Extend record management to permit CNAMEs to be handled as the root domain

[Kris Deugau]

Bulk, high-availability hosting is increasingly relying on CNAMEs for spreading the load, fault tolerance, and easy migration of a site from one underlying system to another.

DNS, strictly speaking, does not support a CNAME on the domain name itself, so DNSAdmin has had restrictions added to prevent this foot-shooting.

However, this means you still have to hack something up to redirect web requests for the root domain to www.<domain>.

Cloudflare recently introduced a feature in their DNS management that replaces a CNAME on the root domain with the underlying A record data on the fly:

​http://blog.cloudflare.com/introducing-cname-flattening-rfc-compliant-cnames-at-a-domains-root

This requires patching the DNS server software, so it's not likely to show up elsewhere any time soon.

However, with a management tool like this, there's little reason not to push the automatic conversion to an A record up a layer, and do it on export from the database to the live DNS records.

[Kris Deugau]

(In [750]) /trunk

Start adding support for "root CNAME" or "apex alias" records:

• record export
• type definition for SQL

Instead of overloading "true" CNAME handling, we'll follow one existing
path and create a managed pseudotype ALIAS instead.

See #55.

[Kris Deugau]

(In [752]) /trunk

Minor administrivia cleanups

Mostly finalize new ALIAS pseudotype. See #55.

• Add validator
• Tweak handling of ALIAS IP cache with new DB column
• Fix an output typo that would have created broken record lines

[Kris Deugau]

(In [755]) /trunk

Make sure zones with ALIAS records actually get fully refreshed on each
export, other configuration nothwithstanding. See #55.

[Kris Deugau]

A couple of counternotes:

​http://support.simpledns.com/kb/a211/alias-records-auto-resolved-alias.aspx:
TTL

• SimpleDNS squashes the TTLs to the *smallest* squashed A/AAAA TTL. DNSAdmin should probably do the same, but it means monkeying with the auxdata again. Feh.

DNSSEC
ALIAS-records are not compatible with DNSSEC. Signing a zone containing ALIAS-records will not work correctly.

• note that this refers to their on-the-fly resolving of the chain; since DNSAdmin implements this by resolving at record change or export time, it should be possible to support. DNSSEC support (#66) is a ways off anyway.

[Kris Deugau]

(In [767]) /trunk

File a sharp edge off ALIAS handling; in an edge case where the target
name goes AWOL for a couple of export cycles, the cache would be invalidated.
Also fix related issues on record update where the cache was or wasn't
being updated when it should have been. See #55.