What is a DNS CNAME record?

The DNS CNAME record works as an alias for domain names that share a single IP address.

Learning Objectives

After reading this article you will be able to:

  • Understand how CNAME records work in the context of a domain lookup
  • Understand the relationship between CNAME records and A records

Related Content


Want to keep learning?

Subscribe to theNET, Cloudflare's monthly recap of the Internet's most popular insights!

Refer to Cloudflare's Privacy Policy to learn how we collect and process your personal data.

Copy article link

What is a DNS CNAME record?

A "canonical name" (CNAME) record points from an alias domain to a "canonical" domain. A CNAME record is used in lieu of an A record, when a domain or subdomain is an alias of another domain. All CNAME records must point to a domain, never to an IP address. Imagine a scavenger hunt where each clue points to another clue, and the final clue points to the treasure. A domain with a CNAME record is like a clue that can point you to another clue (another domain with a CNAME record) or to the treasure (a domain with an A record).

For example, suppose blog.example.com has a CNAME record with a value of "example.com" (without the "blog"). This means when a DNS server hits the DNS records for blog.example.com, it actually triggers another DNS lookup to example.com, returning example.com’s IP address via its A record. In this case we would say that example.com is the canonical name (or true name) of blog.example.com.

Oftentimes, when sites have subdomains such as blog.example.com or shop.example.com, those subdomains will have CNAME records that point to a root domain (example.com). This way if the IP address of the host changes, only the DNS A record for the root domain needs to be updated and all the CNAME records will follow along with whatever changes are made to the root.

A frequent misconception is that a CNAME record must always resolve to the same website as the domain it points to, but this is not the case. The CNAME record only points the client to the same IP address as the root domain. Once the client hits that IP address, the web server will still handle the URL accordingly. So for instance, blog.example.com might have a CNAME that points to example.com, directing the client to example.com’s IP address. But when the client actually connects to that IP address, the web server will look at the URL, see that it is blog.example.com, and deliver the blog page rather than the home page.

Example of a CNAME record:

blog.example.com record type: value: TTL
@ CNAME is an alias of example.com 32600

In this example you can see that blog.example.com points to example.com, and assuming it is based on our example A record we know that it will eventually resolve to the IP address 192.0.2.1.

Report
2023 GigaOm Radar for DNS Security
Report
Read the Q4 2023 DDoS Threat Landscape Report

Can a CNAME record point to another CNAME record?

Pointing a CNAME record to another CNAME record is inefficient because it requires multiple DNS lookups before the domain can be loaded — which slows down the user experience — but it is possible. For example, blog.example.com could have a CNAME record that pointed to www.example.com's CNAME record, which then pointed to example.com's A record.

CNAME for blog.example.com:

blog.example.com record type: value: TTL
@ CNAME is an alias of www.example.com 32600

Which points to a CNAME for www.example.com:

www.example.com record type: value: TTL
@ CNAME is an alias of example.com 32600

This configuration adds an extra step to the DNS lookup process and should be avoided if possible. Instead, the CNAME records for both blog.example.com and www.example.com should point directly to example.com.

Fast & Secure DNS
Free DNS included with any Cloudflare plan

What restrictions are there on using CNAME records?

No duplicate names

No other DNS records can have the same name as any given CNAME record. What this means in practice is that other types of DNS records, like MX, TXT, A, or SOA, cannot be labeled with an alias for a domain. There also cannot be any other CNAME records with the same name.

If there is a CNAME on "blog.example.com" pointing to "example.com," there cannot be any other types of records on "blog.example.com" — they all have to be under "example.com."

Suppose Sam writes articles under the pseudonym "Mark." His legal documents, such as his birth certificate and passport, will still be under his real name, Sam, even though Mark and Sam are the same person. DNS records are similar: the alias domain can only point to the actual domain, and the "legal documents" (the other DNS records) have to be under that real domain.

There is one exception — and that is in the case of CNAME flattening, when a CNAME acts like an A/AAAA record. In fact, all proxied CNAME records behave this way. However, other records are still not permitted on the same name as a flattened CNAME record. Learn more about CNAME flattening.

MX and NS records

MX and NS records cannot point to a CNAME record; they have to point to an A record (for IPv4) or an AAAA record (for IPv6). An MX record is a mail exchange record that directs email to a mail server. An NS record is a "name server" record and indicates which DNS server is authoritative for that domain.

When are CNAME records returned for non-CNAME queries?

As stated above, domains are not allowed, per DNS specifications, to have other DNS records on a name that already has a CNAME record.

For this reason, a query for another type of record, such as a TXT record, that uses the alias instead of the domain's true name will return a CNAME record instead of the requested record. The requester then needs to query the domain that the CNAME points to in order to get the desired record.

If Alice wants to view the TXT records for blog.example.com and sends a query for them, she will get the CNAME record back instead of the TXT record. She then needs to send a DNS query to the target of the CNAME record asking for the TXT record and will get a response if the target has a TXT record. This would be the case for other types of DNS record queries as well.

Learn more about TXT records.