Hi, On Thu, May 15, 2008 at 8:45 PM, Chris Boyd <cboyd at gizmopartners.com> wrote: > CNAMEs require two dips into the DNS (one to get the CNAME, another to look > up the IP), and so can be much slower if you are the victim of a slow > resolver. Not true (AFAIR). If I remember correctly, if the information about the destination of the CNAME is on the same DNS server (either because it is authoritative, or because the resolver has it already on cache), it will piggyback the information on the same response packet. You can check this behaviour by using "dig" with the options that show all that comes in the original response. Look: $ dig www.google.com ; <<>> DiG 9.3.3rc2 <<>> www.google.com ;; global options: printcmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 53650 ;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;www.google.com. IN A ;; ANSWER SECTION: www.google.com. 10048 IN CNAME www.l.google.com. www.l.google.com. 115 IN A 64.233.169.147 www.l.google.com. 115 IN A 64.233.169.104 www.l.google.com. 115 IN A 64.233.169.103 www.l.google.com. 115 IN A 64.233.169.99 ;; Query time: 3 msec ;; SERVER: 192.168.1.1#53(192.168.1.1) ;; WHEN: Thu May 15 20:56:30 2008 ;; MSG SIZE rcvd: 126 192.168.1.1 is my router which is running DNS. Just to make sure, I opened another window and started a tcpdump udp on it, and this is what I got: 20:56:30.641239 IP 192.168.1.10.33672 > 192.168.1.1.53: 53650+ A? www.google.com. (32) 20:56:30.642791 IP 192.168.1.1.53 > 192.168.1.10.33672: 53650 5/0/0 CNAME[|domain] One packet request, one packet response. That's it, nothing else. On Thu, May 15, 2008 at 8:34 PM, Clint Dilks <clintd at scms.waikato.ac.nz> wrote: > I am currently reviewing the DNS records for the organization I work for and > have one area I would like other peoples thoughts on. Would there ever be a > situation where you need to have multiple A records pointing to the same IP > Address? Yes, if the domains are used as e-mail domains or as mail exchangers in MX records. Although this is probably not true anymore, some MTAs used to have problems with CNAMEs, so it was (and still is) considered "best practice" to use A records for those. You also might have to use A records if you want to associate other records to a name (like MX or TXT or even SOA for a parent domain). Whatever you do, be careful to not use CNAME pointing to a CNAME. Although it kind of works, it's expressly forbidden by the RFCs and might get you into trouble. Before changing those As into CNAMEs, make sure that nobody has a CNAME that points to one of those. Other than that, yes, it is a good idea to change As into CNAMEs, specially in cases where you don't have control on the nameserver for some domains and you might need to change the IP of the server, then you might change the A record and have all others follow you wherever you go. HTH, Filipe