Can I use DNS RPZ to set up redirection for a CDN via CNAME records?
We're often asked if DNS RPZ could be used to setup redirection to a CDN. For example, if "mydomain.com" is a normal domain with SOA, NS, MX, TXT records etc., if someone does an A or AAAA query for "mydomain.com" can we use DNS RPZ on an authoritative nameserver to return "CNAME mydomain.com.my-cdn-provider.net"?
The problem with this suggestion is that there is no way to CNAME just A and AAAA queries, not even with RPZ.
The underlying reason is that if you answer with a CNAME then the recursive server making that query will cache the response. Thereafter (while the CNAME is still in cache), it will assume that there are no records of any non-CNAME type for the name that was being queried, and will direct subsequent queries for all other types directly to the target name of the CNAME record.
This isn't a limitation of RPZ, it is because of the way the DNS protocol works - it's simply not possible to use "partial" CNAMES to help when setting up CDNs because doing this will break other functionality such as email routing.