Why do CDNs use different domain names rather than subdomains? [closed]

domain-name-system cdn

Many online services configure their networks to use CDNs (content delivery networks) to improve performance by allowing content to be served from geographically close locations. I have noticed that very often the CDN is served from a different domain name than the actual service.

For example, a visit to www.amazon.com will involve pulling content from media-amazon.com.

www.facebook.com gets content from fbcdn.com, and so forth.

My question is, why don't these services use subdomains instead of completely different domain names for their CDNs?

E.g. why not use cdn.facebook.com instead of fbcdn.com? I rarely see that being done. Almost always it's a different domain name, often it's the base domain with something added to it, or an abbreviation.

The only thing I can think of is that having a different domain name allows using different DNS providers to spread the DNS load, but that isn't always the case.

Is there a specific technical reason for this practice? If so what is it?

Clarification: I'm not concerned with the cost of domain name registration. I assume any company that makes extensive use of CDNs can afford a few extra domain names. My question is why using subdomains would be inferior to using separate domains from a technical perspective. The fact that the practice is so widespread suggests there are good reasons for it.


While every provider is different and may have different reasons for making the same choices, one common reason this is done is because of Cookies.

If your website makes use of cookies and your cookies may need to be used for multiple subdomains, then you will end up sending cookies along with every CDN request. This causes two issues:

  1. If you have a lot of cookies and/or very large cookies, you will be significantly enlarging every request to the CDN, using up valuable bandwidth for no reason (since the CDN serves the same content to everyone). At the scale of Google, Facebook, Amazon, etc., every byte in the request counts since millions (or even billions) of requests add up quickly.
  2. If your cookies contain user data, you may not wish the CDN to be able to see that data. This is especially true if your CDN is actually wholly or partially hosted by third-party service providers. Not sending cookies to the CDN eliminates one possible avenue of attack against your users' data.

Another common reason is user-generated content. Good examples of this is Gmail attachments and code hosted in GitHub repositories. If user-generated content is hosted on a subdomain, it might be able to stay the user's information from Cookies, LocalStorage, etc. and send it to a third party. Hosting on a different domain mitigates that form of attack.


The answer to this can only be speculation. A likely possibility -

Different teams/build systems handling the CDN and application(s). By separating the domains rather then using subdomains it simplifies management and automation, and makes things less likely to break. The cost if a domain name is trivial in the overall picture.

Related

Ubuntu 20.04 time sync problems and possibly incorrect status information
Generate fingerprint with PGP Public Key
AWS ALB/NLB HTTPS Target with Self-Signed Cert
Accessing domain shares on server from workgroup computers using domain user account
Amazon EC2 instance ubuntu upgrade from 16 to 18
HTTP 500 Error After Trying To Set Up Error Reporting on Google Cloud Console
Ansible command ignore creates
Centos 8 Stream EOL
Double call to root path "/" in a website
Web Developer tools in Midori web browser
Access folders with sudo priviliges via Nautilius-Connect to remote server
Graphical GRUB Menu