Multiple Containers, One Public IP, HaProxy. How to Cname properly?

mikeinnyc · January 9, 2023, 10:46pm

I have HAProxy working well with pfSense. I have multiple Back End “Different Domain Name Websites.”

My question is how to use proper Cname records with my hosting provider with “one website to many hostnames each with a different lxc containers?”

I was figuring on the following setup below since HAProxy could do its thing but I’ve read several
different opinions regarding DNS extra calls and time to resolve if I cname to one IP.

|*.EXAMPLE.COM.|60|IN|A|98.113.XX.XX|

|EXAMPLE.COM.|60|IN|A|98.113.XX.XX|

Then HAProxy would simply forward that public SNI to the correct backend.

Or Do I make an A record with the public IP for each Cname?

|srv.101.EXAMPLE.COM.|60|IN|A|98.113.XX.XX|
|srv.102.EXAMPLE.COM.|60|IN|A|98.113.XX.XX|
|srv.103.EXAMPLE.COM.|60|IN|A|98.113.XX.XX|

Confused

mikeinnyc · January 9, 2023, 11:55pm

Working with CNAME records

Limitations

MX and NS records can't point to a CNAME record; they must point to an A record (for IPv4) or an AAAA record (for IPv6).
The CNAME **chain length should not be greater than 5.**

The CNAME can’t share the same name as another record type for a single domain.
You can't have multiple CNAME records with the same name in the same domain.

Valid CNAME record examples:

ftp.example.com 900 IN CNAME example.com
sftp.example.com 900 IN CNAME example.com

How CNAME records work

A CNAME is an alias. It allows one domain to point to another domain which, if you follow the CNAME chain, eventually resolves to an A record and IP address. Pointing a CNAME record to another CNAME record is inefficient (but possible) because it requires multiple DNS lookups before the domain can be loaded, negatively impacting the speed of the user experience.

Each resource record in the CNAME chain is considered as a separate DNS query, which slows down the resolution time.

For example, use CNAME records to point ftp.example.com and sftp.example.com to the DNS entry for example.com, which in turn has an A record that points to the IP address:

ftp.example.com CNAME example.com
example.com A 10.1.1.10

“Chained”

** **

mikeinnyc · January 10, 2023, 1:59am

CNAME Flattening

The above video may help if you manage outside clients’ CNAMES.
Not In my specific case so I just created
A Records directly after all and cut to the chase!
Created some test HAProxy backends with the correct local ips and viola bam!!!
LOADS FAST BABY from an outside private browser.

|*.EXAMPLE.COM.|300|IN|A|98.113.XX.XX|
|EXAMPLE.COM.|300|IN|A|98.113.XX.XX|
|srv101.EXAMPLE.COM.|300|IN|A|98.113.XX.XX|
|srv102.EXAMPLE.COM.|300|IN|A|98.113.XX.XX|
|srv103.EXAMPLE.COM.|300|IN|A|98.113.XX.XX|
|srv104.EXAMPLE.COM.|300|IN|A|98.113.XX.XX|
|srv105.EXAMPLE.COM.|300|IN|A|98.113.XX.XX|
|srv106.EXAMPLE.COM.|300|IN|A|98.113.XX.XX|

|srv191.EXAMPLE.COM.|300|IN|A|98.113.XX.XX|
|srv192.EXAMPLE.COM.|300|IN|A|98.113.XX.XX|
|srv193.EXAMPLE.COM.|300|IN|A|98.113.XX.XX|
|srv194.EXAMPLE.COM.|300|IN|A|98.113.XX.XX|
|srv195.EXAMPLE.COM.|300|IN|A|98.113.XX.XX|
|srv196.EXAMPLE.COM.|300|IN|A|98.113.XX.XX|
|srv197.EXAMPLE.COM.|300|IN|A|98.113.XX.XX|
|srv198.EXAMPLE.COM.|300|IN|A|98.113.XX.XX|
|srv199.EXAMPLE.COM.|300|IN|A|98.113.XX.XX|
|srv200.EXAMPLE.COM.|300|IN|A|98.113.XX.XX|
|EXAMPLE.COM.|300|IN|ALIAS|www.EXAMPLE.COM.|
|EXAMPLE.COM.|300|IN|NS|ns3.epik.com.|
|EXAMPLE.COM.|300|IN|NS|ns4.epik.com.|

By the way I also manage multiple domains with Google Domains and they do not have CNAME Flattening plus there is no way to bulk update domains. What a PITA. I was able to use EPIK for a test domain and I can simply upload my dns info and create 200 A records in 2 minutes!

This works for me. Now I can add another IP A record for Dual WAN connection hopefully.