Opened 6 years ago

Last modified 3 years ago

#55 new enhancement

Extend record management to permit CNAMEs to be handled as the root domain

Reported by: Kris Deugau Owned by:
Priority: minor Milestone: 1.4.1
Version: Keywords:


Bulk, high-availability hosting is increasingly relying on CNAMEs for spreading the load, fault tolerance, and easy migration of a site from one underlying system to another.

DNS, strictly speaking, does not support a CNAME on the domain name itself, so DNSAdmin has had restrictions added to prevent this foot-shooting.

However, this means you still have to hack something up to redirect web requests for the root domain to www.<domain>.

Cloudflare recently introduced a feature in their DNS management that replaces a CNAME on the root domain with the underlying A record data on the fly:

This requires patching the DNS server software, so it's not likely to show up elsewhere any time soon.

However, with a management tool like this, there's little reason not to push the automatic conversion to an A record up a layer, and do it on export from the database to the live DNS records.

Change History (7)

comment:1 Changed 3 years ago by Kris Deugau

(In [750]) /trunk

Start adding support for "root CNAME" or "apex alias" records:

  • record export
  • type definition for SQL

Instead of overloading "true" CNAME handling, we'll follow one existing
path and create a managed pseudotype ALIAS instead.

See #55.

comment:2 Changed 3 years ago by Kris Deugau

(In [752]) /trunk

Minor administrivia cleanups

Mostly finalize new ALIAS pseudotype. See #55.

  • Add validator
  • Tweak handling of ALIAS IP cache with new DB column
  • Fix an output typo that would have created broken record lines

comment:3 Changed 3 years ago by Kris Deugau

(In [755]) /trunk

Make sure zones with ALIAS records actually get fully refreshed on each
export, other configuration nothwithstanding. See #55.

comment:4 Changed 3 years ago by Kris Deugau

A couple of counternotes:

  • SimpleDNS squashes the TTLs to the *smallest* squashed A/AAAA TTL. DNSAdmin should probably do the same, but it means monkeying with the auxdata again. Feh.

ALIAS-records are not compatible with DNSSEC. Signing a zone containing ALIAS-records will not work correctly.

  • note that this refers to their on-the-fly resolving of the chain; since DNSAdmin implements this by resolving at record change or export time, it should be possible to support. DNSSEC support (#66) is a ways off anyway.

comment:5 Changed 3 years ago by Kris Deugau

Milestone: 1.4

comment:6 Changed 3 years ago by Kris Deugau


comment:7 Changed 3 years ago by Kris Deugau

(In [767]) /trunk

File a sharp edge off ALIAS handling; in an edge case where the target
name goes AWOL for a couple of export cycles, the cache would be invalidated.
Also fix related issues on record update where the cache was or wasn't
being updated when it should have been. See #55.

Note: See TracTickets for help on using tickets.