Home/ Glossary/ Apex Domain / Root Domain

Apex Domain / Root Domain (Apex Domain)

Security Glossary - DNS

Definition: The apex domain (also called root domain, bare domain, or naked domain) is the domain without any subdomain prefix - for example, example.com rather than www.example.com. It is the highest level of your domain that you control, directly under the top-level domain (TLD).

Why You Should Care About Apex Domain

The apex domain requires special handling in DNS because of a technical limitation: you cannot create a CNAME record at the apex. This is because CNAME records cannot coexist with other record types, and the apex always has SOA and NS records. This limitation matters when you want to point your apex domain to a CDN or cloud service that uses dynamic IP addresses.

Many DNS providers offer workarounds: Cloudflare has CNAME flattening, Route 53 has ALIAS records, and DNS Made Easy has ANAME records. These resolve a CNAME-like target to an IP address at query time, returning an A record to the client. This gives you the flexibility of a CNAME with the compatibility of an A record.

For SEO, you should choose either the apex domain or the www subdomain as your canonical URL and redirect the other. Having both resolve without a redirect creates duplicate content issues. Most modern sites use the apex domain as canonical since it is shorter.

How to Verify

A DNS health checker verifies that your apex domain resolves correctly and shows what record types are configured there. Check that you are not trying to use a CNAME at the apex (which violates DNS standards) and that your chosen canonical URL (apex or www) has proper redirects from the other.

Check DNS Health

Questions and Answers

Should I use example.com or www.example.com?
Either works. The apex domain (example.com) is shorter and more modern. The www subdomain is easier to configure with some CDNs (because you can use a CNAME). Choose one as canonical and redirect the other with a 301 redirect. Most sites today use the apex.
Why can't I use a CNAME at the apex domain?
The DNS specification forbids CNAME records from coexisting with other record types. Since the apex always has SOA and NS records, a CNAME there would violate the spec. Most DNS providers offer ALIAS or ANAME records as workarounds that function like CNAMEs but return A records.

Learn More

Domain Name System CNAME Record (Canonical Name Record) A Record (Address Record) Subdomain DNS Zone
Disclaimer: DomainOptic provides automated informational scans only. Results do not constitute professional security advice, compliance certification, or a guarantee of security. Always verify findings independently.