What is a CNAME record in DNS

Sarath Pillai's picture
Cname record in DNS

When a user is visiting a web page with the help of his web browser, there are multiple steps performed by the user's computer before finally presenting it to the user.

One of the main critical and highly used infrastructure in the internet is the DNS infrastructure. DNS infrastructure is maintained in a distributed architecture, which means there is no single point of failure. The primary purpose of DNS is to convert names(Domain names) into number's (IP address).

Read: How does DNS work

Read: Difference between iterative and recursive DNS query

In this post we will be discussing a widely used RR (Resource Record) called CNAME records. A Resource record in DNS is nothing but a entry in the DNS zone file which specifies the value of a particular object.

Some of the widely used Resource Record are mentioned below.

  • A Record: This is the main record in DNS for any domain. An A record an IP address pointing to a name.
  • MX Record (Mail Exchanger Record): The primary purpose behind MX records is to find the server responsible for processing mails send to the domain.
  • PTR Records: This record does the reverse job of mapping IP address to hostname.

 Lets understand what is a CNAME record in DNS. CNAME stands for Canonical Name Record. Canonical names in DNS is another way of telling a preferred name of the domain.

Lets see such a CNAME record entry in DNS and understand how it works.

NAME                    RR       VALUE
--------------------------------------------------
xyz.yourdomain.com     CNAME     abc.yourdomain.com
abc.yourdomain.com     A         172.16.142.34

 

In the above shown example CNAME entry, if you want to reach "xyz.yourdomain.com", your computer's DNS resolver will first fire an address lookup for "xyz.yourdomain.com", and on finding the CNAME record of "abc.yourdomainc.com", your resolver will again fire an address lookup for "abc.yourdomain.com".

So an important fact to note here is that there are two separate and independent DNS lookups performed by the resolver to find the the A record.

There are some points that must be kept in mind to remove the confusion regarding CNAME records.

  • The primary purpose of a CNAME record is to provide a canonical record to an alias name.
  • The entry at the left hand side is an Alias for the Resource Record mentioned in the Right hand side(Which is Canonical name)
  • Only one canonical Name must be there for one Alias name
  • CNAME record can point to any valid name in the DNS.

CNAME records can once again point to another CNAME record, although this must be avoided, but will work if properly configured. One such live example i saw was "www.yahoo.com". See the dig lookup output shown below from my Virtual Machine.

 

[root@myvm1 ~]# dig www.yahoo.com

; <<>> DiG 9.3.4-P1 <<>> www.yahoo.com
;; global options:  printcmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 11969
;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 8, ADDITIONAL: 8

;; QUESTION SECTION:
;www.yahoo.com.                 IN      A

;; ANSWER SECTION:
www.yahoo.com.          5       IN      CNAME   fd-fp3.wg1.b.yahoo.com.
fd-fp3.wg1.b.yahoo.com. 5       IN      CNAME   ds-fp3.wg1.b.yahoo.com.
ds-fp3.wg1.b.yahoo.com. 5       IN      CNAME   ds-sg-fp3-lfb.wg1.b.yahoo.com.
ds-sg-fp3-lfb.wg1.b.yahoo.com. 5 IN     CNAME   ds-sg-fp3.wg1.b.yahoo.com.
ds-sg-fp3.wg1.b.yahoo.com. 5    IN      A       106.10.170.118

So if you see the above example of CNAME records of www.yahoo.com (note the fact that its www.yahoo.com not yahoo.com), you can see that one CNAME record is pointed to another CNAME record, which again is pointing to another CNAME record.

So if you want to reach www.yahoo.com your DNS resolver will have to fire 5 seperate dns lookups. Because the first lookup will direct you to fd-fp3.wg1.b.yahoo.com which will again direct you to ds-fp3.wg1.b.yahoo.com, this will go on till you reach ds-sg-fp3.wg1.b.yahoo.com which has an A record.

Such an example of pointing a CNAME to yet another CNAME is not at all advisable, because of the performance overhead and also it might cause DNS loops if not properly configured. If you want to see a CNAME loop that never comes out, see the below example entry.

 

xyz.yourdomain.com  CNAME  abc.yourdomain.com
abc.yourdomain.com  CNAME  xyz.yourdomain.com

The above shown example will cause the DNS lookup to be in never ending loop. So extra care must be taken while pointing a CNAME record to another CNAME record.

 

Mostly CNAME records are used for providing access to different services to one server with one IP address. For example if you have one IP address 172.16.143.23 for your server

 

NAME                    RR       VALUE
--------------------------------------------------
yourdomain.com         A         172.16.143.23
www.yourdomain.com     CNAME     yourdomain.com
ftp.yourdomain.com     CNAME     yourdomain.com
mail.yourdomain.com    CNAME     yourdomain.com

 

Above shown is the correct way of using CNAME record. An important fact to note is that the end user will not be aware of the multiple DNS lookups performed by the resolver on finding a CNAME. To understand this lets take the example of www.yahoo.com previously shown.

So if you try to reach www.yahoo.com it will do 5 separate DNS query to resolve the final IP address, and the reply you get will always be from the name you have used to query.

so even if you put "ds-sg-fp3.wg1.b.yahoo.com."(the final name with an A record) in the address bar of your browser or you put any CNAME in between, you will be shown the same page without an HTTP redirection.

The reason i am describing this fact is to make it clear that an HTTP redirection is totally different from a CNAME redirection. An http redirection works by configuring your http web server with a 301 redirect, but a CNAME record is only used to add an alias to a original name in the right hand side, which intern will be having an A record to it(IP address).

So its the job of the web server to redirect based on the url the user has requested. And its the job of the CNAME record to make the user reach the exact IP address with the name they have queried.

CDN(content delivery network ) service providers also makes use of CNAME records these days by adding a CNAME entry for your preferred domain name to a name with an A record of their service IP addresses.

However being said all these, the purpose of adding a CNAME can also be achieved by adding the same ip address as an A record for your required domain names as shown below.

 

NAME                    RR       VALUE
--------------------------------------------------
yourdomain.com         A         172.16.143.23
www.yourdomain.com     A         172.16.143.23
ftp.yourdomain.com     A         172.16.143.23
mail.yourdomain.com    A         172.16.143.23

I will prefer the above method, than adding a CNAME record of yourdomain.com to all other names, because the above will reduce the performance overhead involved in multiple DNS queries.

But CNAME is very useful if you want to point a name to an external domain name, so for example

 

; zone fragment for example.com
$TTL 2d ; zone default = 2 days or 172800 seconds
$ORIGIN yourdomain.com
....
www        IN      A      172.16.143.23
; CNAME used to map ftp service to an external host
ftp        IN      CNAME  ftp.yourdomain.in.

Above shown is a sample zone file entry for yourdomain.com. In the above case i have pointed ftp.yourdomain.com to another domain ftp.yourdomain.in.

Rate this article: 
Average: 2.2 (134 votes)

Comments

This a well written and concise article. Thanks for explaining this in detail for those of us who are DNS newbies.

Sarath Pillai's picture

Hi Nina,

Thanks for your comment and welcome to slashroot..

Regards

Very clear description, thnks

Keep up the good work with articles such as this. Helps to educate the world which is rapidly changing.

How to create cname record and what is the command to create cname in ubuntu_14 version.Please guide me.

Add new comment

Plain text

  • No HTML tags allowed.
  • Web page addresses and e-mail addresses turn into links automatically.
  • Lines and paragraphs break automatically.
CAPTCHA
This question is for testing whether or not you are a human visitor and to prevent automated spam submissions.