mail us  |  mail this page

contact us
training  | 
tech stuff  | 

BIND 9 Support

Canonical Name Record (CNAME)

A CNAME record maps a single alias or nickname to the real or Canonical name which may lie outside the current zone. Canonical simply means the expected or real name.

Format

name  ttl  class   rr     canonical name 
www        IN      CNAME  joe.example.com.

The following fragment shows the use of CNAME RRs to map web and ftp services to a single host.

; zone fragment for example.com
$TTL 2d ; zone default = 2 days or 172800 seconds
$ORIGIN example.com.
....
server1    IN      A      192.168.0.3
www        IN      CNAME  server1
ftp        IN      CNAME  server1

CNAME RRs incur performance overheads. The most common DNS query is for an A RR, or an AAAA RR if IPv6 - the end system needs an address which is only defined with these RR types. In the above example if a query for the address of www.example.com is received, two look-up operations are performed on the master or slave server. The first finds www.example.com which finds a CNAME RR. This is followed by a query for server1.example.com to obtain the IP, that is, the CNAME chain is followed to attempt to resolve the request for an IP address. On low volume DNS servers the additional resources used are not significant but on high volume servers the additional load can become non-trivial. The user must make a choice to balance what many see as the convenience of using CNAME RRs against the possible performances degradation involved.

CNAME RRs cannot have any other RRs with the same name, for example, a TXT - well that was true until DNSSEC came along and in this case RRSIG, NSEC and certain KEY RRs can now occupy the same name.

While use of CNAME RRs with NS and MX records is widely implemented and generates a working configuration it is theoretically not permitted (RFC 1034 section 3.6.2) since it can result in lost names. The fragment below illustrates a widely used but technically invalid configuration.

; zone fragment for example.com
$TTL 2d ; zone default = 2 days or 172800 seconds
$ORIGIN example.com.
....
           IN      MX  10  mail.example.com.
mail       IN      CNAME   server1
server1    IN      A      192.168.0.3

In the above configuration when a query is issued for the A RR of mail.example.com the result will return both the mail.example.com CNAME RR and the server1.example.com A RR. When the A RR is used the name associated with the CNAME can be lost, that is, there is a valid MX record referencing the host mail.example.com and an A RR referencing server1.example.com but nothing joins the two records. The fragment below, by re-ordering the RRs, will achieve the same result and allow a valid mapping of the MX name to the A RR name.

; zone fragment for example.com
$TTL 2d ; zone default = 2 days or 172800 seconds
$ORIGIN example.com.
....
           IN      MX  10  mail.example.com.
server1    IN      CNAME   mail
mail       IN      A      192.168.0.3

For many users the above feels uncomfortable because the real host name is server1.example.com not mail.example.com. Bear in mind that the DNS system simply maps a name used externally to an IP address - irrespective of the host's name in its local configuration file or whatever it answers to a hostname command.

You can map CNAME records to another CNAME record but this is considered bad practice since queries will follow the CNAME chain and look for the A record which uses more DNS resources. CNAME loops can also inadvertently result from such a procedure.

You can redefine a single IP to have multiple names using standard A records which is functionally the same as a CNAME for entries within a zone.

; zone fragment for example.com
$TTL 2d ; zone default = 2 days or 172800 seconds
$ORIGIN example.com.
....
server1    IN      A      192.168.0.3
www        IN      CNAME  server1

; following is functionally identical
; but incurs no CNAME lookup overhead
server1    IN      A      192.168.0.3
www        IN      A      192.168.0.3

In our view the only time that a CNAME is required (there is no alternative) is when you want to alias a name in the current domain to an external domain name (an out-of-zone name) as shown below:

; zone fragment for example.com
$TTL 2d ; zone default = 2 days or 172800 seconds
$ORIGIN example.com.
....
; www service internal to domain
www        IN      A      192.168.0.3
; CNAME used to map ftp service to an external host
ftp        IN      CNAME  ftp.example.net.
....

; zone fragment for example.net
$TTL 2d ; zone default = 2 days or 172800 seconds
$ORIGIN example.net.
....

ftp        IN      A  192.168.3.3
....

In the above example a query for the A RR of ftp.example.com will return the IP address 192.168.3.3, The name ftp.example.net is used by the resolution process simply as a temporary or transient mechanism to obtain the requested result, specifically the IP address of ftp.example.com. Subsequent protocol operations (in this case likely the ftp protocol) will appear under the example.com namespace and specifically not the example.net namespace. This CNAME technique is widely in, for example, mapping web sites that use CDN networks.

Confusion Warning: In the above configuration example a query for the IP address of ftp.example.net will also return an IP address of 192.168.3.3 and all its subsequent protocol operations will appear under the namespace example.net. It is thus possible to share content between different domain names using a CNAME technique. We will stop there and lie down in a darkened room to recover.

Examples & Variations

; zone file fragment for example.com
joe        IN      A      192.168.254.3   
www        IN      CNAME  joe ;canonical name is joe.example.com.
www        IN      CNAME  joe.example.com. ; exactly the same as above
ftp        IN      CNAME  www.example.com. ; bad practice
; better practice to achieve same result as ftp CNAME above
; by re-defining the same physical host with 2 A records
ftp        IN      A      192.168.254.3

; next line redirects bill.example.com to fred.another.com
bill       IN      CNAME  fred.another.com.

; this is theoretically invalid - but widely implemented
           IN      MX 10 mail.example.com.
...
mail       IN      CNAME  joe.example.com.

; classic www.example.com and example.com access
; resolves example.com to an IP
           IN      A      192.168.254.8
www        IN      CNAME  example.com.
; could also be defined as 
           IN      A      192.168.254.8
www        IN      A      192.168.254.8

If you are concerned about when to use the dot and when not at the end of a line.



Problems, comments, suggestions, corrections (including broken links) or something to add? Please take the time from a busy life to 'mail us' (at top of screen), the webmaster (below) or info-support at zytrax. You will have a warm inner glow for the rest of the day.

Pro DNS and BIND by Ron Aitchison

Contents

tech info
guides home
dns articles
intro
contents
1 objectives
big picture
2 concepts
3 reverse map
4 dns types
quickstart
5 install bind
6 samples
reference
7 named.conf
8 zone records
operations
9 howtos
10 tools
11 trouble
programming
12 bind api's
security
13 dns security
bits & bytes
15 messages
resources
notes & tips
registration FAQ
dns resources
dns rfcs
change log

Creative Commons License
This work is licensed under a Creative Commons License.

If you are happy it's OK - but your browser is giving a less than optimal experience on our site. You could, at no charge, upgrade to a W3C STANDARDS COMPLIANT browser such as Firefox

Search

web zytrax.com

Share

Icons made by Icomoon from www.flaticon.com is licensed by CC 3.0 BY
share page via facebook tweet this page

Page

email us Send to a friend feature print this page Display full width page Decrease font size Increase font size

Resources

Systems

FreeBSD
NetBSD
OpenBSD
DragonFlyBSD
Linux.org
Debian Linux

Software

LibreOffice
OpenOffice
Mozilla
GitHub
GNU-Free SW Foundation
get-dns

Organizations

Open Source Initiative
Creative Commons

Misc.

Ibiblio - Library
Open Book Project
Open Directory
Wikipedia

Site

CSS Technology SPF Record Conformant Domain
Copyright © 1994 - 2024 ZyTrax, Inc.
All rights reserved. Legal and Privacy
site by zytrax
hosted by javapipe.com
web-master at zytrax
Page modified: February 01 2022.