Round-robin DNS – another use for ANAMEs
X now does Y 🙂
— Mythic Beasts (@Mythic_Beasts) 19 March 2019
Sensible people don’t like to hard code IP addresses in lots of different places in DNS. Better to assign it a name, and then reference that name, as it makes it clearer what’s what and if you ever need to change that IP, you’ve only got to do it one place.
CNAME records can be a good way to do this, by aliasing a DNS name to an IP. Unfortunately, the DNS specs prevent you using CNAMEs in various places that you might want to, most commonly at the root-level of your domain (the dreaded “CNAME and other data” problem).
This is where ANAME pseudo-records come in. They look just like a CNAME record, but rather than being added to the DNS, our server converts them into A and AAAA records. This allows you to get the benefits of a CNAME in places where a CNAME is not legal.
This week a customer suggested another use for ANAME records that we’d not previously thought of: round robin DNS. That is, a single DNS name that points to multiple servers. As you can’t have multiple CNAME records for the same hostname, implementing round-robin DNS means hard-coding A and AAAA records into your zone file. Like this:
proxy.mythic-beasts.com. 3600 IN A 93.93.129.174 proxy.mythic-beasts.com. 3600 IN A 46.235.225.189 proxy.mythic-beasts.com. 3600 IN AAAA 2a00:1098:0:80:1000:3b:1:1 proxy.mythic-beasts.com. 3600 IN AAAA 2a00:1098:0:82:1000:3b:1:1
Which is messy. Wouldn’t it be nicer to use the names of the servers involved? Like this:
proxy.mythic-beasts.com. 3600 IN CNAME rproxy46-sov-a.mythic-beasts.com. proxy.mythic-beasts.com. 3600 IN CNAME rproxy46-hex-a.mythic-beasts.com.
Sadly, the spec says you can’t do that, but thanks to a minor tweak to our DNS control panel code, you can now do it with ANAME records. Simply specify multiple ANAME records for your host name, and we’ll go and find all A and AAAA records for all of the hosts that are referenced.
Thanks to @grayvsearth for the suggestion on this one.
ANAME records are available in our DNS management interface, which is included with all domain registrations, and available for free on other domains for customers of other services. Other features include a DNS API, allowing you to obtain Wildcard Let’s Encrypt certificates.