What are the recommended DNS records for a web server and MQTT?

December 10, 2018 952 views
DNS

Not sure which DNS records I need to create to achieve the following goals. Wildcards? @? CNAMEs? A records? MX? It's not clear how I should proceed. Please assist.

  • I own three domains and want all records in all 3 pointing to the same places. Eventually the domains will show different web content but for today they should be the same.
  • I will be standing up two droplets in a hot-cold configuration with a floating IP, manually controlled. Failover amounts to booting the second droplet and switching the floater.
  • I will be running a simple https Wordpress website (LAMP) on each droplet, resolvable by both www.domain and domain (no www.)
  • I will be running a MQTT broker on each droplet. The hostname the client is expecting for these is mqtt.SmartBird.io.
  • Current hostnames for the droplets are mqtt01.SmartBird.io and mqtt02.SmartBird.io. (Maybe I should have asked before committing to that naming scheme. Second one is not yet created, and I can easily rebuild the first.)
  • Mail is to be handled by Zoho

What records should I create, pointing to what?

1 comment
1 Answer
jarland MOD December 10, 2018
Accepted Answer

Hey friend,

To best determine what each should be, I think it's best to break down what the record types are for. Each has it's use case. You already have MX handled, so let's talk about A records and CNAMEs:

A record - This points a name to an IP address. The name might be "domain.com" or even "sub.domain.com" but it simply points to an IP address.

CNAME record - This points to an A record, and pulls the IP from it. Let's say that I want sub.domain.com to always use the IP address assigned to domain.com, and I want to update both records to a new IP address later by only changing one record. I would make "sub.domain.com" a CNAME for "domain.com" which means that it always pulls the A record from "domain.com" when asked.

Each has it's use case, and which to use at each point is entirely your decision :)

Jarland

  • Right. A records for IPs and CNAMEs as aliases... that much I get. Just not sure what is typically recommended for such a setup. Also considering wildcards and @ records.

    • I would say that there is no recommended way, and that any choice which makes sense to you and also functions is the right choice as a result of that. A wildcard is a way to say "every subdomain that I have not already defined will point to this IP" and an "@" is simply a commonly accepted way to leave the name field blank, therefore referring to the root domain (ex. domain.com).

      • Do you have a webserver? What records have you setup?

        • I have a bunch. I do this:

          @ or blank (depending on DNS editor preference) - A record to IP address
          www - CNAME to domain

          So in DigitalOcean's DNS editor that would be:

          Type: A
          Name: @
          Record: 1.1.1.1 (example IP)

          Type: CNAME
          Name: www
          Record: domain.com (sample domain)

          • So for the www CNAME do you use @ ? Or an IP? I suppose @ but wanted to be very certain :-)

          • I use a CNAME for the www, so it looks like this for my domain jarland.me:

            https://i.imgur.com/YQLiMHY.png

            That way if my site IP changes, I just change the A record for jarland.me, and www.jarland.me follows along. This is what I'd add for jarland.me without www, if the IP were 1.1.1.1:

            https://i.imgur.com/POuqdcV.png

          • Okay and how about the other two domains?

          • If it's me, for other subdomains like mqtt01 and mqtt02, I'm going straight A records pointing directly to the IPs. If you see a scenario where a CNAME makes your life easier there, go for it, but an A record with just the name "mqtt01" and the record of the IP address hosting it would be looked upon as perfectly fine by anyone.

          • Okay very good, and the other two domains? I own three domains and want all records in all 3 pointing to the same places. Eventually the domains will show different web content but for today they should be the same.

          • For the other domains you would do an A record for the main domain, the "@" record, and you could do a CNAME for any subdomains (including www). Granted, if you're pointing a subdomain to the same IP as another record and use a CNAME, but then you intend to change it later then there's no real benefit to CNAME over A record.

            So many ways to spin it :)

          • Here are the resulting settings, I am posting these in case others come later with the same question. Would you please glance at them and make sure I did nothing stupid? If this is a security risk I will need to remove them.

            TTLs are deliberately set very low while I am doing the setup.

            https://goo.gl/photos/5xT4bUz7y185upXNA

          • Looks good to me :)

          • Thank you, and it is not a security risk to leave these screenshots up for others to see, yes? I think so, I am fairly certain these are all public record :-)

          • It could theoretically increase the severity of an existing security risk, but that would mean that something on the droplet and public facing is vulnerable to begin with, which means it's only a matter of time before someone out there attacks it anyway.

Have another answer? Share your knowledge.