A Canonical Name record (abbreviated as CNAME record) is a type of resource record in the Domain Name System (DNS) used to specify that a domain name is an alias for another domain, the “canonical” domain. All information, including subdomains, IP addresses, etc., are defined by the canonical domain.
This can prove convenient when running multiple services (like an FTP server and a webserver; each running on different ports) from a single IP address. One can, for example, point ftp.example.com and www.example.com to the DNS A record for example.com, which in turn points to the IP-address. Then, if the IP-address ever changes, one only has to record the change in one place within the network: in the DNS A record.
CNAME records must always point to another domain name, never directly to an IP-address.
CNAME records are handled specially in the domain name system, and have several restrictions on their use. When a DNS resolver encounters a CNAME record while looking for a regular resource record, it will restart the query using the canonical name instead of the original name. (If the resolver is specifically told to look for CNAME records, the canonical name (right-hand side) is returned, rather than restarting the query.) The canonical name that a CNAME record points to can be anywhere in the DNS, whether local or on a remote server in a different DNS zone.
For example, if there is a DNS zone as follows:
NAME TYPE VALUE
————————————————–
bar.example.com. CNAME foo.example.com.
foo.example.com. A 192.0.2.23
When an A record lookup for bar.example.com is done, the resolver will see a CNAME record and restart the checking at foo.example.com and will then return 192.0.2.23.
Which side is the “CNAME”?
As mentioned above, with a CNAME record one can point a name such as “bar.example.com” to “foo.example.com.” Because of this, during casual discussion the “bar.example.com.” (left-hand) side of a DNS entry will often be called “the CNAME” or “a CNAME.” However, this is inaccurate. The canonical (true) name of “bar.example.com.” is “foo.example.com.” Because CNAME stands for Canonical Name, the right-hand side is the actual “CNAME.”
“Clarifications to the DNS Specification.” The left-hand label is an alias for the right-hand side (the RDATA portion), which is (or should be) a canonical name. In other words, a CNAME record like this:
bar.example.com. CNAME foo.example.com.
may be read as:
bar.example.com is an alias for the canonical name (CNAME) foo.example.com. A client will request bar.example.com and the answer will be foo.example.com.
Restrictions
- CNAME records must always be pointed to another domain name, never to an IP-address.
- An alias defined in a CNAME record must have no other resource records of other types (MX, A, etc.). (RFC 1034 section 3.6.2, RFC 1912 section 2.4) The exception is when DNSSEC is being used, in which case there can be DNSSEC related records such as RRSIG, NSEC, etc. (RFC 2181 section 10.1)
- CNAME records that point to other CNAME records should be avoided due to their lack of efficiency, but are not an error. It is possible, then, to create unresolvable loops with CNAME records, as in:
foo.example.com. CNAME bar.example.com. bar.example.com. CNAME foo.example.com.
- MX and NS records must never point to a CNAME alias (RFC 2181 section 10.3). So, for example, a zone must not contain constructs such as:
example.com. MX 0 foo.example.com. foo.example.com. CNAME host.example.com. host.example.com. A 192.0.2.1
- Domains that are used for e-mail may not have a CNAME record.In practice this may work, but can have different behavior with different mail servers, and can have undesired effects.
