The primary difference between a CNAME record and an ALIAS record is not in the result—both record types point to another DNS record—but in how they resolve the target DNS record when queried. In short, one is safe to use at the zone apex (ex. naked domain, such as example.com) and the other is not.
A CNAME record points a DNS name (such as www.example.com) to another DNS name (such as lb.example.net). This introduces a performance penalty since at least one additional DNS lookup must be performed to resolve the target (lb.example.net). If neither record has ever been queried by the recursive resolver, there is an even bigger impact on time as the full DNS hierarchy must be traversed for both records.
-
You (as the DNS client or stub resolver) query your recursive resolver for www.example.com.
-
Your recursive resolver queries the root name server for www.example.com.
-
The root name server refers your recursive resolver to the .com Top-Level Domain (TLD) authoritative server.
-
Your recursive resolver queries the .com TLD authoritative server for www.example.com.
-
The .com TLD authoritative server refers your recursive server to the authoritative servers for example.com.
-
Your recursive resolver queries the authoritative servers for www.example.com and receives lb.example.net as the answer.
-
Your recursive resolver caches the answer and returns it to you.
-
You now issue a second query to your recursive resolver for lb.example.net.
-
Your recursive resolver queries the root name server for lb.example.net.
-
The root name server refers your recursive resolver to the .net TLD authoritative server.
-
Your recursive resolver queries the .net TLD authoritative server for lb.example.net.
-
The .net TLD authoritative server refers your recursive server to the authoritative servers for example.net.
-
Your recursive resolver queries the authoritative servers for lb.example.net and receives an IP address as the answer.
-
Your recursive resolver caches the answer and returns it to you.
Each of these steps consumes at least several milliseconds—typically more, depending on network conditions. This can add up to a considerable amount of time spent waiting for the final, actionable answer of an IP address.
With an ALIAS record, the process is the same as that of a CNAME record query, except the authoritative server for, say, example.com performs steps 1 through 13 above automatically—returning the final answer of an IP address. This offers two advantages and one significant drawback:
-
Decreased time to final answer resolution
In most cases, the authoritative servers for example.com are more powerful and have faster internet connectivity than your personal computer and connection. Therefore, they can traverse the DNS hierarchy and retrieve the final answer much faster.
-
Answer looks like an A record
Since an ALIAS record returns the final answer consisting of one or more IP addresses, it can be used anywhere an A record can be used—including the zone apex. This makes it more flexible than a CNAME, which cannot be used at the zone apex.
-
Loses geo-targeting information
Since it is the authoritative server for example.com (issuing the queries for lb.example.net), then any intelligent routing functionality on the lb.example.net record will act upon the location of the authoritative server instead of your location. The EDNS0 edns-client-subnet option does not apply here. This means you may be potentially misrouted. For example, if you are in New York and the authoritative server for example.com is in California, then lb.example.net will think you are in California and will return an answer distinctly sub-optimal for you in New York.
One important thing to note is that NS1 collapses CNAME records provided they all fall within the NS1 system, i.e., NS1’s name servers are authoritative for both the CNAME and the target record.
Collapsing simply means the NS1 name server will return the full chain of records, from CNAME to final answer, in a single response. This eliminates all the additional lookup steps and allows you to use CNAME records even in a nested configuration without any performance penalty.
Further, NS1 supports a unique record type called a linked record. Basically, this is a symbolic link within DNS that acts as an ALIAS record might, except with sub-microsecond resolution speed. To use a linked record, create the target record as you usually would (any type) and create a second record that points to it, selecting the linked record option.
Linked records can cross-domain (zone) boundaries and account boundaries within NS1 and offer a powerful way to organize and optimize your DNS record structure.
For more information, refer to the following eLearning article on the NS1 website: https://ns1.com/resources/cname