Our company develops a web application that other companies can license. Typically, our application runs on:
And a client’s version of the application is run on:
client.company.example
Usually, a client runs their own site at:
Sometimes, clients request to have their version of the application available from:
application.client.example
This kind of setup is often seen with blogs (WordPress, Blogger, Kickapps).
Technically, achieving this “DNS Masking” with a CNAME/A Record and some application configuration is straightforward. I’ve thought out some potential issues related to this, however, and wonder if you can think of any others that I’ve missed:
1) Traffic statistics (as measured by external providers, e.g., compete.com) will be lower since the traffic for company.example won’t include that of application.client.example. (Local stats would not be affected, of course)
2) Potential cookie disclosure from application.client.example to company.example. If the client is setting cookies at .client.example, those cookies could be read by the company.example server.
3) Email Spoofing. Email could be sent from company.example with the domain application.client.example, possibly causing problems with spam blacklisting due to incompatible SPF records.
Thanks for any thoughts on this.
CNAME has been widely used for so long, especially by hosting companies. There are no major issues.
The biggest problem for us is when you have to use HTTPS. It’s very difficult to support multiple CNAMEs on the same server. We use aliases in certificate (SAN extension). We have to get a new cert every time a new CNAME is added in DNS. Other than that, everything works great for us.
As to the issues you mentioned,