What Is a CNAME Record? (DNS Aliases Explained)

By Kalenfy · Updated 27 June 2026 · 5 min read

What Is a CNAME Record? (DNS Aliases Explained)

TL;DR: A CNAME (Canonical Name) record is an alias — it points one hostname at another instead of at an IP. So www.yourdomain.com can CNAME to yourdomain.com, or a subdomain can point at a SaaS platform. They're handy but have a few rules, and a stale CNAME can be a security risk. Scan your domain free to review your setup.

What a CNAME does

Where an A record maps a name to an IP, a CNAME maps a name to another name. The resolver then looks up that target to get the final address. It's useful when the destination's IP might change — you point at a hostname and let the target manage the IP behind it.

Common uses

The rules and gotchas

The security risk: dangling CNAMEs

If a CNAME points at a third-party service you've stopped using, an attacker can sometimes claim that service and take over your subdomain — a subdomain takeover. The rule: delete the CNAME before you decommission whatever it points to, and audit your records when you retire tools.

FAQ

What's the difference between a CNAME and an A record?

An A record points to an IP address; a CNAME points to another hostname (which then resolves to an IP).

Can I use a CNAME for my naked/root domain?

Usually not — use an A record, or an ALIAS/ANAME if your DNS provider offers one.

Why does my provider want a CNAME for verification?

It proves you control the DNS for that name. It's common for DKIM, SaaS setup and ownership checks.

Not sure your CNAMEs are clean and safe? Scan your domain, then reply to your report — we're developers and we'll audit your records and close any dangling aliases.

Check your own domain — free

Kalenfy runs a passive scan of your SPF, DKIM, DMARC, DNSSEC, CAA and more, then gives you a downloadable PDF report with exact fixes. You see your grade first — no email needed to view it.

Scan my site free

Related guides