Working with CNAME records and your DNS provider

Once you're ready to route traffic to a Fastly service using your domain name, you must associate the domain with your Fastly service and then update your DNS records to point to Fastly by setting up a CNAME record for the domain. While the steps you follow when setting up a CNAME record for your domain will vary depending on your DNS provider, in general you'll need to input a specific value from Fastly that communicates to your DNS provider where and how to route through Fastly’s network.

This guide helps you find the information you'll need from Fastly to set up a CNAME record with your DNS provider including how to choose the right hostname value for the record.

Before you begin

Keep in mind the following CNAME configuration limitations. Specifically:

• Shared TLS domain incompatibility. You can't add a CNAME record for a shared TLS domain.
• Apex domain incompatibility. You can't use a CNAME record if you plan to use Fastly on your apex domain (e.g., example.com rather than www.example.com). Check out our guide to using Fastly with apex domains for more details.

Choosing the right Fastly hostname value for your CNAME record

When you set up your CNAME record, you'll need to enter a hostname value. This value is used to communicate to your DNS provider where and how to route through Fastly’s network.

The value you choose will differ based on:

• the standard HTTPS (TLS) support requirements for your domain, including whether or not HTTP/2 is enabled.
• any custom TLS options purchased for your domain.
• whether or not you choose to limit your traffic to the North American and EU network or use Fastly's global network.

In the next sections you can find recommendations based on the most common criteria.

Non-TLS hostnames and limiting traffic

If you don't require TLS support and only need to accept HTTP (Port 80) connections, use one of the following values for the CNAME record:

TLS-enabled hostnames

If using Fastly TLS, you must use the assigned CNAME record value provided in the Fastly web interface. Using an incorrect value may cause HTTPS (port 443) visitors to receive a TLS certificate mismatch error.

The format for the CNAME record value is <letter>.sni.global.fastly.net. To enable IPv6 support, prefix the value with dualstack.

To locate the CNAME record value:

1. Log in to the Fastly control panel.
2. Go to Security > TLS Management > Domains.
3. Locate the domain you would like to route to Fastly.
4. Click View/edit next to the appropriate certificate to view DNS details.
5. Locate the CNAME record value under the DNS details section.

Setting up the CNAME record with your DNS provider

Once you've determined the appropriate Fastly hostname for your domain, the next step is to set up a CNAME record for your domain. Refer to your DNS provider's documentation for exact instructions on how to create or update a CNAME record. If you run your own DNS server or are familiar with the format of BIND zone files, the CNAME record would look similar to this:

www.example.com.    3600    IN    CNAME   nonssl.global.fastly.net.

In the above example, the domain set up on Fastly is www.example.com., with a time-to-live (TTL) of 3600 seconds (1 hour), the Record Type is CNAME, and the Fastly hostname value is nonssl.global.fastly.net. because TLS support isn't required and traffic will be routed through Fastly's entire global network.

Best practices when updating a DNS CNAME record

• Be sure you've added all domains you want served by Fastly to the appropriate service. If you don't and you point your domain to Fastly, an unknown domain error will occur.
• Make sure your service is properly configured. You can test a Fastly service on your local machine by using curl and testing setup before changing domains.
• If you have multiple hostnames on the same domain (e.g., api.example.com, www.example.com, app.example.com), you can use a DNS wildcard record (*.example.com) at your DNS provider so only a single CNAME record is created and maintained. You should also add either a matching *.example.com domain or the individual domains to your Fastly service.
• Before configuring a CNAME record to point to Fastly, change your service configuration to lower the CNAME's TTL to a small number (we suggest 60 seconds) and wait for the old TTL to expire. Creating a DNS CNAME record for your domain after the TTL expiration ensures you have an easy way to roll back changes if you encounter an issue. Once you confirm everything is working properly using Fastly, you can increase the TTL to its original value.

Checking your CNAME record

To check your CNAME record, run the following command in a terminal window:

$ dig www.example.com +short

Your output should appear similar to the following:

nonssl.global.fastly.net.
151.101.117.57

In most cases, the hostname displayed first will be your current Fastly hostname (in this case, nonssl.global.fastly.net.). If you don't see a Fastly hostname in the output or if you see an incorrect Fastly hostname, then either your CNAME isn't properly set at your DNS provider or an older CNAME record is still cached by your local DNS resolver.

You can use various online DNS query tools like OpenDNS Cache Check or whatsmydns.net to test the current DNS responses from the different DNS resolvers worldwide.

Removing CNAME records

If you deactivate a service, delete a service, or cancel your account, we strongly recommend modifying or deleting any CNAME records pointing to Fastly. Follow the instructions on your DNS provider's website. Doing so will minimize the risk of unauthorized use of your domains.