What is CNAME Record?
Also known as: Canonical Name Record
A DNS record that maps an alias hostname to the true or canonical hostname, allowing multiple names to resolve to the same IP address without duplicating A or AAAA records.
A CNAME record, or Canonical Name record, is a type of resource record in the Domain Name System (DNS) that maps one hostname (an alias) to another hostname (the canonical name). When a DNS resolver encounters a CNAME record, it does not return an IP address directly. Instead, it follows the chain by performing a new query for the target canonical name. This process repeats until the resolver reaches an A or AAAA record containing the actual IP address, or until a loop or error condition is detected.
CNAME records are widely used to simplify DNS administration. For example, www.example.com can be a CNAME pointing to example.com. If the IP address of example.com changes, only the A or AAAA record needs to be updated; all aliases automatically follow. CNAME records also support content delivery networks (CDNs) and cloud services, where a customer's custom hostname is aliased to a provider's canonical hostname, which then resolves to multiple IP addresses for load balancing and geographic distribution.
CNAME records have two critical restrictions under the DNS standards (RFC 1034 and RFC 2181). First, a CNAME record cannot coexist with any other record type for the same owner name. If a CNAME exists at a node, that node must contain no other resource records. Second, a CNAME record must always point to another domain name, never directly to an IP address. The root of a zone (the naked domain) is also prohibited from being a CNAME, because NS, SOA, and other zone records must exist there. For such cases, modern DNS providers use ALIAS or ANAME records to achieve similar aliasing at the zone apex.
Key facts
- CNAME stands for Canonical Name, defined in RFC 1034 and RFC 2181.
- A CNAME record aliases one hostname to another, not directly to an IP address.
- CNAME records cannot coexist with other record types at the same owner name.
- Zone apex (e.g., example.com) cannot use a CNAME; must use A/AAAA or ALIAS record instead.
- Multiple CNAME chain hops increase resolution time and may be limited by recursive resolvers.
How it works in practice
Related terms
References
More in DNS
A Record
A DNS resource record that maps a hostname to a 32-bit IPv4 address. It is the most fundamental record type for translating domain names to numeric addresses on the Internet.
AAAA Record
A DNS resource record that maps a hostname to a 128-bit IPv6 address, analogous to the A record for IPv4.
Authoritative DNS
An authoritative DNS server holds the definitive resource records for a specific domain and responds to queries with the final answer for that zone, not a cached copy.
CAA Record
A CAA (Certification Authority Authorization) DNS record lets domain owners specify which certificate authorities are permitted to issue SSL/TLS certificates for their domain.
DNS
The Domain Name System (DNS) is a hierarchical, distributed naming system that translates human-readable domain names (like example.com) into IP addresses and other resource records used by internet protocols.
DNS Anycast
DNS Anycast uses one IP address served from multiple geographically distributed nameservers; queries are routed to the nearest or healthiest node, improving resilience and reducing latency.
DNS Caching
DNS caching stores resolved domain name query results for the specified TTL duration to avoid repeated queries to upstream authoritative servers.
DNS Hijacking
DNS hijacking is an attack or misconfiguration that returns forged DNS responses, causing users to connect to attacker-controlled hosts instead of the intended server.
DNSSEC
DNSSEC (DNS Security Extensions) add cryptographic digital signatures to DNS records, enabling resolvers to verify that responses have not been tampered with or spoofed.
DoH
DNS over HTTPS (DoH) encrypts DNS queries and responses inside HTTPS traffic, preventing on-path observers from seeing or tampering with DNS lookups.