Cannot have a host1 (a) > ip and hosts2 (cname) > host1
What steps have you taken to resolve the issue?
I wanted to add my servers ips as multiple DNS records under allowed.ips.example.com then my servers can check these IPs and white\list them for certain internal services.
But while I have s1.example.com defined as an A record pointing to a certain IP, I see I cannot have a cname like allowed.ips.example.com pointing to s1.example.com it says:
The reason I wanted that as cname is so I don’t need to edit it whenever that final IP changes, s1.example.com is kind of static. But for other IPs I can define multiple A records just fine under same allowed.ips.example.com.
There must be a way to make this work, something similar to registering another domain like ip-whitelist-mysite.com but that seems overkill, can this be done by changing DNS configuration for upper host ips.mysite.com ? Move that to another DNS provider maybe ?
I thought of using TXT records but their format is kind of harder to read, unreliable format, different size limits on different systems, that can cause big problems.
Is there any other DNS record type that can do this maybe ?
OK, I think I got it.
So I was trying to define many ips inside same DNS hostname my-whitelist.mysite.com so my servers scripts can just read this single dns record and get many ips to be white\listed, without me having to edit scripts on my servers whenever I change ips. I wanted to just edit this DNS record when needed to add IPs.
I was trying to do:
my normal website record:
s1.mysite.com A 123.123.123.123
trying to make a wh itelist:
my-whitelist.mysite.com A 234.234.234.234
my-whitelist.mysite.com A 222.222.222.222
my-whitelist.mysite.com CNAME s1.mysite.com <<< not working
So I guess I was trying to break some DNS standards there by having both A records and cnames under same host name my-whitelist.mysite.com.
Is another way to do this, no ? It would mean to include both cnames and A records under same exact host. Or to have multiple identical cnames pointing to different hosts.
I am guessing it would be something like round robin with cnames if I can call it that. Because with A records it works just fine to add different A values for same host. Which doesn’t fully make sense to me, why not allow multiple cnames too ?
doing this via DNS seems to be making it way more complicated than it needs to me.
Just have a txt file on your server with your IP addresses in it, and read from that file directly.
over 10 servers need to read same data and allowlist 10-20 ips
if I do it by fetching a fixed URL on one of my sites, then that can be blocked or rate limitd by Cloudflare
fetching an url from domain hosted on same machine might return unexpected results
is risky to run server commands based on contents on remote url, mostly because the contents can be a server error and not a list of ips/hosts
also the list is mixed of ipv4, ipv4 classes, ipv6, ipv6 classes, hostnames, so is not easy to validate in case the remote list returned unexpected results or error(s)
overall DNS is a reliable source of information, a remote site can also be just offline in addition to returning error
from a standards point of view, SPF and other autentications are also done by DNS, which are somehow similar scenarios.