DNS CNAME and A Records

DNS Overview

Domain Name Servers (DNS) help the world function by mapping names like domain.com to both IP addresses (192.168.1.1) and to other harder to remember server names (weeping-dragon-20934030-3030043.herokuapp.com).

Expedited WAF leverages both DNS CNAME and A records to give you a highly available and fault tolerant shield protecting your application. 

DNS CNAME Records

CName DNS records map names to names. 

Heroku makes extensive use of CNAMEs in providing their base SSL and Domain name services. A typical Pre-WAF Heroku DNS configuration would be:

www.example.com    CNAME     vibrant-mushroom-3043.herokuapp.com

CNAME Limitations

Due to decisions made early in the history of the Internet, CNAME records can not point to the "apex"  base domain of a URL. 

www.example.com <---- has a 'www' subdomain

example.com <----------- is the apex domain, no subdomain.

DNS "A" Records 

DNS A records point to IP addresses and can be either the apex or subdomains. 

Marketing Websites

For websites that you expect people to type in the URL of and browse through, it's typical to point both the www subdomain and the apex domain to the IP address of the WAF. 

<a href="http://www.example.com">www.example.com</a>        A RECORD        192.168.1.1

example.com            A RECORD        192.168.1.1

Note: This configuration provides the capability for connecting over either the apex or www subdomain (so users don't see a 'Not Found' error message when connecting. However, you most likely want to pick one as your primary/canonical domain and redirect requests to it from the alternate domain in your app.

API Websites

If you're protecting an API with the WAF you only need a single DNS A record rule, like:

api.example.com        A RECORD        192.168.1.1
Did this answer your question? Thanks for the feedback There was a problem submitting your feedback. Please try again later.