Why isn't my CNAME resolving?

Common causes are typos in the target, a CNAME alongside other records on the same name (not allowed by RFC 1034), or DNS changes that haven't propagated yet.

Can I put a CNAME on my apex domain?

No — apex domains cannot have a CNAME. Use ALIAS or ANAME records from your DNS provider, or flatten the CNAME at the DNS layer.

What is a CNAME resolution chain?

It is the sequence of aliases a resolver follows from the alias hostname to a final A or AAAA record. Excessive chains slow lookups and break some validators.

Check Your CNAME Record

Q: What is a CNAME record?

A CNAME record aliases one hostname to another canonical hostname so DNS resolvers automatically follow the alias to the final A/AAAA record.

Verify any DNS CNAME alias and follow the full resolution chain for free. Confirm CDN, DKIM, and SaaS aliases resolve to the right target.

What is a CNAME record?

A CNAME (Canonical Name) record is a DNS entry that maps an alias hostname to a canonical hostname. When a resolver looks up the alias, it follows the chain until it finds an A or AAAA record on the canonical target, then returns the underlying IP address. This makes CNAME records the standard way to delegate a subdomain to a third-party service without revealing or hard-coding its IP.

CNAMEs are central to modern email and web operations: CDNs publish ever-changing IPs that only a CNAME can track cleanly, DKIM-as-a-service vendors require CNAME delegation for selector keys, and SaaS platforms use them to brand customer-facing endpoints. The standard is defined in **RFC 1034** and **RFC 2181**.

Why check your CNAME records?

1Catch broken aliases early

If a vendor renames or retires their hostname, your CNAME silently breaks and only a checker reveals it

2Confirm DKIM and BIMI delegation

Both rely on CNAMEs that point to vendor-managed records — verify the chain resolves end-to-end

3Avoid mixed-record errors

A CNAME cannot coexist with other records on the same name. The checker spots conflicts immediately

4Audit migration cutovers

After repointing a custom domain to a new SaaS provider, verify the canonical target before announcing the change

How CNAME resolution works — step by step

Your DNS provider publishes a CNAME record mapping an alias (e.g. `www.example.com`) to a canonical target (`example.com` or a vendor host).

A client looks up the alias. The resolver returns the CNAME and continues querying the canonical target.

If the target is itself a CNAME, the resolver follows the chain — most stacks allow up to ~8 hops before giving up.

Once the resolver finds an A or AAAA record, it returns that IP to the original client.

The full chain (alias → intermediate aliases → A record) is cached at each hop for the record's TTL.

CNAME record syntax

DNS CNAME record example

www.example.com.    300    IN    CNAME    example.com.

Field breakdown

alias— the hostname that delegates

TTL— cache lifetime in seconds (300 = 5 min)

IN— Internet record class

CNAME— record type

target— canonical hostname (must end with a dot)

Common CNAME failures and fixes

CNAME at the apex

Apex domains cannot host a CNAME — use an ALIAS or ANAME record from your DNS provider

CNAME alongside other records

RFC 1034 forbids a CNAME on a name that also has MX, TXT, or A records — split the records onto different names

Dangling target

If the canonical target no longer exists, resolvers return NXDOMAIN — repoint to a live target

Excessive chain length

Chains longer than 8 hops cause some resolvers to abort — flatten the chain by pointing directly to the final target

Часто задаваемые вопросы

A CNAME (Canonical Name) record is a DNS entry that maps one hostname to another. Instead of pointing directly at an IP address, the hostname becomes an alias for a canonical target, so any A or AAAA record updates on that target automatically apply to every alias. CNAMEs are commonly used for www subdomains, CDN endpoints, SaaS custom domains, and email authentication delegations like DKIM and DMARC reporting.

Modern email authentication relies on CNAME-delegated DKIM keys and Branded Indicators for Message Identification (BIMI). If a CNAME for a DKIM selector or a BIMI logo URL is broken, receivers may downgrade your trust score and route mail to spam. A CNAME checker confirms the alias resolves cleanly to the expected target, so signing and brand indicators work end-to-end.

A CNAME chain occurs when one alias points to another alias before reaching an A record. Most resolvers follow chains transparently, but every additional hop adds latency, increases the chance of misconfiguration, and can break some validators that only follow one level. The checker shows each step in the chain so you can flatten unnecessary hops.

Strictly, no — RFC 1034 forbids a CNAME alongside other records, and apex domains always need SOA and NS records. Some DNS providers offer ALIAS, ANAME, or flattened CNAME-at-apex features that synthesise an A record from the target. If you rely on these, our checker still verifies the resolved IP works as expected.

An empty result usually means the CNAME hasn't been published yet, was added at the wrong subdomain, or has a typo in the target. DNS propagation can take up to 48 hours, but most modern providers update within minutes. Confirm the record exists in your DNS panel, then recheck.

Yes. CNAME lookups query public DNS data and do not touch the destination server. You can verify a partner, vendor, or competitor configuration without authentication and without generating any traffic against their infrastructure.