ANAME v/s Actual CNAME

gulshan · June 25, 2020, 9:24am

If a CDN IP changes as per region,

Go for www (Actual CNAME)
Go for non-www (ANAME)

0 voters

I’d recommend going with www. Here’s why

At the moment of writing, I use BunnyCDN.

frans · June 25, 2020, 7:33pm

Re ANAME, for a case like this, the key is in the EDNS Client Subnet from your authoritative DNS. Meaning that authoritative DNS needs to resolve IP(s) from a specified CNAME first, then we get answers from authoritative DNS, not the CNAME’s DNS. Answers you received are as far as authoritative DNS POPs. ANAME is a CNAME proxy to get A and AAAA. FQDN -> IP addresses.

It’s hard to define ANAME done wrong if we don’t see the current setup of our own DNS. Authoritative DNS must support EDNS client subnet for more geo-accurate query routing.

Some I can suggest in the case of using ANAME:

Use ANAME when you know CNAME is anycast IP(s).
Use ANAME when you know your authoritative DNS has enabled Client Subnet.
Use ANAME when you want to increase the TTL to get benefits of faster DNS resolving and also saving the DNS server bandwidth.

Nowadays I often use anycast IPs so I will choose ANAME

leonstafford · June 25, 2020, 8:14pm

@frans this goes over my head a bit. Can I ask as lay person:

ANAME will allow apex domain to fully use CDN, but only if they support it with their internal DNS setup?

re these:

Use ANAME when you know CNAME is anycast IP(s).
Use ANAME when you know your authoritative DNS has enabled Client Subnet.

how can we confirm for a CDN provider?

gulshan · June 25, 2020, 8:30pm

I am using BunnyCDN. They do not provide own NS like or any particular Static IP. I am on the mercy of CNAME Flattening done by Cloudflare.

The above problem doesn’t happen with all ISPs but with some ISPS. I highly doubt if those support EDNS.

frans · June 25, 2020, 8:36pm

ANAME on Apex works with CDNs, if we use authoritative DNS that support for EDNS. Doesnt matter how CDN’s internal DNS works.

For example I use Cloudflare DNS for example.com (apex), then point to Bunny (example.b-cdn.net). Since Cloudflare supports EDNS, the IP results should be accurate.

frans · June 25, 2020, 8:37pm

Checked your NS, Cloudflare? Maybe when you did the test, you got Korean POP?

gulshan · June 25, 2020, 8:40pm

Exactly. I am using CF NS. That time at other ISP airtel, routing was fine but at Jio it was going off.

frans · June 25, 2020, 8:42pm

Ah make sense, I checked from here. Re your domain. Apex looks good. Maybe I got nearest Cloudflare POP.

gulshan · June 26, 2020, 8:20am

How reliable is Cloudflare CNAME Flattening for BunnyCDN?

Let’s find out

Step 1. Which Public DNS Resolver do you use?

It should not be Google/Cloudflare My problem of off-routing is limited to local ISP DNS.

Step 2. Lookup IP for gulshankumar.net

Linux/Mac Terminal

dig gulshankumar.net

Windows CMD

ping gulshankumar.net

Android App:

Thanks in advanced for helping in debugging.

leonstafford · June 27, 2020, 8:26pm

x230$ dig gulshankumar.net

; <<>> dig 9.10.8-P1 <<>> gulshankumar.net
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 13378
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;gulshankumar.net.              IN      A

;; ANSWER SECTION:
gulshankumar.net.       35      IN      A       185.190.83.2

;; Query time: 170 msec
;; SERVER: 10.1.1.1#53(10.1.1.1)
;; WHEN: Sun Jun 28 05:54:56 ACST 2020
;; MSG SIZE  rcvd: 61

x230$ ping gulshankumar.net
PING gulshankumar.net (185.190.83.2): 56 data bytes
64 bytes from 185.190.83.2: icmp_seq=0 ttl=58 time=17.151 ms
64 bytes from 185.190.83.2: icmp_seq=1 ttl=58 time=16.641 ms
64 bytes from 185.190.83.2: icmp_seq=2 ttl=58 time=16.765 ms
64 bytes from 185.190.83.2: icmp_seq=3 ttl=58 time=17.404 ms
64 bytes from 185.190.83.2: icmp_seq=4 ttl=58 time=16.801 ms
64 bytes from 185.190.83.2: icmp_seq=5 ttl=58 time=16.826 ms
64 bytes from 185.190.83.2: icmp_seq=6 ttl=58 time=16.643 ms
64 bytes from 185.190.83.2: icmp_seq=7 ttl=58 time=17.198 ms
64 bytes from 185.190.83.2: icmp_seq=8 ttl=58 time=16.563 ms
64 bytes from 185.190.83.2: icmp_seq=9 ttl=58 time=16.416 ms
64 bytes from 185.190.83.2: icmp_seq=10 ttl=58 time=15.870 ms
64 bytes from 185.190.83.2: icmp_seq=11 ttl=58 time=16.428 ms
64 bytes from 185.190.83.2: icmp_seq=12 ttl=58 time=16.827 ms
64 bytes from 185.190.83.2: icmp_seq=13 ttl=58 time=16.534 ms

That’s from some Aus ISP, thanks to my neighbour’s donated wifi

gulshan · June 28, 2020, 6:19pm

I tested in multiple mobile devices with Jio SIM, all were facing off-routing.

Therefore, I have decided to stick with www for the most reliable experience.

Thanks everyone for testing.