EC2/Route53: How Do I Point Apex Record at Load Balancer?

Asked 22/11, 2013 at 3:8 Answered 20/4, 2023 at 5:59

amazon-web-services dns amazon-ec2 load-balancing amazon-route53

In Amazon, I am attempting to create a cname for a domain,

example.com

to a load balancer in Route 53

Examplecom-1058462749.us-west-2.elb.amazonaws.com

But when I try to save the record, I get this error:

RRSet of type CNAME with DNS name example.com. 
is not permitted at apex in zone example.com.

And when I try to make it an A record, I get a similar issue:

The record set could not be saved because:
- The Value field contains invalid characters 
or is in an invalid format.

Because the public DNS of the load balancer is not an ipv4 address. What am I doing wrong? How can i get example.com to point to the load balancer? Note, I did successfully created a cname for www.example.com to the load balancers public dns.

Poesy answered 22/11, 2013 at 3:8 Comment(0)

http://docs.aws.amazon.com/Route53/latest/DeveloperGuide/CreatingAliasRRSets.html

You don't use a CNAME, you use an A record configured as an ALIAS for the ELB.

When you set Alias to "Yes" while creating the A record, you will then see a box where you select the ELB whose internal info will be used to serve up answers for the alias.

Aliases are a Route 53 feature designed to support exactly what you are trying to do.

Piercing answered 22/11, 2013 at 3:37 Comment(4)

How would this be achieved for a dns provider that does support the alias record? – Alice 28/3, 2014 at 4:39

That's exactly the problem AWS was trying to solve when they created the concept of ALIAS records -- the DNS does not have an effective way for records at the apex (top level) of a domain (zone) to be served by anything other than the authoritative name servers. Alias records are possible in Route 53 because Route 53 has "internal" knowledge of how the query should be answered; a third party DNS server does not have access to that same information. The only solution that comes to mind would be a DNS proxy server that can requery for the ELB address on the back-end. – Piercing 28/3, 2014 at 14:49

This solution only applies if the account that the domain is registered in also happens to be the account that contains the load balancer, which is not always the case. What if they are two separate accounts, or if the load balancer isn't associated with AWS at all? – Acciaccatura 17/3, 2017 at 14:52

@Acciaccatura then you'd need to do something different. The question is about ELB and apex records. If you really want an ELB or ALB at the apex of a zone, the two will need to be in the same AWS account. CNAMEs at the zone apex are always wrong, everywhere, even though some DNS hosting providers -- quite wrongly -- allow it. CloudFlare has a concept which they (inaccurately) call CNAME flattening, which actually does a DNS proxy lookup on the back side of their DNS server. – Piercing 17/3, 2017 at 19:18

For CNAME, you cannot use the apex domain(naked domain, root domain):

example.com

Insteed, for CNAME, use the domain which has a subdomain:

www.example.com
blog.example.com
abc.example.com

Clorindaclorinde answered 22/4, 2021 at 18:20 Comment(0)

-1

Quick look of solution screenshot

Disconformity answered 20/4, 2023 at 5:59 Comment(0)

Recommended topics

Hot tags