CNAMEs are NOT Evil!
It seems to be another universally accepted truth that CNAMEs are evil. It also seems to be something else I've discovered I disagree with. Having just been saved a mass of effort thanks to CNAMEs I have to say CNAMEs are nothing but a handy tool available to DNS administrators.
My task is to migrate a webserver from a box in one data-centre to another box in a different data-centre. Speed is of the essence as there is a network outage planned over the weekend. Transferring data is not hard, a copy of rsync and some time is all that's needed. Configuring the new Apache is easy enough too, even if the migration is from Apache/1.3.23 to Apache/2.0.50. But with 654 virtual servers configured, updating DNS is likely to be a right pain.
Just to get these relevant Resource Records changed looks tricky. Of the 654 domains which correspond to the virtual servers, 5 are lame, 171 no longer exist, 356 are on a nameserver I administer, the remainder are spread out over 45 different nameservers. As each one of these is a different customer of a customer that's 122 major headaches... I'm also a conservative techie. So I like to plan for the worst. Hence I'd really like to be able to change things back quickly should things go wrong. So the first thing to do is to set the Time To Live on the current RR to 1 hour, then... Bah, the whole thing suddenly seems too horrible to contemplate.
However my investigations revealed that mostly the relevant RRs have been setup with CNAMEs, and I have control of the canonical name. So suddenly I have just 7 headaches which I'll happily throw back to Mr Customer.
Handy they may be, but CNAMEs should not be used lightly. The scope to break things is huge. In a previous job seeing a CNAME and OTHER data error was far too common - and virtually impossible to explain how to avoid them to non-combatants. So even though I don't think CNAMEs are evil, I think I'll happily keep telling people they are...