DNS: 检测到www.example.com的CNAME解析循环(超过最大深度16)
DNS: CNAME resolution loop detected for www.example.com (max depth 16 exceeded)
ID: networking/dns-dangling-cname
版本兼容性
| 版本 | 状态 | 引入 | 弃用 | 备注 |
|---|---|---|---|---|
| BIND 9.18.12 | active | — | — | — |
| Unbound 1.17.0 | active | — | — | — |
| PowerDNS Authoritative Server 4.8.0 | active | — | — | — |
根因分析
DNS区域中包含一条CNAME记录链,最终指向自身,形成无限循环,超过解析器的最大查询深度(通常为16),导致解析失败。
English
A DNS zone contains a chain of CNAME records that ultimately points back to itself, creating an infinite loop that exceeds the resolver's maximum query depth (typically 16) and causes a resolution failure.
官方文档
https://www.rfc-editor.org/rfc/rfc1034#section-5.2.2解决方案
-
Identify and break the CNAME loop by inspecting the zone file: dig www.example.com CNAME +trace; then remove or correct the circular reference in the DNS provider's control panel.
-
Temporarily replace the CNAME record with an A record pointing to the correct IP address to restore service while investigating the loop.
-
Use a DNS debugging tool like dnstracer to visualize the CNAME chain: dnstracer www.example.com -s . -r 20
无效尝试
常见但无效的做法:
-
98% 失败
The loop is in the authoritative DNS zone, not in the client cache; flushing will just re-fetch the same broken records.
-
85% 失败
This only delays the failure; the loop will eventually hit the new limit and still fail. It also increases resource usage for legitimate queries.
-
70% 失败
This is too aggressive; the loop is caused by a specific CNAME chain, not all records. Removing everything may break other services.