DNS Aliases for bare/root/apex domains on Zomomi and RimuHosting DNS

Zonomi and – very shortly – RimuHosting have been updated to permit ALIAS records for root/bare/apex domains.

Background. Many web services – eg. Azure, AWS, or our own Woop! Host wordpress hosting service – make use of CNAMEs. They let you point a domain like www.example.com to an alias like site-1234.woop.host. This lets the service provider have a domain name for their service that they can control, and that they know will be correct.

Broken Emails. CNAMEs can have unexpected consequences. They override other DNS records with the same name. Say you have a CNAME for example.com. You want to setup an email server for that. You create an Email Server (MX) records for example.com pointing to, say, one of our 25Mail.st email hosting service servers. Instead of getting that 25mail.st server name back, they would get your CNAME alias record back.

Workarounds. Traditionally, one workaround has been to simply set an IP address. However, this setup would break if the service provider changes their IP address at any point.

Another workaround (slightly better than setting an IP address) is to configure a web server to redirect from the bare domain name for http[s] requests to the www version of your domain name. However, this requires running a web server and doing some configuration.

ALIAS records. Recently nameservers, including PowerDNS which powers our Rimuhosting and Zonomi DNS services, have added support for a ‘virtual’ ALIAS record type.

IP Lookups on the fly. When clients do a lookup the name server finds the ALIAS record, it then does a DNS lookup on that record to figure out the IPs. And then returns those IP addresses (IPv4 or IPv6).

Works like magic. RimuHosting and Zonomi now both support ALIAS records. To use them, simply edit your CNAMEs. And we will automatically convert the top level/bare/apex domain to an ALIAS record where possible.

Except when it doesn’t. Note that ALIAS records are not compatible with DNSSec signed zones. (A consequence of the dynamic behaviour ALIAS records introduce and NSEC3 extensions).

Sample DNS results. For those who are curious this example shows how the name servers responds to queries when ALIASes are in play.

# showing the CNAME being returned as is normal
# dig www.mydomain.com @ns1.zonomi.com

www.mydomain.com.    3600    IN    CNAME    site-1234.woop.host

# showing the name server doing the IP lookup and returning the ALIAS IPs
# dig mydomain.com @ns1.zonomi.com

mydomain.com.    58    IN    A
mydomain.com.    58    IN    A

# if the client is querying for IPv6 records, those are returned by the name servers
# dig -t aaaa mydomain.com @ns1.zonomi.com

mydomain.com.    32    IN    AAAA    2620:1ec:bdf::41
mydomain.com.    32    IN    AAAA    2620:1ec:46::41

# Email server records are not 'overridden' by the apex domain ALIAS
# dig -t mx mydomain.com @ns1.zonomi.com
mydomain.com.    3600    IN    MX    5 mail2.25mail.st.

# host site-1234.woop.host
site-1234.woop.host has address
site-1234.woop.host has address
site-1234.woop.host has IPv6 address 2620:1ec:bdf::69
site-1234.woop.host has IPv6 address 2620:1ec:46::69

Leave a Reply