How this CNAME record checker works

A CNAME (canonical name) record turns one hostname into an alias for another, so traffic for www.example.com or shop.example.com can be handed off to a CDN, SaaS platform, or mail provider. DNS won't let you list every name in a zone, so this tool checks a curated set of common sub-hosts (www, autodiscover, cdn, status, help, shop, and others) and reports each one that resolves to a CNAME.

For every alias we find, we show the target it points to and, where we recognise it, the vendor behind that target (Microsoft 365, Google, Cloudflare, Shopify, Zendesk, SendGrid, and others). We also flag aliases that point nowhere. A dangling CNAME is a common cause of broken links, and it can open the door to a subdomain takeover. Lookups go over DNS-over-HTTPS and fall back across several resolvers when one is blocked.

Some email providers publish DKIM keys as CNAME delegations under selector._domainkey. There can be a lot of these, so we don't enumerate them here. The dedicated DKIM checker resolves those selectors, follows their CNAME chains, and validates the underlying keys.

CNAME Record Checker

Enter a domain to probe common sub-hosts, follow each CNAME alias to its target, and detect the vendor behind it.

Domain

Try an example: github.com · shopify.com · zoom.us

Check a Custom Hostname

Enter a specific host label to look up (e.g. www, shop). Separate multiple labels with commas.

🔑 Some providers publish DKIM keys as CNAME delegations under selector._domainkey. Use the DKIM checker to resolve those selectors and validate the keys.

Frequently Asked Questions

Common questions about CNAME records.

What is a CNAME record?

A CNAME (canonical name) record makes one hostname an alias for another. When a resolver looks up the alias, it follows the CNAME to the target name and then resolves that. CNAMEs are widely used to point sub-hosts like www or shop at a CDN or SaaS platform without hard-coding the provider's IP addresses.

Why can't I just list all CNAME records for a domain?

DNS has no public way to enumerate every name in a zone (zone transfers are almost always blocked). The only reliable approach is to query specific names, so this tool probes a curated list of the sub-hosts that are most commonly published as CNAMEs. Use the custom hostname box above to check any label we didn't include.

Why can't the root of my domain be a CNAME?

RFC 1034 says a name with a CNAME can't hold other record types, but the apex must carry NS and SOA records, so a CNAME there is invalid. Providers work around this with "CNAME flattening" or ALIAS/ANAME records, which behave like a CNAME at the apex while returning A/AAAA records to resolvers.

What is a dangling CNAME?

A dangling CNAME points at a target that no longer exists, like a deprovisioned cloud bucket or a closed SaaS account. Besides breaking the link, it's a security risk: if someone else can claim that target, they can serve their own content from your subdomain (a subdomain takeover). This tool flags any alias whose target fails to resolve.