Hello there,

I'm a long time reader of these forums, but I now have a question which I have been struggling to find the answer to for myself, which I hope someone can help me with!

I am currently in the process of building a web site, which I would like to run from my home server. I have the site running internally, and I am using my firewall to route inbound traffic to my server from the internet.

As I am behind a home broadband service, my IP address is assigned via DHCP and therefore my public address changes from time to time [although this is very rare, as the DHCP leases from my ISP seem to last a while].

To work around this, I have been using DynDNS for many years now, and have a public A record on the internet, which is dynamically updated by DynDNS, if my public IP ever changes - this has been working perfectly from day one for inbound admin connections such as SSH, Webmin, etc. For the purposes of this thread, I'll refer to my public DynDNS A record as 'mydynamicip.homeip.net'.

I have purchased a domain name for my new site, from 123-Reg, who I have purchased domain names from before. I'll refer to this domain as 'mypublicdomain.co.uk'. I currently have the following DNS records setup for my domain at 123-Reg:
Note: The address: 94.136.40.82 is the address for 123-Reg's web forwarding service. I have been instructed by 123-Reg to add this record.

The purpose of this record is to forward requests such as http://mypublicdomain.co.uk/ are forwarded on to http://www.mypublicdomain.co.uk/. This was their proposed workaround to the fact that I was unable to add a DNS record like '@ CNAME mydynamicip.homeip.net' to my public domain, without overriding my MX records - they said if I did add such a record, that my incoming mail would be affected.

Unfortunately, this does not meet my requirements, as it means that only HTTP requests to mypublicdomain.co.uk are forwarded to mydynamicip.homeip.net and thus my home public IP. For example if a HTTPS request is sent - 'https://mypublicdomain.co.uk/' - this request would fail, as the web forwarding service only responds to HTTP requests and only forwards to HTTP OR HTTPS. I could set the destination to https://www.mypublicdomain.co.uk/, but this would mean that all web requests are forwarded to HTTPS, no matter what the user has specified. Furthermore, I would loose the ability to refer to my public domain name as mypublicdomain.co.uk for purposes such as SSH and Webmin, etc. - these would all be sent to 94.136.40.82 as per the A record on the domain, and then fail as the A record would resolve to the web forwarding server and not my public IP.

My question is: How would one go about setting up DNS, to allow all requests for mypublicdomain.co.uk to be resolved via CNAME to mydynamicip.homeip.net.

I hope I've provided enough info - if I can provide any more helpful info, please let me know.

Many thanks,

Joe

In order for "mypublicdomain.co.uk" and "www.mypublicdomain.co.uk" to both work, they both need to have A records that reach a valid web server. Technically, you are not supposed to CNAME a directly delegated domain. But it has worked. But that certainly does mean everything would follow, all record types and all hostnames. I always recommend to not use CNAME at all, and just delegate your domain directly to where it can be served. A dynamic DNS provider should be able to support your domain as a delegated name service. They would give you hostnames to provide to your registrar for delegation (usually you put then in as "customer provided name servers" in some panel). Then they would host your domain, and update the A records dynamically based on the communications from you.

I once hosted the DNS for a friend's business connected by dynamic IP. I just rigged up a scheme where his server would make an ssh connection to my statically addressed servers every hour, and run a command to write the value of an environment variable (set by SSH with the IP address he came from) to a file. A cron job set to run a few minutes after that would check if the address changed. If it changed that job would rebuild the zone file with it and reload the name server.

I got into the dynamic DNS business for a short while. I'm out of it, now. There's no money in it to even justify renting the servers for it.

An alternative is to rent virtual hosting somewhere and either run DNS there or some or all of your website there.

1 members found this post helpful.

What's the deal with not CNAMEing then? I've not heard that before.

The CNAME, or canonical name is just an alias for another A record.

@MasterRoot24, if you really want to use dynamic DNS and host the server on it, you might want to consider transferring the domain registration to DynDNS instead of 123-Reg. It will cost you a bit extra per year, but their Custom DNS service should provide the functions you are looking for. I believe that these options are available if they are the registrar for the domain.

1 members found this post helpful.

Erm... yeah I know what a CNAME *IS*.

Never mind, I misread your question ....

I don't know if your question means:

1. why (to me) the advice to not use CNAME?

2. why (to OP) to avoid not using CNAME?

CNAME has a purpose. It very often gets used for things other than its intended purpose. I generally advise not using CNAME anywhere possible to avoid it, even for the intended purpose (which is not always possible to avoid, but sometimes is). The reasons for the advice include reducing the number of DNS lookups needed to find a host, and avoiding complications, such as what the OP has run into. I never use CNAME when a regular RR will do.

Hello everyone.

Thank you for your replies.

@Skaperen: following from your reply, I'm now currently trialling the DynDNS Standard service - this appears to be just what I was after - it allows my to have my public IP as the domain root A record (so traffic to <whateverprotocol>://mypublicdomain.co.uk/ is catered for. This then allows me to set my MX records, as I've removed the need to CNAME to mydynamicip.homeip.net. It naturally allows integration with their DynDNS client, so should my public IP change, my site's A record will be changed accordingly.

You're right, it is a bit more expensive per year, but it's not astronomical and it's a service I've already been using for years - just the free version, so I know it's reliable enough for my current needs.

Thanks again for your input.

Cheers,

Joe

EDIT: I forgot to give credit to Noway2!

@Noway2 - Thank you for this suggestion. This is what I think will ultimately be the solution to my problem.

I meant your comment about best practises. To me it always seemed a good idea to use A records to refer to machines and static addresses, and then CNAMEs to relate to services running upon those machines. An arbitrary layer of abstraction I guess. Does add the extra lookup, but it's a nicer visio diagram!

I agree that makes logical sense. It's a good way to think about what you are doing. Where I disagree is how that comes to be what the DNS server actually serves. If a DNS server would "resolve" automatically, then it would be a good way to express it. But I don't want DNS answers to be revealing this (or require the extra query). If my web server is named "fred" at 44.1.2.3, I don't want "www CNAME fred" as part of the DNS answer. I want "www A?" to just get "www A 44.1.2.3".

If there was a means to write expressions that mean "www -> fred" and "fred A 44.1.2.3" and the server would answer "www A?" with "www A 44.1.2.3" from that, that would be great.

I guess you and I come down on different sides of the dilemma. You favor having the conceptual or abstract expression and I favor having the name server give explicit answers. Now if only there was a tool that allowed both.

I recalled another reason to avoid CNAMEs as much as possible (because I just ran into it, again): IPv6

When there is a CNAME and the referenced name does not have an AAAA record, but an AAAA record was being asked for, things get even slower, and sometimes fail to even look for the A record (because the first look failed). That should not prevent falling back to an A record, but sometimes it does (I'll have to investigate that when I get some time).

I just avoid CNAME as much as possible on my domains. I put the actual A or AAAA or MX or SPF or whatever appropriate records apply. I don't consider "administrator convenience" as an acceptable excuse for point a CNAME record in the zone. If "administrator convenience" is needed write a script (I have written some minimal ones, already).