3

My hosting company has set up the DNS records for my site so that there are two entries for www:

example.com       A       192.0.2.222
www.example.com   A       192.0.2.222
www.example.com   CNAME   example.com

Is there a reason for having both an A record and a CNAME record for www?

I now wish to redirect www to a completely different site.

I'm guessing that I have to delete the A record for www and change the CNAME record for www to refer to the URL of the other site. Is that correct?

Patrick Mevzek
  • 9,921
  • 7
  • 32
  • 43
JavaLatte
  • 133
  • 1
  • 5

2 Answers2

9

No, there is not. This is actually considered as an error, explained below.

In this case, where you want to redirect www to a completely different site, you'd remove both the CNAME and the A and replace it with another record of either the type A or CNAME, but not both.

Also notice that CNAME works merely as an alias for the canonical name. It won't perform any actual redirection, as redirection is a function of the HTTP protocol, instead of DNS.

If a hostname has a CNAME record, it must not have other resource records of other type. References:

RFC 1912, 2.4 CNAME records

A CNAME record is not allowed to coexist with any other data. In other words, if suzy.podunk.xx is an alias for sue.podunk.xx, you can't also have an MX record for suzy.podunk.edu, or an A record, or even a TXT record. Especially do not try to combine CNAMEs and NS records

If you use a CNAME, the DNS server should return both CNAME record and the A record for the canonical hostname it's pointing to. The same applies to IPv6 AAAA records.

RFC 1034, 3.6.2 Aliases and canonical names

For example, suppose a name server was processing a query with for USC-ISIC.ARPA, asking for type A information, and had the following resource records:

USC-ISIC.ARPA   IN      CNAME   C.ISI.EDU

C.ISI.EDU       IN      A       10.0.0.52

Both of these RRs would be returned in the response to the type A query, while a type CNAME or * query should return just the CNAME.

The only exception is DNSSEC.

RFC 2181, 10.1 allowed SIG, NXT, and KEY records, while the currently used definition is:

RFC 4035, 2.5 Changes to the CNAME Resource Record

If a CNAME RRset is present at a name in a signed zone, appropriate RRSIG and NSEC RRsets are REQUIRED at that name. A KEY RRset at that name for secure dynamic update purposes is also allowed ([RFC3007]). Other types MUST NOT be present at that name.

This is a modification to the original CNAME definition given in [RFC1034]. The original definition of the CNAME RR did not allow any other types to coexist with a CNAME record, but a signed zone requires NSEC and RRSIG RRs for every authoritative name. To resolve this conflict, this specification modifies the definition of the CNAME resource record to allow it to coexist with NSEC and RRSIG RRs.

Community
  • 1
Esa Jokinen
  • 46,944
  • 3
  • 83
  • 129
  • Nitpick: RFC 2181 isn't the DNSSEC used nowadays - that's RFC 4034 and friends, with records like NSEC*, RRSIG, DNSKEY and DS. – Vladimír Čunát Apr 09 '18 at 12:55
  • Thanks, Esa. I was using the term redirect to describe (maybe incorrectly) the objective I wanted to achieve, rather than as a technical term for the methodology. I do use HTTP redirection from a PHP script to initially allocate users to servers for their geographical areas (broadly by continent, but one or two individual countries), and then DNS to provide meaningful subdomain names for the actual servers. **www** gets hit by the bots (about 60% of all traffic), so I want to be able to move it to the least-loaded server. – JavaLatte Apr 09 '18 at 13:35
  • Thanks, @VladimírČunát, I've fixed this now. Also rearranged this a bit so that it clearly answers to the situation first and then explains the references in detail. – Esa Jokinen Apr 09 '18 at 13:50
2

It is a mistake to have both records. You can safely remove A record and edit CNAME to point to another site.

MTG
  • 193
  • 6