15

In Amazon, I am attempting to create a cname for a domain, 

example.com

to a load balancer in Route 53

Examplecom-1058462749.us-west-2.elb.amazonaws.com

But when I try to save the record, I get this error:

RRSet of type CNAME with DNS name example.com. 
is not permitted at apex in zone example.com.

And when I try to make it an A record, I get a similar issue:

The record set could not be saved because:
- The Value field contains invalid characters 
or is in an invalid format.

Because the public DNS of the load balancer is not an ipv4 address. What am I doing wrong? How can i get example.com to point to the load balancer? Note, I did successfully created a cname for www.example.com to the load balancers public dns.

David Williams
  • 8,388
  • 23
  • 83
  • 171

3 Answers3

28

http://docs.aws.amazon.com/Route53/latest/DeveloperGuide/CreatingAliasRRSets.html

You don't use a CNAME, you use an A record configured as an ALIAS for the ELB.

When you set Alias to "Yes" while creating the A record, you will then see a box where you select the ELB whose internal info will be used to serve up answers for the alias.

Aliases are a Route 53 feature designed to support exactly what you are trying to do.

Michael - sqlbot
  • 169,571
  • 25
  • 353
  • 427
  • 1
    How would this be achieved for a dns provider that does support the alias record? – Errol Fitzgerald Mar 28 '14 at 04:39
  • That's exactly the problem AWS was trying to solve when they created the concept of `ALIAS` records -- the DNS does not have an effective way for records at the apex (top level) of a domain (zone) to be served by anything other than the authoritative name servers. Alias records are possible in Route 53 because Route 53 has "internal" knowledge of how the query should be answered; a third party DNS server does not have access to that same information. The only solution that comes to mind would be a DNS proxy server that can requery for the ELB address on the back-end. – Michael - sqlbot Mar 28 '14 at 14:49
  • This solution only applies if the account that the domain is registered in also happens to be the account that contains the load balancer, which is not always the case. What if they are two separate accounts, or if the load balancer isn't associated with AWS at all? – kloddant Mar 17 '17 at 14:52
  • @kloddant then you'd need to do something different. The question is about ELB and apex records. If you really want an ELB or ALB at the apex of a zone, the two will need to be in the same AWS account. CNAMEs at the zone apex are always wrong, everywhere, even though some DNS hosting providers -- quite wrongly -- allow it. CloudFlare has a concept which they (inaccurately) call [CNAME flattening](https://support.cloudflare.com/hc/en-us/articles/200169056-CNAME-Flattening-RFC-compliant-support-for-CNAME-at-the-root), which actually does a DNS proxy lookup on the back side of their DNS server. – Michael - sqlbot Mar 17 '17 at 19:18
1

For CNAME, you cannot use the apex domain(naked domain, root domain):

example.com

Insteed, for CNAME, use the domain which has a subdomain:

www.example.com
blog.example.com
abc.example.com
sideshowbarker
  • 81,827
  • 26
  • 193
  • 197
Super Kai - Kazuya Ito
  • 22,221
  • 10
  • 124
  • 129
0

Quick look of solution screenshot

enter image description here

Kent
  • 371
  • 3
  • 6