What’s in a CNAME?

While setting up the first server of my lab I thought I would add a small aside here on Canonical Name records (CNAME) with DNS. A lot of the DNS documentation out there explains what a CNAME is, but not always why you’d want to use it.

To begin with lets look at the difference between a standard A record and a CNAME, I’m using the ever-present contoso.com as the domain, in the style of Microsoft.

An A Record points directly to the server IP address, much like a name in a phone directory (remember those?) points to a phone number. When a computer looks up an A record it gets the IP ready for direct communication. They look something like this on the DNS server:

server.contoso.com     A

A CNAME always points to an A record, like an alias for the server. When your computer looks up a CNAME, the DNS server will replace the CNAME with the A record and reply with that. A CNAME pointing at another CNAME will probably work, if your DNS server will allow you to add the record, but don’t! it’s bad and it leads to confusion, mistakes and someone else looking at your DNS records and asking “Which Muppet did this then?”. They look like this:

www.contoso.com     CNAME     server.contoso.com

It’s a good idea when setting up any service to create a CNAME for that service, in the above example a web server (in fact, you’ll definitely want to do this for multiple web sites on the same box). This allows you to move that service to another server later on without needing to do any more than change where the CNAME points.

For example, I’ve just set up a NTP time server on my Ovirt Engine server (Spoilers!) however I may in the future find that the box isn’t capable of controlling my virtual server host nodes. If I had used the A record directly, I would have to go into each node and change the server address, or rename the old server and give the name to the new but then what about my time service? Both is much more work than a quick re-point.

So my DNS records would look like this:

server.contoso.com         A
time.contoso.com           CNAME   server.contoso.com
ovirt-engine.contoso.com   CNAME   server.consoso.com

I’d add the new server:

server.contoso.com         A
server2.contoso.com        A
time.contoso.com           CNAME   server.contoso.com
ovirt-engine.contoso.com   CNAME   server.consoso.com

Then when I’m ready to migrate just tweak the CNAME to repoint the service:

server.contoso.com         A
server2.contoso.com        A
time.contoso.com           CNAME   server.contoso.com
ovirt-engine.contoso.com   CNAME   server2.consoso.com

This also means I can run them concurrently, and roll-back is as easy as reverting the CNAME change.

The catch!

And there is one, not a big one, but it can cause and issue. Each DNS record has a Time To Live or TTL which tells a machine how long it should cache the record for in secords before it checks again with the server. This is normally a good thing, it means less load on your DNS servers and less DNS traffic, however if I adjust my CNAME as above and the TTL is set for say 1800 seconds it can take a machine 30 minutes to see the change.

The easy way around this is to remember to reduce the TTL before you make the change to a nice low number, remembering you’ll need to wait at least the old TTL for that to take effect. Don’t forget to reset it afterwards!

2 thoughts on “What’s in a CNAME?

  1. Low TTLs rock. I use 1 or 5 minute for A and AAAA records. A little UDP packet at the start shouldn’t noticeably slow down any application.

    • I’d normally agree, but longer ones do have their uses, especially if you have to work around high-latency low-speed links to very remote sites. 🙂 Can’t recall seeing a server overwhelmed with DNS requests either, certainly not in the last few years. A modern DL360Gen8 say can throw data around so quickly short of a DDoS or some tying to run a multinational corp through a single server I doubt it happens anymore.

      Going the other way, I’ve worked with a platform we needed to load balance but 10GigE balancers were rather over budget! A round robin with a zero TTL meant each new request hit the next node in the sequence and smoothed it out enough to tide us over.

      I do like a bit of DNS, for something so simple what you can do with it sometimes is quite impressive.

Leave a Reply

Fill in your details below or click an icon to log in:

WordPress.com Logo

You are commenting using your WordPress.com account. Log Out /  Change )

Google photo

You are commenting using your Google account. Log Out /  Change )

Twitter picture

You are commenting using your Twitter account. Log Out /  Change )

Facebook photo

You are commenting using your Facebook account. Log Out /  Change )

Connecting to %s