CNAME Record - DNS Alias

Simplify your DNS with intelligent aliases.

The CNAME (Canonical Name) record creates an alias from one domain name to another. Instead of pointing directly to an IP like an A record, a CNAME points to another domain name that itself resolves to an IP. It's a powerful tool for simplifying DNS management.

CNAMEs are particularly useful for subdomains that need to point to third-party services (CDN, SaaS, hosting) or to centralize IP management. By changing the IP of the canonical domain, all CNAME aliases are automatically updated.

However, CNAMEs have important limitations: they cannot coexist with other records at the same level, and the root domain (apex) cannot have a CNAME. Understanding these rules is essential to avoid configuration errors.

What is a CNAME Record?

CNAME creates an indirection in DNS resolution:

  • Alias to canonical: A CNAME says "this name is an alias for this other name". The DNS resolver follows the chain until finding a final A or AAAA record.
  • Automatic chaining: If www.example.com CNAME example.com, and example.com A 93.184.216.34, then www.example.com ultimately resolves to 93.184.216.34.
  • Exclusivity rule: A name with a CNAME cannot have other records (A, MX, TXT). This is an important limitation to understand.
  • Not for apex: The root domain (example.com without www) cannot have a CNAME because it generally needs other records (SOA, NS, MX).

CNAME Use Cases

CNAMEs are used in many scenarios:

  • Third-party services: Point blog.example.com to example.ghost.io, or shop.example.com to example.myshopify.com. The third-party service manages the IP, you manage the alias.
  • CDN and load balancers: CDNs like Cloudflare or Akamai give you a CNAME to use. They can change underlying IPs without impacting you.
  • SSL validation: Some certificate authorities use CNAMEs for domain validation. You create a CNAME to their validation server.
  • Centralized management: www.example.com CNAME to example.com means only one A record to maintain. Change the IP in one place.

How to Configure a CNAME

Follow these steps to create a CNAME:

  1. Identify the need: Determine which subdomain should be an alias and which canonical domain it should point to. Verify the target has an A record.
  2. Check for conflicts: Make sure there are no other records for this name (A, MX, TXT). Remove them or choose another name.
  3. Create the record: In your DNS manager, add a CNAME record with the alias name and canonical target.
  4. Test resolution: Use dig CNAME alias.example.com then dig alias.example.com to verify the resolution chain works.

CNAME Configuration Examples

Here are common CNAME configurations:

; www as alias for root domain
www.example.com. IN CNAME example.com.

; Subdomain to third-party service
blog.example.com.  IN CNAME example.ghost.io.
shop.example.com.  IN CNAME shops.myshopify.com.
mail.example.com.  IN CNAME ghs.googlehosted.com.

; CDN Cloudflare (example)
cdn.example.com.   IN CNAME example.com.cdn.cloudflare.net.

; SSL certificate validation
_acme-challenge.example.com. IN CNAME example.com.xxxxx.acme.zerossl.com.

; Verification with dig
$ dig www.example.com CNAME +short
example.com.

$ dig www.example.com +short
93.184.216.34

The CNAME points to another domain name (not an IP). Resolution follows the chain until reaching an A record. Note the mandatory trailing dot in zone files.

CNAME Best Practices

Avoid common CNAME pitfalls:

  • Avoid long chains: CNAME to CNAME to CNAME... increases latency and error risk. Limit to one level of CNAME when possible.
  • Don't use for apex: The root domain must use an A record (or ALIAS/ANAME if your DNS supports it). No CNAME at apex.
  • Verify the target: Make sure the target domain exists and has a valid A record. A CNAME to a non-existent target = DNS error.
  • Document dependencies: Note which services use CNAMEs and where they point. Useful during migrations or diagnostics.

CNAME Checklist

  • Verify no other record exists at the same name
  • Verify target exists and resolves correctly
  • Do not use CNAME for root domain
  • Trailing dot added after target name in zone
  • Appropriate TTL defined
  • Resolution chain tested end-to-end

Frequently Asked Questions - CNAME

Why can't I have a CNAME at the apex?

The DNS RFC states that a CNAME cannot coexist with other records. However, the apex always has at least SOA and NS. Some DNS providers offer ALIAS or ANAME as an alternative.

Does CNAME impact performance?

Slightly. A CNAME adds one DNS resolution step. In practice, with DNS caches, the impact is generally negligible (a few milliseconds).

Can I have a CNAME and MX at the same level?

No. If you have a CNAME for a name, you cannot have MX (or A, TXT, etc.) for that same name. This is why CNAMEs are used for subdomains, not the main domain.

What happens if the CNAME target changes IP?

That's the advantage! Your alias follows automatically. If cdn.provider.com changes IP, your cdn.example.com CNAME to them follows without modification on your side.

CNAME vs A: which to choose?

Use A if you directly control the IP and it's stable. Use CNAME if you're pointing to a third-party service or want to centralize IP management.

How to monitor a CNAME with MoniTao?

MoniTao can monitor CNAME records and alert you if the target changes. You can also monitor the final resolution (the IP after following the CNAME chain).

Master DNS Aliases

CNAME records are powerful tools for simplifying your DNS infrastructure. They allow delegating IP management to third-party services and centralizing your configurations. But they have strict rules that must be followed.

Use CNAMEs wisely, document your configurations, and monitor them with MoniTao to detect any unexpected changes in your DNS infrastructure.

Useful Links

Ready to Sleep Soundly?

Start free, no credit card required.

Create My Account See pricing