Quoting Michael Paoli (Michael.Paoli@cal.berkeley.edu):
DNS ... CNAME records ... to CNAMES? How long a chain? Loops? ...
Or: Just don't.
Over a very large number of years of doing authoritive DNS, including for some large Internet concerns, I eventually came up with a guideline: Use a CNAME _only_ when an A (and/or AAAA) record cannot do the job -- and that basically means a cross-domain name reference.
All other uses of CNAME create risk of errors, one or more of:
1. CNAME breaks because you renamed the thing it used to point to, but forgot to update the CNAME record. (In fairness, this is also a risk with cross-domain name references, but nothing fixes that.) This error mode is analogous to the "dangling symlink" problem that teaches all sysadmins "don't use a symlink unless a hard link cannot do the job".
2. You absent-mindedly pointed one of the record types at the CNAME for which that reference is invalid (MX, NS), and had puzzling problems until you figured that out.
Both of these failure-modes go away automatically if you use, instead, A or AAAA records pointing directly to the IP in question.
There is a standard objection one hears _every_ time this is discussed, so I'll quote it and point out why it is dumb. "But, if I do that, then any time I re-IP the underlying host, I'll need to change all the A or AAAA records to match, whereas if n-1 of the records are symlinks, I need update only _one_ record."
That is true, but dumb -- because a single sed statement can change n lines citing an IP exactly as easily as it can one.
And, believe me, you really need to learn to use scripted editing to do DNS maintenance, anyway. It not only prevents most errors, but makes any you commit much easier to find. Also, it makes rollback trivial and fast, no matter how many lines are affected.
Version B of the dumb objection is: "But, because the zone is built out of multiple include files, I'd need to make any IP change in a bunch of separate files, whereas if n-1 of the records are symlinks, I need update only _one_ record."
That is true, but dumb -- because a single one-liner with find, exec, and sed can change n lines citing an IP across a group of include files exactly as easily as it can one.
Let's see, do I follow my own rule?
:r! grep CNAME /etc/bind/linuxmafia.com.zone [censored] IN CNAME gv-[censored].dv.googlehosted.com.
Yep. That's the a record you can voluntarily add to your domain if you want to use some of Google's services and let Google verify that the domain is yours, like Google's webmaster tools. https://webmasters.stackexchange.com/questions/54527/why-is-googlehosted-com... (now called Google Search Console, https://search.google.com/search-console/about )
Everything else in linuxmafia.com that _most_ people would use CNAMEs for, I use A records -- because that works and makes the possibility of whole classes of problem go away.