We are using AWS to provide elasticsearch and this is exposed via elastic IPs. We are using a CNAME to point to the AWS record but this is failing with a 1002 error as the exposed IPs are all RFC1918 and therefore local. We can’t NAT this as the elastic IPs are changing every 15 minutes or so. We can put the record in as DNS only and that works but we want to hide the origin IPs as this is in a PCI scope. Is there anyway around this?