![[AWS Technical Support Note] Summary of APEX domain and CNAME record limitations for AWS Beginners](https://devio2024-media.developers.io/image/upload/v1754389928/user-gen-eyecatch/wtql9jswjda21b88hrj4.png)
[AWS Technical Support Note] Summary of APEX domain and CNAME record limitations for AWS Beginners
In this blog, we will review basic information, such as "what is a subdomain"
Then we will consider why problems may occur when using CNAME record with APEX domain
What is an APEX domain?
Let's start with the appearance of an APEX domain which typically has a simple and clean look, such as:
example.com
A domain without "." and hostname on the left side of your own domain is called an APEX domain.
It may also be called a naked domain or Zone Apex.
When there is a "." and hostname on the left side of your own domain, it becomes a subdomain.
In this format, the first thing that might come to mind is www.example.com, isn't it?
This is a good opportunity for us to revisit the definition of subdomains.## What is a subdomain
Subdomain is defined in RFC1034 as follows:
DOMAIN NAMES - CONCEPTS AND FACILITIES (English)
A domain is identified by a domain name, and consists of that part of
the domain name space that is at or below the domain name which
specifies the domain. A domain is a subdomain of another domain if it
is contained within that domain. This relationship can be tested by
seeing if the subdomain's name ends with the containing domain's name.
For example, A.B.C.D is a subdomain of B.C.D, C.D, D, and " ".
(Translated to Thai by AI)
โดเมนถูกระบุโดยชื่อโดเมน และประกอบด้วยส่วนหนึ่งของพื้นที่ชื่อโดเมนที่อยู่ที่หรือต่ำกว่าชื่อโดเมนที่ระบุโดเมนนั้น โดเมนจะเป็นซับโดเมนของโดเมนอื่นหากหนึ่งหากอยู่ภายในโดเมนนั้น ความสัมพันธ์นี้สามารถทดสอบได้โดยการดูว่าชื่อซับโดเมนลงท้ายด้วยชื่อโดเมนที่บรรจุหรือไม่ ตัวอย่างเช่น A.B.C.D เป็น subdomain ของ B.C.D, C.D, D และ " "
Let's consider the above using example.com as an example.
All domains below are subdomains of example.com
finance.example.com
news.example.com
books.example.com
travel.example.com
stockmarket.finance.example.com
sports.news.example.com
food.books.example.com
domestic.travel.example.com
When creating a subdomain, it's common to add a "." to the left of the domain, and then subdivide by category, etc.
By adding another "." to the left of the subdomain, you can also create a subdomain named food within the books category, such as food.books.example.com.
After looking at the definition of subdomain, let's revisit the characteristics of an APEX domain.## Writing APEX Domain in Zone File
If you use an APEX domain and specify the global IP address of the homepage in the A record, the zone file will have details as follows (roughly)
One advantage of using an APEX domain is that you can omit www. Compared to specifying an A record using the subdomain www.example.com, this makes the URL shorter.
You might think that using their website with an APEX domain would be a better choice, right?
However, the APEX domain has the limitation that it cannot use a CNAME record.
(In reality, due to the limitations regarding CNAME records, you cannot use a CNAME record with an APEX domain)
Therefore, APEX domains cannot work with various services such as CDN (Content Delivery Network) services, which provide endpoints as DNS names rather than IP addresses.
Before checking whether APEX domains can work with CDN services or not, let's look at the limitations of CNAME first.## Limitations of CNAME
Request for Comments: 1912 (English)
A CNAME record is not allowed to coexist with any other data. In other words, if suzy.podunk.xx is an alias for sue.podunk.xx, you can't also have an MX record for suzy.podunk.edu, or an A record, or even a TXT record. Especially do not try to combine CNAMEs and NS records like this!:
English Translation
A CNAME record is not allowed to coexist with any other data. In other words, if suzy.podunk.xx is an alias for sue.podunk.xx, you cannot have an MX record for suzy.podunk.edu, an A record, or even a TXT record. Especially do not try to combine CNAME records and NS records like this!
To be frank, the example in the RFC document is quite confusing. But to understand it simply, you cannot specify other types of records that have the same record name as used in a CNAME record.
For example, registering the subdomain name www.example.com as a CNAME record and registering the same record name www.example.com as an A record as shown below, is a violation of RFC 1912
What happens if we add CNAME records to the zone file for the APEX domain of example.com?
In fact, if you try to write a CNAME record in the zone file of an APEX domain, you will understand why CNAME records cannot be used with APEX domains.
CNAME records, which should not coexist with other records, would have to coexist with NS records, SOA records, and others in the APEX domain using the same record name.## Alias Record
After discussing the basics at length, next we'll look at recording Alias Records for Amazon Route 53.
Choosing between alias and non-alias records (English)
Unlike a CNAME record, you can create an alias record at the top node of a DNS namespace, also known as the zone apex. For example, if you register the DNS name example.com, the zone apex is example.com. You can't create a CNAME record for example.com, but you can create an alias record for example.com that routes traffic to www.example.com (as long as the record type for www.example.com is not of type CNAME).
English translation:
Unlike a CNAME record, you can create an alias record at the top node of a DNS namespace, also known as the zone apex. For example, if you register the DNS name example.com, the zone apex is example.com. You can't create a CNAME record for example.com, but you can create an alias record for example.com that routes traffic to www.example.com (as long as the record type for www.example.com is not of type CNAME).
Actually, we just understood that an alias record is simply a record that's more convenient to use than a CNAME record. But it turns out it also helps solve the limitation of CNAME records that can't be used with other records.## Cloudflare Support for APEX Domains
We have tried to study how other CDN services avoid CNAME limitations.
Cloudflare uses a feature called CNAME Flattening to bypass CNAME limitations and provide CDN services for APEX domains.
URLに「WWW」が付かないサイトを作る場合の注意点 (Japanese)
CNAME Flatteningといって、DNS設定画面の見掛け上はCNAMEとなりますが、実際に動作はDNSクエリーの問い合わせ元に対してAレコードとして振る舞います。 応答するアドレスは転送先のFQDNの名前解決を再帰的に行い、返されたアドレスを問い合わせ元に返し、同時にCloudflare内にキャッシュします。
English Translation
A technique called CNAME Flattening, which appears as a CNAME in the DNS settings screen, but in actual operation behaves as an A record when responding to the source of the DNS query.
The address that is returned comes from recursively performing name resolution with the destination FQDN, then sending the received address back to the source of the query, while simultaneously caching it within Cloudflare.
Conclusion
If asked why APEX domains can't use CNAME records, only a few people could answer immediately.
Each of these topics is just a review of the basics. I hope this article is useful for all readers.
Reference Articles
・【小ネタ】Route 53 のホストゾーンに CNAME レコードと重複するドメイン名で MX レコードを登録しようとしたらきちんと怒られた (Japanese)
・DOMAIN NAMES - CONCEPTS AND FACILITIES (English)
・Request for Comments: 1912 (English)
・URLに「WWW」が付かないサイトを作る場合の注意点 (Japanese)
Original Article
[初心者向け] APEX ドメインと CNAME レコード制約についてまとめてみた (Japanese)
![[AWS Technical Support Note] ช่วยแนะนำวิธีเปลี่ยน Primary IP Address ของ EC2 instance ที่มีอยู่แล้วโดยไม่ต้องลบ instance ได้ไหม](https://devio2024-media.developers.io/image/upload/v1755596933/user-gen-eyecatch/zuw2fi0omyyaxmy4epsg.png)