CNAME vs A Record: Differences and When to Use Each

CNAME vs A Record: Differences and When to Use Each

A records and CNAMEs are the two most common DNS record types — and they're often confused, which leads to broken apex resolution, inconsistent CDN behaviour, and SSL issues. This article is a thorough comparison, with RFC constraints and practical use cases.

What an A record is

A (Address) maps a domain name to an IPv4 address. Example:

example.com.      3600  IN  A  93.184.216.34

For IPv6 the type is AAAA. An A record is the "terminal" of DNS resolution.

What a CNAME is

CNAME (Canonical Name) is an alias: instead of an IP it points to another domain name that the resolver must query next:

www.example.com.  3600  IN  CNAME  example.com.

When www.example.com is queried, the resolver gets the CNAME and then asks for A on example.com.

Key differences

Purpose

A — direct IP. CNAME — alias to another name.

Resolution depth

A — 1 step. CNAME — 2+ steps (chains possible).

Performance

A is faster. CNAME adds an extra query (usually cached).

Apex compatibility

A works on apex. CNAME doesn't (per RFC 1034).

Coexistence

CNAME forbids other record types on the same name. A plays fine with MX, TXT, NS.

RFC 1034 rule: CNAME and apex

Per RFC 1034 a CNAME cannot coexist with other records on the same name. But the apex domain (example.com without www) must have SOA and NS records — which means CNAME on apex is forbidden.

In practice: example.com with a CNAME to myapp.herokuapp.com is a zone error. You'll see SERVFAIL or broken resolution.

ALIAS / ANAME — the apex solution

Some DNS providers (Cloudflare, Route 53, DNSimple, NS1) support virtual records — ALIAS / ANAME / CNAME flattening. They allow "CNAME on apex" by resolving the target server-side and returning an A record to clients.

• Cloudflare — CNAME flattening, automatic.
• Route 53 — Alias record, only for AWS resources.
• DNSimple / NS1 — ALIAS / ANAME.

When to use A

• Apex domain — example.com.
• Stable IP that doesn't change.
• When multiple record types share a name (A + MX + TXT).
• Dedicated server on a fixed IP.

When to use CNAME

• Subdomains (www, blog, shop) — especially if IPs may change.
• CDN (yourcdn.cloudfront.net, cdn.shopify.com) — CDNs rotate IPs constantly.
• SaaS integrations (Heroku, Vercel, Netlify) give you a CNAME target.
• Cloud load balancers (AWS ELB).

Checking A and CNAME

Use DNS Lookup or dig:

dig A example.com +short
dig CNAME www.example.com +short
dig +trace www.example.com

Common mistakes

CNAME on apex

You get SERVFAIL or losing MX. Fix with ALIAS or an A record to a fixed IP.

CNAME loops

a.example.com to b.example.com to a.example.com. Resolvers cap chain length (usually 5) and return SERVFAIL.

CNAME + MX on the same name

Per RFC 1912, this is invalid. Some mail servers refuse delivery.

Dangling CNAME

A subdomain CNAME pointing at a dead target — NXDOMAIN. Also a security risk: attackers can register the dangling target and hijack traffic (subdomain takeover).

Performance impact

CNAME adds one extra lookup, usually resolved and cached by the recursive resolver in parallel. Client-side latency impact is typically 0-20 ms. For latency-critical static content, prefer A.

TLS impact

With CNAME to a CDN, make sure the CDN's TLS certificate covers your domain (SNI). Let's Encrypt with CNAME works through the DNS-01 challenge — add a CNAME on _acme-challenge.

Comparison table

FAQ

Which is faster — A or CNAME?

A. CNAME adds one lookup, usually 5-20 ms on cold cache.

Can I CNAME a CNAME?

Technically yes, but resolvers cap the chain at 5-8. Avoid it.

What to use with Cloudflare?

A on apex (Cloudflare flattens CNAMEs automatically). CNAME on subdomains.

How to check for CNAME on apex?

dig example.com ANY lists all records. If CNAME is on apex you'll see a warning.

Conclusion

The choice boils down to two rules: (1) apex — A or ALIAS only; (2) dynamic targets (CDN, SaaS) — CNAME. Everything else is convenience. Use Enterno.io DNS Lookup to verify and monitoring to catch dangling CNAMEs or invalid records early.