3

I need some help sorting out my DNS entries. I have a domain, lets say it's somecompany.com
Off this domain I have a website on AWS Cloudfront, which should be accessible via www.somecompany.com & somecompany.com
I also have Google Apps setup for email, so users have addresses like user@somecompany.com

My problem is that although I can setup the Google Apps DNS entries and get mail sent to the right address. As soon as I also setup the entry for the website the mail stops being received by users@somecompany.com. I suspect some type of clash between the MX records and CNAME of somecompany.com but I'm not sure how to fix it.

DNS table is as follows...

somecompany.com     CNAME   xxxxxxxx.cloudfront.net
www.somecompany.com CNAME   somecompany.com
somecompany.com     MX  ASPMX.L.GOOGLE.COM
somecompany.com     MX  ALT1.ASPMX.L.GOOGLE.COM
somecompany.com     MX  ALT2.ASPMX.L.GOOGLE.COM
somecompany.com     MX  ALT3.ASPMX.L.GOOGLE.COM
somecompany.com     MX  ALT4.ASPMX.L.GOOGLE.COM
somecompany.com     NS  ns1.openprovider.nl
somecompany.com     NS  ns2.openprovider.be
somecompany.com     NS  ns3.openprovider.eu
somecompany.com     SOA ns1.openprovider.nl dns@openprovider.eu xxxxxxxxxx
somecompany.com     TXT google-site-verification=xxxxxxxxxx
user3188040
  • 307
  • 1
  • 3
  • 8

1 Answers1

2

CNAME is not valid as the top entry (at the zone apex) of a domain. foo.example.com can be a CNAME and typically work as expected, but example.com (also called the "naked domain") cannot. A CNAME masks all of the other records, by definition, and is invalid in conjunction with other records. Your DNS hosting provider is technically broken if they are letting you configure it this way. You often get away with it for just a web site, but as you can see, email is one of several places where you don't.

It was because of the limitation of CNAME that Amazon Route 53 implemented the concept of an ALIAS record, for pointing the A record at the zone apex to CloudFront, Elastic Load Balancer, and S3 static hosting endpoints. Those services give you a hostname for your endpoint, not an IP address, so you need this type of record at the apex.

This record type isn't really a record type at all; the record itself is still an A record, as evidenced by the response, but Route 53 resolves them internally by cross-reference in order to find the correct A-record from the underlying service, and return it to the requester.

I am not affiliated with AWS; this is not a plug. From a technical perspective, if you are hosting a site on CF, ELB, or S3, it usually makes the most sense to host your DNS on Route 53 because Alias records do what you need here, and it's not always possible to do the correct thing with other DNS providers. Some providers do have something called an "ANAME" which behaves similar to Alias, and if yours offers that, then that should work also.

See also Difference between A Record and CNAME in Route 53 for more about CNAME vs. Alias.

Michael - sqlbot
  • 22,658
  • 2
  • 63
  • 86
  • Ahh that makes sense. I'll try Route53 to solve the issue and mark your answer as correct once I have seen it work. Thanks for the detailed & educational answer! – user3188040 Jul 30 '15 at 12:48