RFC 1034 clearly states that when a CNAME record exists for a domain name, no other resource records (RRs) of any type can coexist with it. This creates a fundamental limitation when trying to combine:
; INVALID configuration
myhomesite IN CNAME example.dyndns.org.
myhomesite IN AAAA 2001:db8::1:2:3:4Here are three production-tested approaches:
1. Dual Record Subdomain Approach
; BIND zone file example
ipv4.myhomesite IN CNAME example.dyndns.org.
myhomesite IN AAAA 2001:db8::1:2:3:4Clients can explicitly use ipv4.myhomesite for IPv4 resolution while myhomesite directly serves IPv6.
2. API-Based Dynamic DNS
Modern DNS providers like Cloudflare or Route53 allow API updates:
# Python example using Cloudflare API
import requests
headers = {
"Authorization": "Bearer YOUR_API_TOKEN",
"Content-Type": "application/json"
}
data = {
"type": "AAAA",
"name": "myhomesite",
"content": "2001:db8::1:2:3:4",
"ttl": 120
}
response = requests.post(
"https://api.cloudflare.com/client/v4/zones/ZONE_ID/dns_records",
headers=headers,
json=data
)For environments requiring IPv6-to-IPv4 translation:
; PowerDNS configuration snippet
dns64-prefix=64:ff9b::/96
dns64-synthesize=yesVerify configuration with:
dig myhomesite AAAA +short
dig myhomesite CNAME +shortExpected output for solution #1:
2001:db8::1:2:3:4
example.dyndns.org.When managing dynamic DNS configurations with both IPv4 and IPv6 connectivity, a common challenge arises: attempting to combine a CNAME record (typically pointing to a dynamic DNS provider) with an AAAA record for direct IPv6 access. The DNS RFCs explicitly prohibit this combination at the same node:
; INVALID configuration (RFC violation)
myhomesite IN CNAME example.dyndns.org.
myhomesite IN AAAA 2001:db8::1:2:3:4
According to RFC 1034 section 3.6.2, when a CNAME exists for a name, that name cannot have any other resource records. This creates problems for hybrid IPv4/IPv6 setups where:
- You need CNAME for dynamic IPv4 resolution through services like DynDNS
- You want static AAAA records for stable IPv6 access
- You wish to maintain a single hostname for both protocols
Here are three working approaches I've implemented in production environments:
1. Subdomain Delegation
; Zone file solution
myhomesite IN CNAME example.dyndns.org.
ipv6.myhomesite IN AAAA 2001:db8::1:2:3:4
Then configure client applications to try both names (fallback pattern). Many modern apps support this through Happy Eyeballs algorithms.
2. Dual DNS Views
For BIND servers, implement view-based separation:
view "internal" {
match-clients { 2001:db8::/32; };
zone "example.com" {
file "/etc/bind/internal/example.com.zone";
# Contains AAAA record only
};
};
view "external" {
match-clients { any; };
zone "example.com" {
file "/etc/bind/external/example.com.zone";
# Contains CNAME only
};
};
3. Dynamic DNS API Integration
For advanced setups, use your DNS provider's API to synchronize records:
#!/bin/bash
# Sample DynDNS update script with IPv6 support
CURRENT_IPV6=$(ip -6 addr show dev eth0 | grep global | awk '{print $2}' | cut -d/ -f1)
curl -u "username:password" \
"https://api.dyn.com/v2/dns/example.com/record/_myhomesite/AAAA" \
-X PUT -d "{\"data\": \"$CURRENT_IPV6\"}"
For applications connecting to such endpoints, consider these resilient connection patterns:
// JavaScript example with fallback
async function connectToHome() {
try {
// Try IPv6 first
return await connect('myhomesite', { family: 6 });
} catch (e) {
// Fallback to IPv4 via CNAME
return await connect('myhomesite', { family: 4 });
}
}
// Python example using socket.AI_ADDRCONFIG
import socket
def create_connection(address):
for res in socket.getaddrinfo(address, 443,
type=socket.SOCK_STREAM,
flags=socket.AI_ADDRCONFIG):
af, socktype, proto, canonname, sa = res
try:
s = socket.socket(af, socktype, proto)
s.connect(sa)
return s
except socket.error:
continue
When implementing split DNS solutions, ensure proper monitoring of both paths:
- Separate health checks for IPv4 (CNAME) and IPv6 (AAAA) resolutions
- Distinct latency metrics for each protocol path
- Alerting on resolution failures with protocol-specific notifications