How does CNAME record work?
CNAME record (Canonical Name Record) is another commonly used type of DNS entry and is used to maps an alias name to a true or canonical domain name. When a DNS resolver encounters a CNAME record, the DNS lookup will continue by retrying the lookup with true or canonical domain name.
One thing that CNAME records are commonly used for is to direct a part of your website to a site set up elsewhere, such as an eCommerce shop or something similar. CNAME records also allow you to point multiple systems to one IP without specifically assigning an A record to each hostname. If that IP were ever to change, you would only have to update one A record.
CNAME record format
A typical CNAME record looks like the following in standard BIND format:
$ORIGIN example.com.
shop 3600 IN CNAME myshop.com.
clientarea 86400 IN CNAME clientinterface.com.
An anatomy of the CNAME Record
shop 3600 IN CNAME myshop.com.
looks like the below:
Host Label | TTL | Record Class | Record Type | Canonical Name |
---|---|---|---|---|
shop.example.com. | 3600 | IN | CNAME | myshop.com. |
It defines the hostname of a record and whether the hostname will be appended to the label. Fully qualified hostnames terminated by a period will not append the origin.
TTL
The time-to-live in seconds. This is the amount of time the record is allowed to be cached by an outside DNS server.
Record Class
Mainly 3 classes of DNS records exist:
- IN (Internet) – default and generally what internet uses.
- CH (Chaosnet) – used for querying DNS server versions.
- HS (Hesiod) – uses DNS functionality to provide access to databases of information that change infrequently.
The record format is defined using this field. Common record types are A, AAAA, CNAME, CAA, TXT etc. In the case of a CNAME record, the record type is CNAME.
Canonical Name
Canonical name or true name. This parameter should be a Fully Qualified Domain Name (FQDN), never an IP address.
CNAME record restrictions
Alias V.S. Canonical Name
In the example above, we pointed a name shop.example.com to myshop.com. shop.example.com is the alias. The canonical (true) name is myshop.com. Because CNAME stands for Canonical Name, the right-hand side is the actual "CNAME".
CNAME alias cannot have other resource records
An alias defined in a CNAME record must have no other resource records of other types (MX, A, etc.). (RFC 1034 section 3.6.2, RFC 1912 section 2.4)
The exception is when DNSSEC is being used, in which case there can be DNSSEC related records such as RRSIG, NSEC, etc. (RFC 2181 section 10.1)
A root domain cannot have a CNAME record
A root domain name like example.com cannot have a CNAME record. RFC 1912 and RFC 2181 set out that SOA and NS records are mandatory to be present at the root domain; CNAME records can only exist as single records and can not be combined with any other resource record (DNSSEC SIG, NXT, and KEY RR records excepted). This excludes a CNAME being used on the root domain, as the two rules would contradict each other.
MX and NS records cannot point to CNAME alias
A zone must not contain configurations like the below:
example.com. IN 3600 MX 10 mx.example.com.
mx.example.com. IN 3600 CNAME anothername.example.com.
anothername.example.com. IN 3600 A 192.0.2.1
How to add a CNAME record?
For instructions on how to add an MX record with us, you may refer to the tutorial here.
CNAME record glossary
CNAME
A CNAME record allows the webmaster to point a hostname to another domain name or subdomain. When a name server looks up a name and finds a CNAME record, it replaces the name with the canonical name and looks up the new name. This allows webmasters to point multiple systems to one IP without specifying an A record for each hostname.
DNSSEC
DNSSEC DNSSEC stands for Domain Name System Security Extensions and is a means of securing the authenticity of the DNS response. DNS security is compromised by the prevalance of cache poisoning for phishing, so DNSSEC is a way to authenticate the DNS response.
BIND
Berkeley Internet Name Daemon - is the most commonly used DNS software on the Internet and Dynu observes BIND format.
SOA Record
Start of Authority Record. It is the first record in every zone file and contains information including serial number, refresh, retry, expire and TTL and how nameservers get the zone file information.
NS Record
Name Server records identify the DNS servers responsible (authoritative) for a zone.