Every time we make changes to our backend that requires changes to our clients DNS setup, we have to go through a lengthy process with emails, phone calls, email reminders, and so one in order to get each one to implement necessary changes.
In order to simplify this once and for all I've done the following: I've set up a Google Cloud project with a Cloud DNS zone for dns.ourdomain.com
This way I can instruct our clients to set up:
www.client.com CNAME client.dns.ourdomain.com
And in the Cloud DNS console we add:
client.dns.ourdomain.com CNAME client.backendserver.com
Now in the future if we need to do changes we can do it all in one bulk operation without ever involving the clients.
I have tested this setup and it's working just fine, but there seems to be a consensus that this is bad practice. If any, what are the potential pitfalls?
The only drawback is that it makes lookups take longer, since the resolver doing the lookup needs to look up an extra name. Since, on a bad connection, a single lookup can take several seconds, this may be noticeable to the end user. So if it's a problem worth caring about depends a lot on your specific circumstances.
If you want an argument that it isn't that bad in practice, have a close look at the lookup chain for
www.microsoft.com
.