AWS Route 53 to CF zone apex


#1

I would like to migrate my domain DNS from AWS Route 53 to CF- however I’m a little confused about how to deal with a top-level/zone apex ALIAS record in our existing Route 53 config. Route 53 ALIAS record is similar to CNAME except it is an AWS construct which allows a DNS record to point directly at an AWS resource- in my case it’s pointing to an ELB (elastic load balancer). So the set up in my Route 53 currently looks like this:

mydomain.com ALIAS —> dualstack.mydomain-loadbalancer.us-east-1.elb.amazonaws. com (loadbalancer hostname)

The reason I’m confused is because CF auto-populated the DNS entries for this top level domain to look like this:

A mydomain. com points to 1.2.3.4
A mydomain. com points to 5.6.7.8

So basically the CF DNS auto-population tool was able to determine that the loadbalancer hostname above resolves to two different IP addresses- and created two A name records accordingly. However- this is NOT CORRECT because due to the nature of AWS loadbalancers- their IP addresses can change at any time:

“Because the set of IP addresses associated with a LoadBalancer can change over time, you should never create an “A” record with any specific IP address. If you want to use a friendly DNS name for your load balancer instead of the name generated by the Elastic Load Balancing service, you should create a CNAME record for the LoadBalancer DNS name, or use Amazon Route 53 to create a hosted zone.”

In this situation I’m not sure what my options are because we NEED the toplevel record for mydomain.com to be an ALIAS record pointing to a loadbalancer.


#2

Hi Arthur,

You should be able to add the CNAME records to Cloudflare’s interface,
then delete the A records.

If you are using Cloudflare with an orange cloud, the client will see
Cloudflare’s A and AAAA records and Cloudflare will follow the CNAME to
the origin server. If you are using a grey cloud, Cloudflare will
resolve the A and AAAA records at the root from the CNAME you entered
(it is illegal to enter a CNAME at the root, but Cloudflare’s DNS will
handle this for you), whereas the WWW will return the actual CNAME.

In either case (orange or grey cloud) clients should end up hitting the
right place on AWS.

However, the auto-detection tool may or may not get this right, it fails
in a lot of different cases, but if you manually set up the DNS records
it should do what you want.


#3

thedaveCA,

Thank you for the reply- I managed to create CNAME records (I learned that CF can do CNAME flattening :)). My next question is what do I do about SOA records- I see there is no SOA record option?


#4

It’s also not clear to me why so many A records were not migrated automatically during the initial DNS auto-migration step.


#5

This topic was automatically closed after 14 days. New replies are no longer allowed.