1

Question: We have 7000+ DNS subdomains under cotoso.com, we want to map them to 2 IP address, e.g. subdomain1-4000 to IP1, 4001-7000 to IP2. What's the best way to do this?

Background: Our company provides SAAS software. We have 1 root domain (let's say cotoso.com), and then assign one subdomain for each customer company (e.g. company1.cotoso.com, company1.cotoso.com). Each company logon and use our SAAS by given subdomain.

Previously, our business is small, we has only 1 service deployment. therefore, the DNS setup is pretty easy, just set A record to map *.cotoso.com to our load balancer.

As business grows, we are planning to make multiple deployments on different Datacenters. However, DNS becomes a big problem. Right now, we have about 7,000 customers, we want to move half of them to new datacenter, how do we setup the DNS record?

My throught is using 3 level domain:

*.southeast.cotoso.com A 1.2.3.4

*.south.cotoso.com A 1.2.3.5

however, there are conflict between 3level wildcard and 2 level wildcard DNS record, so we cannot migrate the existing users to new 3level domain.

Any help are appreciated.

Thanks,

maud L
  • 13
  • 1
  • 4

2 Answers2

3

Assuming you know the subdomains that your customers are using, you should just setup DNS entries for each of them, pointing at the DC they each should be using. A lot of DNS providers these days have HTTP-based "APIs" or varying quality which you can use to automatically update DNS records when your provisioning database gets updated (create customer record -> create DNS record; cancel customer -> delete DNS record). If you're hosting DNS yourself, you can easily script something to generate the DNS zone data from your customer records.

DNS wildcards are evil, confusing, and don't do what you probably think they do. I strongly recommend you stop using them and never let them darken your door ever again.

womble
  • 96,255
  • 29
  • 175
  • 230
  • +1 I would just like to suggest using the standardized dns feature [dynamic updates](https://tools.ietf.org/html/rfc2136) as your update api rather than generating files if you run your own. – Håkan Lindqvist Jul 19 '17 at 15:34
  • Dynamic DNS is a neat idea in theory; in practice, it's a bit of a pest to setup and manage, and the client-side tooling is appalling. – womble Jul 19 '17 at 21:31
  • I'm wondering if DNS provider can handle 10K or even 30K subdomain record? will such amount cause any issue? – maud L Jul 27 '17 at 01:32
  • Shouldn't be a problem. If it is for your current choice of DNS provider, you need to find a better one. – womble Jul 27 '17 at 04:38
2

Keep the DNS configured with a single wildcard (*.company.com), and introduce a reverse proxy (e.g., varnish, haproxy or nginx) to route traffic to the appropriate backend service. A hosted edge proxy like section.io can make managing the proxy easier than running it yourself.

This gives you flexibility to change how you handle your routing with code that can be versioned and changed easily, instead of locking into a particular DNS service and thousands of individual records.

Andrew Homeyer
  • 121
  • 3