DNS Best Practices: When to Use Multiple A Records vs CNAME for Subdomains


2 views

When configuring DNS for subdomains pointing to the same server, developers face a fundamental choice between:

  • A Records: Direct IP mapping (webmail.example.com → 192.0.2.1)
  • CNAMEs: Alias to another domain (webmail.example.com → www.example.com)

For the webmail.example.com scenario, let's examine both approaches:

# A Record Approach
webmail.example.com.  3600  IN  A  192.0.2.1

# CNAME Approach
webmail.example.com.  3600  IN  CNAME  www.example.com.
www.example.com.      3600  IN  A      192.0.2.1

CNAME records require additional DNS lookups:

  1. Resolve webmail.example.com → CNAME to www.example.com
  2. Resolve www.example.com → A record

This adds ~50-200ms latency per initial resolution (though cached results mitigate this for subsequent requests).

Consider this PHP example checking DNS records:

// Check A record directly
$ip = gethostbyname('webmail.example.com');

// Check CNAME chain
$cname = dns_get_record('webmail.example.com', DNS_CNAME);
$ip = gethostbyname($cname[0]['target']);

IP changes require updating only one A record with CNAMEs, but multiple A records if using direct mapping.

For cloud environments where IPs change frequently:

# AWS Route 53 example using CNAME to ELB
webmail.example.com.  IN CNAME my-loadbalancer-1234567890.us-west-2.elb.amazonaws.com.

This approach becomes mandatory when pointing to AWS/Cloudflare/GCP services that don't provide static IPs.

Follow this decision tree:

  • Use A records when:
    • Subdomains point to fixed IPs
    • Minimizing DNS lookups is critical
    • Managing small numbers of subdomains
  • Use CNAMEs when:
    • IPs change frequently (cloud environments)
    • Managing many subdomains (easier IP changes)
    • Pointing to third-party services

For the webmail.example.com case, CNAME to www.example.com is generally preferable unless you have specific performance requirements.

When configuring DNS for subdomains pointing to the same server as your main domain (like webmail.example.com pointing to www.example.com's IP), we face two technical approaches:

# Option 1: Multiple A records
webmail.example.com.  IN  A      192.0.2.1
blog.example.com.     IN  A      192.0.2.1
shop.example.com.     IN  A      192.0.2.1

# Option 2: CNAME records
webmail.example.com.  IN  CNAME  www.example.com.
blog.example.com.     IN  CNAME  www.example.com.
shop.example.com.     IN  CNAME  www.example.com.

IP Change Management: With CNAMEs, changing the server's IP only requires updating the www A record. With multiple A records, you must update each record individually.

DNS Lookup Performance: CNAMEs require additional DNS lookups (following the chain), while A records provide direct resolution.

TTL Considerations:

# Recommended TTL settings
www.example.com.      IN  A      192.0.2.1    ; TTL=3600
webmail.example.com.  IN  CNAME  www.example.com.  ; TTL=86400

For web applications using cloud providers like AWS:

# AWS Route 53 example using alias records (special A records)
webapp.example.com.  IN  A  ALIAS  dualstack.xyz123.elb.amazonaws.com.

For traditional hosting setups:

# Conventional DNS setup with CNAME
api.example.com.    IN  CNAME  lb-01.example.com.
lb-01.example.com.  IN  A      203.0.113.45

CNAME records have security considerations in DNSSEC implementations. Some security policies may require A records instead of CNAMEs for certain subdomains.

The optimal choice depends on your infrastructure's volatility and management needs. For most modern web applications with dynamic IPs, CNAMEs provide better maintainability. For performance-critical systems with static IPs, multiple A records may be preferable.