Can I use DNS RPZ to set up redirection for a CDN via CNAME records?
- Updated on 29 Nov 2017
- 1 minute to read
We're often asked if DNS RPZ could be used to setup redirection to a CDN. For example if "mydomain.com" is a normal domain with SOA, NS, MX, TXT records etc,. If someone does a A or AAAA query for "mydomain.com" can we use DNS RPZ on an authoritative nameserver to return "CNAME mydomain.com.my-cdn-provider.net"?
The problem with this suggestion is that there is no way to CNAME just A and AAAA queries, not even with RPZ.
The underlying reason is that if you answer with a CNAME then the recursive server making that query will cache the response. Thereafter (while the CNAME is still in cache), it will assume that there are no records of any non-CNAME type for the name that was being queried, and will direct subsequent queries for all other types directly to the target name of the CNAME record.
This isn't a limitation of RPZ, it is because of the way the DNS protocol works - it's simply not possible to use "partial" CNAMES to help when setting up CDNs because doing this will break other functionality such as email routing.
© 2001-2018 Internet Systems Consortium For assistance with problems and questions for which you have not been able to find an answer in our Knowledge Base, we recommend searching our community mailing list archives and/or posting your question there (you will need to register there first for your posts to be accepted). The bind-users and the dhcp-users lists particularly have a long-standing and active membership. ISC relies on the financial support of the community to fund the development of its open source software products. If you would like to support future product evolution and maintenance as well having peace of mind knowing that our team of experts are poised to provide you with individual technical assistance whenever you call upon them, then please consider our Professional Subscription Support services - details can be found on our main website.