CNAME stands for Canonical Name and is a DNS record that allows a domain or subdomain to point to another domain or subdomain name. A CNAME record consists of two parts:
- Alias Name: the name being queried
- Canonical Name (Target): the name being pointed to
When a DNS query is made for the alias name, the DNS responds with the canonical name. CNAME records are commonly used to provide alias names for domains or subdomains.
Important: A CNAME record does not point directly to an IP address, but rather to another domain or subdomain name. That name is then resolved in turn to ultimately determine the IP address of the actual server.
How a CNAME record is resolved
DNS query starts here CNAME record points here Actual IP address
Example of a CNAME record:
| Name (Alias) | Type | Target (Canonical Name) |
|---|---|---|
| mail.example.de | CNAME | zielname.hornetsecurity.com |
What the record looks like in your DNS zone:
Why Do I Need a CNAME for DKIM?
DKIM (DomainKeys Identified Mail) cryptographically signs outgoing emails. Receiving mail servers verify this signature by retrieving the public key published in the DNS of the sender’s domain.
Since Hornetsecurity handles the DKIM signing for your domain, the associated key is also managed by Hornetsecurity and provided in our DNS. To ensure receiving servers find the key under your domain, you add a CNAME record in your DNS zone: this points from your domain to the corresponding record at Hornetsecurity. When a mail server queries the DKIM key for your domain, it follows the CNAME and obtains the key stored with us.
The advantage of this method: Hornetsecurity can centrally manage and renew the DKIM keys (key rotation) as needed without requiring you to update your DNS records each time. The one-time CNAME reference remains valid indefinitely.