# DNS: CNAME resolution loop detected for www.example.com (max depth 16 exceeded) - **ID:** `networking/dns-dangling-cname` - **Domain:** networking - **Category:** protocol_error - **Verification:** ai_generated - **Fix Rate:** 95% ## Root Cause A DNS zone contains a chain of CNAME records that ultimately points back to itself, creating an infinite loop that exceeds the resolver's maximum query depth (typically 16) and causes a resolution failure. ## Version Compatibility | Version | Status | Introduced | Deprecated | |---------|--------|------------|------------| | BIND 9.18.12 | active | — | — | | Unbound 1.17.0 | active | — | — | | PowerDNS Authoritative Server 4.8.0 | active | — | — | ## Workarounds 1. **Identify and break the CNAME loop by inspecting the zone file: dig www.example.com CNAME +trace; then remove or correct the circular reference in the DNS provider's control panel.** (95% success) ``` Identify and break the CNAME loop by inspecting the zone file: dig www.example.com CNAME +trace; then remove or correct the circular reference in the DNS provider's control panel. ``` 2. **Temporarily replace the CNAME record with an A record pointing to the correct IP address to restore service while investigating the loop.** (90% success) ``` Temporarily replace the CNAME record with an A record pointing to the correct IP address to restore service while investigating the loop. ``` 3. **Use a DNS debugging tool like dnstracer to visualize the CNAME chain: dnstracer www.example.com -s . -r 20** (88% success) ``` Use a DNS debugging tool like dnstracer to visualize the CNAME chain: dnstracer www.example.com -s . -r 20 ``` ## Dead Ends - **** — The loop is in the authoritative DNS zone, not in the client cache; flushing will just re-fetch the same broken records. (98% fail) - **** — This only delays the failure; the loop will eventually hit the new limit and still fail. It also increases resource usage for legitimate queries. (85% fail) - **** — This is too aggressive; the loop is caused by a specific CNAME chain, not all records. Removing everything may break other services. (70% fail)