CNAME Flattening

image

Let’s discuss CNAME Flattening. This feature ensures RFC-compliant CNAMEs at a domain's root, without requiring you to update your DNS records every time the IP address of your server changes. In this post, we will discuss in-depth what CNAME Flattening is, why it is important, and how you can enable it if you are also using Cloudflare as your public DNS provider.

First, let's start with what CNAMEs are. A CNAME (Canonical Name) is a type of DNS record that enables you to alias one domain name to another. For instance, if you have a website with the domain name "example.com," and you want to point it to a server with the domain name "www.example.com," you can create a CNAME record that points "example.com" to "www.example.com." This makes it easier to manage your DNS records, especially if you need to update the IP address of your server.

However, there is a problem when it comes to having a CNAME at the root of a domain, for example a CNAME at "example.com" instead of "www.example.com". The RFCs that define the DNS protocol state that the root of a domain should only have an A or AAAA record, not a CNAME. This means that if you want to point your root domain to another domain, you have to use an A or AAAA record, which may require you to update your DNS records every time the IP address of your server changes. This could result in downtime for your website and can be quite a hassle to manage.

This is where CNAME Flattening comes in. With this feature, you can create a CNAME record at the root of your domain while still maintaining RFC compliance. When a client queries your domain, your DNS resolver will follow the CNAME record and return the IP address of the final destination, just like with a regular CNAME record. However, if the final destination is an A or AAAA record, your DNS will return that IP address directly, rather than returning a CNAME record that the client would need to follow. This makes it easier to manage your DNS records while still complying with the DNS protocol.

For instance, imagine that you have a server hosted at "server.example.com" with the IP address "192.0.2.1" and you want to point "example.com" to it. Traditionally, you would create an A record that points "example.com" to "192.0.2.1." However, with CNAME Flattening, you can create a CNAME record that points "example.com" to "server.example.com," which is a much simpler and cleaner way of managing your DNS records. If you ever need to update the IP address of your server, you can do so by updating the A record for "server.example.com," and your website will continue to work seamlessly.

Depending on your DNS provider, they may DNS Flattening may be called something else. ANAME or ALIAS records are common records are not part of the standard DNS protocol but are implemented by some providers to make it easy to point root domains to other domains.

DNSimple, DNS Made Easy, Name.com and NS1 all support one or both of these record types.

ANAME records let you refer to other domains just like CNAME records, but behave like A records in that they ultimately resolve to an IP address. This is also known as CNAME Flattening!
ALIAS records map a root domain to another domain while coexisting with other record types for the root domain.

I use Cloudflare, so for this example I’ll be walking you through how to enable CNAME Flattening using that platform. First, simply go to your Cloudflare dashboard and navigate to the DNS settings for your domain. Then, make sure you don’t have any existing A record for your root domain, “exmaple.com”. Now, create a new CNAME record and for the name use “@” to specify the root domain. Then, specify your target, like “server.example.com”. That's it! You can now enjoy the benefits of CNAMEs without worrying about RFC compliance.

CNAME Flattening is an excellent feature that can simplify your DNS management and improve your website's performance and security. With this feature, you can create CNAME records at the root of your domain without worrying about the perilous RFC compliance or the hassle of updating your DNS records every time the IP address of your server changes.

Break the RFC at Your Own Peril

You'd never guess, but the biggest edge case had to do with email sent from Microsoft Exchange mail servers. Domains generally designate the servers that handle their email through what's known as a MX Record. The problem was that Exchange servers, under a very specific set of circumstances, could pick up the CNAME at the root record and then not properly respect the CNAME set at the MX record. You can't really blame Exchange. They were operating under the assumptions laid out by the DNS specification. However, this and a handful of other corner cases caused us to support but recommend against using a CNAME at the root record. Until now.

Flexible and Faster

The biggest benefit is that this allows the flexibility of having CNAMEs at the root without breaking the DNS specification. An ancillary benefit we've found is that we decrease the time for CNAME resolution by about 30% on average. We cache the CNAME responses -- respecting the DNS TTLs, just like a recursor should -- which means often we have the answer without having to traverse the chain. When we do need to traverse the CNAME chain, we often have much a much faster, more direct connection to whatever server is authoritative than your visitor's ISP's recursive DNS service, which would have otherwise been doing the heavy lifting.