DEV Community

Arnob
Arnob

Posted on

CNAME Cross-User Banned Issue

I will share how to solve the CNAME Cross-User Banned issue

captionless image

The “CNAME Cross-User Banned” error usually happens on AWS CloudFront (but also in other CDN providers) when you try to associate a custom domain (CNAME/alternate domain name) with a distribution, but that domain is already registered with another account.

This is a security restriction to prevent CNAME hijacking (so someone else cannot claim your domain and serve content under it without authorization). But you configure that for right.

Here i am using Proxy Manager. So i need to connect other domain using proxy manager

So How i got that error:

  • You have Nginx Proxy Manager (NPM) running.
  • It listens on port 80 with the hostname proxy.pxydomain.xyz.
  • You then added another domain (anotherdomain.xyz) into Proxy Manager.
  • In DNS, instead of pointing anotherdomain.xyz directly with an A record to your server’s IP, you created a CNAME like this: 
anotherdomain.xyz     CNAME    proxy.pxydomain.xyz
Enter fullscreen mode Exit fullscreen mode
  • Now you’re getting the CNAME Cross-User Banned error.

Why this happens

The error isn’t from your DNS itself — it’s usually from Cloudflare, AWS CloudFront, or another CDN/proxy layer in front of your setup.

  • Cloudflare in particular blocks “CNAME flattening” if the target (proxy.pxydomain.xyz) doesn’t belong to your account or doesn’t resolve in a way Cloudflare accepts.
  • AWS CloudFront also blocks if the CNAME target (proxy.pxydomain.xyz) is registered with a distribution in another AWS account.

So, the issue comes from your DNS proxy/CDN provider not allowing you to CNAME one apex/root domain (**anotherdomain.xyz**) to another domain (**proxy.pxydomain.xyz**) unless you prove ownership of both.

Here the solutions:

Option 1 — Use A/AAAA record directly

Instead of CNAME:

anotherdomain.xyz  A     <your server IP>
Enter fullscreen mode Exit fullscreen mode

Then let Nginx Proxy Manager handle the domain internally. This is the simplest and avoids the CNAME restriction

Option 2 — Use CNAME only for subdomains

Some providers (like Cloudflare) don’t allow CNAME at the root domain (anotherdomain.xyz). But they allow it for subdomains, e.g.:

www.anotherdomain.xyz  CNAME  proxy.pxydomain.xyz
Enter fullscreen mode Exit fullscreen mode

Then redirect anotherdomain.xyz → [www.](http://www.greatmind.xyz.)anotherdomain[.xyz](http://www.greatmind.xyz.).

Option 3 — Same CDN account

If you’re using Cloudflare:

  • Add both domains (**pxydomain.xyz** and **anotherdomain.xyz**) to the same Cloudflare account/zone.
  • Then Cloudflare won’t block the CNAME because it sees you own both.

Option 4 — Disable CDN proxying

If Cloudflare is the culprit:

  • Go to your DNS settings in Cloudflare.
  • Switch the orange cloud ☁️ (proxy) → to gray (DNS only).
  • This bypasses the restriction but loses Cloudflare proxy/CDN features.

Done.

Here i am using Option 4. And It works 😀

Top comments (0)