#NFS 4.0/4.1/4.2 access via DNS CNAME - any issues?

Are there any issues or considerations to accessing exports via NFSv4.0/.1/.2 via CNAME? (ONTAP 9.14.1P8)

CNAME is DNS. It hast nothing to do with NFS, it is just for resolving host names to IP addresses. It is only important if you use kerberized NFS, because the tickets contain the SPN which includes the hostname

Thanks it was the Kerberos side of things I was thinking about

If we access via a CNAME and want to enable kerberos for NFS then we'll require an additional SPN on the computer object, is that right?

Yeah, exactly

TR 4616 is your friend: https://www.netapp.com/media/19384-tr-4616.pdf

@upper prism
I am curious to know why you would use NFSv4/Kerberos? I know there are some improvements over NFSv3/Kerberos, but are those really you need for? If you don't mind to share.

I am asking because NFSv4 is a staeful protocol, and may cause service interruptions during takeover/failback or during mainteanance, same as CIFS share, along with other difficulties in maintaining.

Thanks I didn't know about this TR

The customer is a bank, they like everything to be encrypted. At present they are not using Kerberos on their NFS, in design phase though they have asked me about it. NFSv4 is a requirement for their apps, they need stateful connections. And yes it causes problems and timeouts during Storage failovers but they have to live with that unfortunately.

In the end the customer will not use Kerberos with their NFS for the foreseeable future and we'll use A records for everything. Thank you for your replies, appreciate it.