Adding CNAME records
Last updated February 10, 2017
To direct traffic from the Internet through Fastly instead of immediately through your site or application, you must create a DNS CNAME record for your domain that points to a Fastly hostname (e.g.,
nonssl.global.fastly.net) instead of directly to your domain (e.g.,
www.example.com). To do this, you must have access privileges that allow you to modify DNS records for your domain.
Want to use Fastly on your apex domain (e.g.,
example.com rather than
www.example.com) where you can't use a CNAME record? See our guide to using Fastly with apex domains for more details.
Choosing the right Fastly hostname for your CNAME record
The Fastly hostname you use for your DNS CNAME record will differ based on:
- the standard HTTPS (TLS) support requirements for your domain.
- any custom TLS options purchased for your domain.
- whether or not you choose to limit your traffic to the US and EU network or use Fastly's global network.
We've provided recommendations below based on these criteria.
Non-TLS hostnames and limiting traffic
If you don't require TLS support and only need to accept HTTP (Port 80) connections, use:
nonssl.global.fastly.net.to route traffic through Fastly's entire global network
nonssl.us-eu.fastly.net.to route traffic through Fastly's US and EU POPs only
IMPORTANT: Fastly's non-TLS hostnames refuse HTTPS connections (port 443) to prevent TLS certificate mismatch errors.
If you plan to accept both HTTP (port 80) and HTTPS (port 443) connections and you're using Fastly's free shared TLS wildcard certificate, use:
[letter].ssl.global.fastly.net.to route traffic through Fastly's entire global network
[letter].ssl.us-eu.fastly.net.to route traffic through Fastly's US and EU POPs only
When you purchase one of these certificate services, Fastly Support will add your domains to a specific TLS Certificate, usually differentiated by a certificate letter (e.g.,
c). You'll need to add the certificate letter to the beginning of the Fastly hostname noted above for use in your CNAME record. For example, if your domain was added to our
a certificate the above hostname would become
IMPORTANT: You must use the assigned Fastly TLS hostname provided by Fastly Support. Using the incorrect Fastly hostname will cause a TLS Certificate mismatch error for HTTPS (Port 443) traffic.
Updating the CNAME record with your DNS provider
Once you've determined the appropriate Fastly hostname for your domain, create a DNS CNAME record for your domain. You'll need to follow your DNS provider's documentation for creating or updating a DNS CNAME record. The steps you follow will vary depending on your DNS provider's control panel interfaces.
TIP: If you can't find your provider's CNAME configuration instructions, Google maintains instructions for most major providers. Keep in mind that these instructions are maintained by Google, not Fastly, and are tailored specifically for Google enterprise services.
If you run your own DNS server or are familiar with the format of BIND zone files, the CNAME record would look similar to this:
www.example.com. 3600 IN CNAME nonssl.global.fastly.net.
In the above example, the domain set up on Fastly is
www.example.com., with a time-to-live (TTL) of
3600 seconds (1 hour), the Record Type is
CNAME, and the Fastly hostname is
nonssl.global.fastly.net. because TLS support isn't required and traffic will be routed through Fastly's entire global network.
Test an updated CNAME using dig on your computer's terminal (e.g.,
dig www.example.com). If you see the correct Fastly hostname in the CNAME record in the
ANSWER section of the response, then the CNAME record is created properly.
Best practices when updating a DNS CNAME record
- Be sure you've added all domains you want served by Fastly to the appropriate service. If you don't and you point your domain to Fastly, an
unknown domainerror will occur.
- Make sure your service is properly configured. You can test a Fastly service on your local machine by using cURL and replacing
192.168.1.1with a Fastly IP address or setting a temporary
/etc/hostsentry on your local machine.
- If you have multiple hostnames on the same domain (e.g.,
app.example.com), you can use a DNS wildcard record (
*.example.com) at your DNS provider so only a single CNAME record is created and maintained. You should also add either a matching
*.example.comdomain or the individual domains to your Fastly service.
- Before changing a CNAME to point to Fastly's hostname, change your service configuration to lower the CNAME's TTL to a small number (we suggest 60 seconds) and wait for the old TTL to expire. Creating a DNS CNAME record for your domain after the TTL expiration ensures you have an easy way to roll back changes if you encounter an issue. Once you confirm everything is working properly using Fastly, you can increase the TTL to its original number.
Removing CNAME records
If you deactivate a service, delete a service, or cancel your account, we strongly recommend modifying or deleting any CNAME records pointing to Fastly hostnames. Follow the instructions on your DNS provider's website. Doing so will minimize the risk of unauthorized use of your domains.