DNS CNAME and A Records
Domain Name Servers (DNS) help the world function by mapping names like domain.com to both IP addresses (192.168.1.1) and to other harder to remember server names (weeping-dragon-20934030-3030043.herokuapp.com).
Expedited WAF leverages both DNS CNAME and A records to give you a highly available and fault tolerant shield protecting your application.
DNS CNAME Records
CName DNS records map names to names.
Heroku makes extensive use of CNAMEs in providing their base SSL and Domain name services. A typical Pre-WAF Heroku DNS configuration would be:
www.example.com CNAME vibrant-mushroom-3043.herokuapp.com
Due to decisions made early in the history of the Internet, CNAME records can not point to the "apex" base domain of a URL.
www.example.com <---- has a 'www' subdomain
example.com <----------- is the apex domain, no subdomain.
DNS "A" Records
DNS A records point to IP addresses and can be either the apex or subdomains.
For websites that you expect people to type in the URL of and browse through, it's typical to point both the www subdomain and the apex domain to the IP address of the WAF.
<a href="http://www.example.com">www.example.com</a> A RECORD 192.168.1.1
example.com A RECORD 192.168.1.1
Note: This configuration provides the capability for connecting over either the apex or www subdomain (so users don't see a 'Not Found' error message when connecting. However, you most likely want to pick one as your primary/canonical domain and redirect requests to it from the alternate domain in your app.
If you're protecting an API with the WAF you only need a single DNS A record rule, like:
api.example.com A RECORD 192.168.1.1