses in the near future   And we don t want to rely on the customer doing the A record change on their domains   So we thought that using CNAME records will work  but as we find out CNAME records will not work for the root domain     Basically   customer1 example IN CNAME customer1 mycompanydomain example   this is invalid as the RFC www customer1 example IN CNAME customer1 mycompanydomain example   this is valid and will work   We want to be able to change the IP address of customer1 mycompanydomain example or the A record and our customers will follow this record which we have control over   in our DNS it will look like   customer1 mycompanydomain example IN A 192 0 2 1   Any ideas

User · Answer

The reason this question still often arises is because, as you mentioned, somewhere somehow someone presumed as important wrote that the RFC states domain names without subdomain in front of them are not valid. If you read the RFC carefully, however, you'll find that this is not exactly what it says. In fact, RFC 1912 states:

Don't go overboard with CNAMEs. Use them when renaming hosts, but plan to get rid of them (and inform your users).

Some DNS hosts provide a way to get CNAME-like functionality at the zone apex (the root domain level, for the naked domain name) using a custom record type. Such records include, for example:

ALIAS at DNSimple
ANAME at DNS Made Easy
ANAME at easyDNS
CNAME at CloudFlare

For each provider, the setup is similar: point the ALIAS or ANAME entry for your apex domain to example.domain.com, just as you would with a CNAME record. Depending on the DNS provider, an empty or @ Name value identifies the zone apex.

ALIAS or ANAME or @ example.domain.com.

If your DNS provider does not support such a record-type, and you are unable to switch to one that does, you will need to use subdomain redirection, which is not that hard, depending on the protocol or server software that needs to do it.

I strongly disagree with the statement that it's done only by "amateur admins" or such ideas. It's a simple "What does the name and its service need to do?" deal, and then to adapt your DNS config to serve those wishes; If your main services are web and e-mail, I don' t see any VALID reason why dropping the CNAMEs for-good would be problematic. After all, who would prefer @subdomain.domain.org over @domain.org ? Who needs "www" if you're already set with the protocol itself? It's illogical to assume that use of a root-domainname would be invalid.

User · Answer

My company does the same thing for a number of customers where we host a web site for them although in our case it s xyz company com rather than www company com  We do get them to set the A record on xyz company com to point to an IP address we allocate them   As to how you could cope with a change in IP address I don t think there is a perfect solution  Some ideas are    Use a NAT or IP load balancer and give your customers an IP address belonging to it  If the IP address of the web server needs to change you could make an update on the NAT or load balancer  Offer a DNS hosting service as well and get your customers to host their domain with you so that you d be in a position to update the A records  Get your customers to set their A record up to one main web server and use a HTTP redirect for each customer s web requests

User · Answer

CNAME ing a root record is technically not against RFC  but does have limitations meaning it is a practice that is not recommended    Normally your root record will have multiple entries  Say  3 for your name servers and then one for an IP address   Per RFC      If a CNAME RR is present at a node  no other data should be   present    And Per IETF  Common DNS Operational and Configuration Errors  Document      This is often attempted by inexperienced administrators as an obvious      way to allow your domain name to also be a host   However  DNS      servers like BIND will see the CNAME and refuse to add any other      resources for that name   Since no other records are allowed to      coexist with a CNAME  the NS entries are ignored   Therefore all the      hosts in the podunk xx domain are ignored as well    References    http   tools ietf org html rfc1912 section  2 4 CNAME Records  http   www faqs org rfcs rfc1034 html section  3 6 2  Aliases and canonical names

User · Answer

I see readytocloud com is hosted on Apache 2 2   There is a much simpler and more efficient way to redirect the non-www site to the www site in Apache   Add the following rewrite rules to the Apache configs  either inside the virtual host or outside  It doesn t matter    RewriteCond   HTTP HOST   readytocloud com  NC  RewriteRule     http   www readytocloud com   R 301 L    Or  the following rewrite rules if you want a 1-to-1 mapping of URLs from the non-www site to the www site   RewriteCond   HTTP HOST   readytocloud com  NC  RewriteRule      http   www readytocloud com 1  R 301 L    Note  the mod rewrite module needs to be loaded for this to work   Luckily readytocloud com is runing on a CentOS box  which by default loads mod rewrite   We have a client server running Apache 2 2 with just under 3 000 domains and nearly 4 000 redirects  however  the load on the server hover around 0 10 - 0 20

User · Answer

I don t know how they are getting away with it  or what negative side effects their may be  but I m using Hover com to host some of my domains  and recently setup the apex of my domain as a CNAME there  Their DNS editing tool did not complain at all  and my domain happily resolves via the CNAME assigned   Here is what Dig shows me for this domain  actual domain obfuscated as mydomain com       lt  lt  gt  gt  DiG 9 8 3-P1  lt  lt  gt  gt  mydomain com    global options   cmd    Got answer     - gt  gt HEADER lt  lt - opcode  QUERY  status  NOERROR  id  2056    flags  qr rd ra  QUERY  1  ANSWER  3  AUTHORITY  0  ADDITIONAL  0     QUESTION SECTION   mydomain com           IN  A     ANSWER SECTION  mydomain com        394 IN  CNAME   myapp parseapp com  myapp parseapp com  300 IN  CNAME   parseapp com  parseapp com        60  IN  A   54 243 93 102

User · Answer

You have to put a period at the end of the external domain so it doesn t think you mean customer1 mycompanydomain com localdomain   So just change   customer1 com IN CNAME customer1 mycompanydomain com   To  customer1 com IN CNAME customer1 mycompanydomain com

User · Answer

Thanks to both sipwiz and MrEvil   We developed a PHP script that will parse the URL that the user enters and paste www to the top of it   e g  if the customer enters kiragiannis com  then it will redirect to www kiragiannis com    So our customer point their root  e g  customer1 com to A record where our web redirector is  and then www CNAME to the real A record managed by us   Below the code in case you are interested for future us    lt  php  url   strtolower   SERVER  HTTP HOST      if strpos  url            false       remove http       url   substr  url  strpos  url          2       urlPagePath       if strpos  url           false       store post-domain page path to append later    urlPagePath   substr  url  strpos  url            url   substr  url  0  strpos  url             urlLast   substr  url  strrpos  url          url   substr  url  0  strrpos  url           if strpos  url           false       get rid of subdomain s     url   substr  url  strrpos  url         1        url    http   www      url    urlLast    urlPagePath   header   Location   url       gt

User · Answer

Sipwiz is correct the only way to do this properly is the HTTP and DNS hybrid approach   My registrar is a re-seller for Tucows and they offer root domain forwarding as a free value added service     If your domain is blah com they will ask you where you would like the domain forwarded to  and you type in www blah com   They assign the A record to their apache server and automaticly add blah com as a DNS vhost   The vhost responds with an HTTP 302 error redirecting them to the proper URL   It s simple to script setup and can be handled by low end would otherwise be scrapped hardware   Run the following command for an example  curl -v eclecticengineers com

[networking] How to overcome root domain CNAME restrictions?

Examples related to networking

Examples related to dns

Examples related to rfc

Examples related to cname