should Apex domains (and records) be avoided?

I'm building an app that is hosted on Heroku. Heroku suggests that Apex Domains are a Very Bad Idea -- they suggest using CNAME records and a workaround service like Zerigo or DNSSimple. However, every other host I've used seems to have no issue with it. EngineYard is included in that list and they also host on Amazon EC2.

Should I get away from using A records in favor of using CNAMEs with a Zerigo workaround in the future? Is this really only a concern for high-availability apps? Is Heroku just being paranoid?


I would consider this text by Heroku you linked as only relevant for services hosted by Heroku and similar types of providers and don't think it's relevant eg. for a domain you host on a physical server (or a VM on your own KVM/Xen/ESXi) host.

In the Heroku context you don't control where your service runs and Heroku wants the flexibility to move stuff around without breaking customer systems. For this, their model usage of CNAME records makes sense.

For other systems, you have to consider if your environment would benefit at all from the flexibility offered by a DNS naming scheme as suggested by them.


The argument that they're making is that using a CNAME allows for another entity (them) to make updates to the addresses being used without your involvement.

There is a legitimate case for that - but it really has nothing to do with scalability or cloudiness. It's beneficial for your provider to be able to move their servers around to different addresses without having to get their customers to all update A records.

That's all there is to it. The article seems to try to conflate this with adding inherent resilience, specifically citing "massive on-premise datacenters" - which makes no sense at all.