Why can't a CNAME record be used at the apex (aka root) of a domain?
A CNAME (Canonical Name) record in DNS (Domain Name System) is used to alias one domain name to another. It allows you to point a domain or subdomain to another domain's A or AAAA record.
The reason a CNAME record can't be used at the apex or root of a domain (e.g., example.com ) is due to a conflict with other essential DNS records like SOA (Start of Authority) and NS (Name Server) records.
The SOA record is fundamental and necessary for each DNS zone. It contains important information about the zone, including the primary authoritative name server for the domain. NS records also specify the authoritative name servers for a domain.
When you create a CNAME record at the domain apex, it essentially redirects all queries for that domain to another domain. However, other essential records like SOA and NS records are needed at the apex for the domain to function properly.
Using a CNAME at the apex of a domain would conflict with these necessary DNS records. This is because a CNAME record overrides all other record types at the same domain level. If a CNAME were allowed at the domain apex, it would effectively negate the existence of other critical records, disrupting the domain's functionality and causing potential conflicts in resolving queries.
To work around this limitation, if you want to point the apex of your domain to another domain (e.g., example.com
to www.example.com
), you typically use an A record (IPv4 address) or an AAAA record (IPv6 address) to point directly to an IP address, or some DNS providers offer other record types like ALIAS or ANAME records that function similarly to a CNAME but can be used at the domain apex. These records allow you to point the apex domain to another domain while maintaining the necessary SOA and NS records for the domain to function correctly.
-
What is DNS Monitoring?
Learn what is DNS monitoring, how does it work, what are the benefits and drawbacks and how to set it up.
Guides -
10 Best DNS Monitoring Tools in 2023
DNS monitoring is essential for ensuring the security of communication between clients and web services. Monitoring itself is based upon consistent and periodic verification of DNS records for any extraordinary changes or localized outages.
Comparisons
Make your mark
Join the writer's program
Are you a developer and love writing and sharing your knowledge with the world? Join our guest writing program and get paid for writing amazing technical guides. We'll get them to the right readers that will appreciate them.
Write for usBuild on top of Better Stack
Write a script, app or project on top of Better Stack and share it with the world. Make a public repository and share it with us at our email.
community@betterstack.comor submit a pull request and help us build better products for everyone.
See the full list of amazing projects on github