Is a CNAME to CNAME chain allowed?

Is it allowed in DNS to have a CNAME record that points to another CNAME record?

The reason we need this is that we have a hostname that we want to be looked up to the IP address of our web server computer. We also have another web server computer stand by that could be activated in case the first one would die. In such a case we would quickly need to point the hostname to the IP address of the stand by web server computer.

Unfortunately the hostname resides in a DNS domain where any change would take long time due to manual operation dependent on other sysadmins. But we have another DNS domain where we can perform the changes ourselves quickly. Having CNAME to CNAME chain seems like a possible solution. But is it allowed? Will web browsers understand it?


Solution 1:

From RFC 1034 - Domain names - concepts and facilities:

Domain names in RRs which point at another name should always point at the primary name and not the alias. This avoids extra indirections in accessing information. For example, the address to name RR for the above host should be:

52.0.0.10.IN-ADDR.ARPA  IN      PTR     C.ISI.EDU

rather than pointing at USC-ISIC.ARPA. Of course, by the robustness principle, domain software should not fail when presented with CNAME chains or loops; CNAME chains should be followed and CNAME loops signalled as an error.

So yes, it is allowed and properly written software will handle it just OK. CNAME chains aren't however considered good practice and impose an overhead on the infrastructure.

Solution 2:

Sure, it is possible.

It is generally discouraged though, for the obvious reason that it uses more DNS resources. For example:

foo   IN      CNAME  someserver.somehost.com.
bar   IN      CNAME  foo

Querying 'bar' would result in CNAME foo being queried, then someserver.somehost.com. being queried, resulting in one extra query.

For every element in the chain you will add, another query will be required.

Another reason this is discouraged is that, by creating chains like these, the chances you will somehow create CNAME loops are increased; these should be detected automatically by current DNS servers, but would still impose a large load on the servers.