CNAME Lookup

Why should you check a domain’s CNAME record?

• Verify DNS configuration

  Creating a CNAME record is one of the required steps for certain frequently used configurations, such as redirecting subdomains to the main domain. A CNAME lookup is the simplest way to confirm the record was created correctly and has been propagated across the Internet. Additionally, since CNAMEs can be chained together, a CNAME lookup can help identify broken chains that are causing accessibility issues.

• Detect malicious activity

  Cybercriminals can use CNAME records to point a legitimate-looking subdomain (e.g., login[.]amazon-secure[.]com) to a malicious site. A CNAME lookup can expose this redirection and reveal the true destination of the traffic. In some instances, CNAME records are also used for DNS tunneling, particularly to hide payloads, so a CNAME lookup can help check for suspicious CNAME responses.

• Identify the true domain

  A CNAME record reveals the “true” or canonical hostname that an alias is pointing to. This is important in order to understand where a website's content is actually hosted, especially with services like content delivery networks (CDNs) or platform-based websites.

• Investigate and map out attack infrastructures

  For security analysts, checking a domain's CNAME records can lead them to other domains that may be part of a larger malicious infrastructure. For example, they may find multiple suspicious domains on the CNAME chain.

Frequently Asked Questions

What is a CNAME record and how is it different from other DNS records?

A canonical name (CNAME) record is a DNS record type that designates a domain or subdomain as an alias for another domain. Unlike A or AAAA records, a CNAME points a domain or subdomain to a hostname (another domain or subdomain), not an IP address. When a DNS query is made for a domain with a CNAME, the DNS server first gets the canonical hostname and then performs an additional lookup to resolve its IP address.

CNAME records perform a unique function that makes them ideal for managing subdomains and directing traffic to third-party services. They help simplify how IP resolutions are managed by centralizing all changes to a single canonical domain. That said, if the IP address of that domain changes, all its aliases are automatically updated without requiring manual intervention.

How does a CNAME record work?

When a client (like your web browser) wants to access a web address like www.example.com that has a CNAME record, the DNS resolver contacts the authoritative name server (NS) for example.com. Since the domain has a CNAME record, the authoritative NS responds with the CNAME (e.g., example1.com), rather than an IP address.

The DNS resolver performs another query, this time for example1[.]com. If this query resolves to an A or AAAA record, the resolver can provide the client with the IP address it needs to load the website. There can be instances where the canonical name also has a CNAME record pointing to another domain. In this case, the DNS resolver would perform another query for the second CNAME. This process, known as a "CNAME chain," continues until the resolver finds a non-CNAME record, such as an A record (for IPv4) or an AAAA record (for IPv6), which contains the final IP address.

When is a CNAME record used?

CNAME records are particularly useful when integrating your domain with a CDN or other third-party services. When you sign up for a CDN service, for instance, you can use a CNAME record that points your domain (e.g., www[.]yourcompany[.]com) to a specific domain provided by the CDN (e.g., yourcompany[.]cdnprovider[.]com). This allows you to maintain control over your domain name while the CDN provider manages its server's DNS settings, even if their IP addresses change. This ensures continuous service without requiring you to update your DNS records constantly.

You may also need to use CNAME records when your domain has different country-code top-level domains (ccTLDs), such as example.us, example.es, and example.fr, so you can redirect these domains to the parent domain (example.com).

CNAME records are also useful in subdomain management. They are frequently used to point various subdomains to a single main domain. For example, a company can use a CNAME to direct blog[.]example[.]com and shop[.]example[.]com to the canonical name example[.]com.

How can I use a CNAME lookup tool for phishing detection or threat intelligence gathering?

CNAME record lookups help identify dangling CNAMEs (i.e., decommissioned services with CNAMEs that remain active) that pave the way for subdomain takeovers and potentially lead to phishing and malware. Analyzing CNAME chains can reveal hidden malicious infrastructures, enabling threat investigators to map malicious networks.

How does the CNAME lookup tool work?

When you type a domain name into our CNAME lookup tool, it sends a request to that domain’s authoritative name server, which in turn responds with the domain’s CNAME record. The CNAME lookup tool then displays the associated record in a pop-up window. If the domain name doesn’t have a CNAME record, the tool will return the message, “No CNAME records found for the given domain.”

What are the restrictions regarding using CNAME records?

CNAME records have some limitations. For one, a domain or subdomain can only have one CNAME record, as the DNS needs to know where exactly to point the next DNS request. CNAME records cannot coexist with any other record type (like A, MX, or NS records) for the same domain (DNSSEC records are an exception to this rule). Because of this, CNAME records cannot be used at the zone apex (root domain), since SOA and NS records are required at that level. Additionally, MX and NS records must not point to a domain that has a canonical name record (they must point to domains with A or AAAA records).

These restrictions are detailed in certain sections 10.1 and 10.3 of RFC 2181 and section 3.6 of RFC 1034.

How can I check the other DNS records of a domain?

You may use our DNS Lookup API, which returns CNAME records, A records, SOA records, and other DNS record types. You may also use our lookup tool. If you only want to look up the TXT record of a domain, you can use our free TXT Lookup tool. To retrieve a domain’s MX record, use our free MX lookup tool.