48

Is it possible to set a CNAME record at the top of a domain? (i.e. @ CNAME www, @ CNAME foobar.com., etc.)

My ISP says that it's only possible to use CNAME's for subdomains but I've read somewhere else that is should be possible even if not recommended.

Andrew B
  • 31,858
  • 12
  • 90
  • 128
Martin
  • 775
  • 2
  • 7
  • 12
  • 4
    I want to point a top-level-domain to a amazon cloudfront distribution and they only support cnames. – Martin Sep 30 '10 at 12:13
  • 1
    I should point out that EVERY domain is a "subdomain". `example.com` is a subdomain of `com`, and `com` is a subdomain of `.`. Any limitations put in place by your ISP are put in place by your ISP and perhaps the registrar, not by the underlying technology. – ghoti Sep 22 '12 at 16:26
  • 3
    example.com is *not* a top level domain so your question requires a rephrasing. – bortzmeyer Sep 22 '12 at 21:47
  • 1
    Possible duplicate of [Why can't a CNAME record be used at the apex (aka root) of a domain?](http://serverfault.com/questions/613829/why-cant-a-cname-record-be-used-at-the-apex-aka-root-of-a-domain) – MadHatter Feb 02 '16 at 17:37

3 Answers3

34

Not possible - this would conflict with the SOA- and NS-records at the domain root.

From RFC1912 section 2.4: "A CNAME record is not allowed to coexist with any other data."

Jesper
  • 914
  • 7
  • 4
  • 6
    The quoted text doesn't say that it's not possible, only that it can't be used with other records. Your NS and SOA records would reside with the canonical name. – bukzor Aug 28 '12 at 18:11
  • 2
    Just a side note, RFC1912 is Informational and does not define a standard of any sort. [RFC2181 has Proposed Standard status](http://serverfault.com/a/613830/152073) and is a better link for unambiguously forbidding this behavior. – Andrew B Aug 05 '14 at 18:33
5

You can setup your domain to be a CNAME to another domain, but then everything will go to that other domain -- including mail and the SOA "start-of-authority" record itself. However, you can still have separate subdomains, like "private.domain.com" use another mail and web server.

Otheus
  • 307
  • 3
  • 5
  • 2
    If the parent zone has `NS` records and the child "zone" is only a CNAME then some systems will get _very_ confused. – Alnitak Feb 07 '12 at 16:20
  • 1
    This is implementation specific and dangerous advice. **Don't CNAME @, ever.** – Andrew B Jul 08 '13 at 00:41
0

I use cloudflare to setup CNAME for root domain and it works fine.. without breaking the mail records

Anandu
  • 37
  • 1
    No, you didn't. It doesn't work that way. – Chris S Jun 02 '14 at 14:44
  • 6
    @ChrisS [CloudFlare has a nasty hack](https://support.cloudflare.com/hc/en-us/articles/200169056-CNAME-Flattening-RFC-compliant-support-for-CNAME-at-the-root). It seems to work, though. – Michael Hampton Jun 02 '14 at 15:49
  • 2
    I don't think they even use a hack, I think they just point the domain to a common set of RRs. I do the same thing with BIND zone files (use the same zone for half of my domains). I think the only "hack" is that they use the term CNAME in there. – Chris S Jun 02 '14 at 15:56
  • I don't think the implementation details are relevant - the point of the answer appears to be that cloudflare allows you to define a CNAME record for the root domain, which it does, and corroborates `I've read somewhere else that is should be possible` (though that wouldn't have been true in 2010). – AD7six Jun 23 '14 at 17:59
  • @AD7six If an actual CNAME record existed at the apex, it would be a RFC2181 violation. As it stands, this is a case of confusing record synthesis that has no basis in a standard defining RFC. (the fake `ANAME` and `ALIAS` records are more honest) If I'm wrong and a standard defining RFC does define the behavior for flattening an apex CNAME I'm all ears, but I'm extremely skeptical of this given RFC2181. – Andrew B Aug 05 '14 at 18:53