DNS CNAME and A Records

DNS Overview

Domain Name Servers (DNS) help the world function by mapping names like domain.com to both IP addresses ( and to other harder to remember server names (weeping-dragon-20934030-3030043.herokuapp.com).

Expedited WAF leverages both DNS CNAME and A records to give you a highly available and fault tolerant shield protecting your application. 


CName DNS records map names to names. 

Heroku makes extensive use of CNAMEs in providing their base SSL and Domain name services. A typical Pre-WAF Heroku DNS configuration would be:

www.example.com    CNAME     vibrant-mushroom-3043.herokuapp.com

CNAME Limitations

Due to decisions made early in the history of the Internet, CNAME records can not point to the "apex"  base domain of a URL. 

www.example.com <---- has a 'www' subdomain

example.com <----------- is the apex domain, no subdomain.

DNS "A" Records 

DNS A records point to IP addresses and can be either the apex or subdomains. 

Marketing Websites

For websites that you expect people to type in the URL of and browse through, it's typical to point both the www subdomain and the apex domain to the IP address of the WAF. 

<a href="http://www.example.com">www.example.com</a>        A RECORD
example.com            A RECORD

Note: This configuration provides the capability for connecting over either the apex or www subdomain (so users don't see a 'Not Found' error message when connecting. However, you most likely want to pick one as your primary/canonical domain and redirect requests to it from the alternate domain in your app.

API Websites

If you're protecting an API with the WAF you only need a single DNS A record rule, like:

api.example.com        A RECORD
Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.