{"id":112,"date":"2025-04-06T05:26:17","date_gmt":"2025-04-06T05:26:17","guid":{"rendered":"https:\/\/www.codelogicx.com\/blog\/?p=112"},"modified":"2026-02-06T05:57:42","modified_gmt":"2026-02-06T05:57:42","slug":"adding-cname-record-on-root-domain-zone-apex-in-route-53","status":"publish","type":"post","link":"https:\/\/www.codelogicx.com\/blog\/adding-cname-record-on-root-domain-zone-apex-in-route-53\/","title":{"rendered":"Adding CNAME Record on Root Domain (zone apex) in Route 53"},"content":{"rendered":"<div id=\"section1\" class=\"active\">\n<h2>Introduction<\/h2>\n<p><strong>The following blog address the limitation of Route 53 to add CNAME record on the root domain (zone apex) with which the Hosted Zone is been created.<\/strong><\/p>\n<p>For legitimate reasons CNAME records are illegal for domains that are not sub-domain.<\/p>\n<p><em>There are mainly 2 reasons:<\/em><\/p>\n<ol>\n<li><strong>SOA and NS records are mandatory<\/strong>\u00a0to be present at the root domain<\/li>\n<li><strong>CNAME records can only exist as single records\u00a0<\/strong>and cannot be combined with any other resource record (DNSSEC SIG, NXT, and KEY RR records excepted)<\/li>\n<\/ol>\n<p>In today\u2019s landscape there are many web-hosting sites that provides us with subdomains instead on A records on hosting a site on their platform\u2019s server. This may cause trouble when you are managing the domain (that you want to point to the platform\u2019s server) on Route 53. It is a common practice to host the landing page of a website (which is generally the root domain) on a web designing PAAS solution provider.<\/p>\n<p>To get around this problem we will be using the concept of:<\/p>\n<ul>\n<li><strong><em>ALIAS record in Route 53<\/em><\/strong><\/li>\n<li><strong><em>Application Load balancer<\/em><\/strong><\/li>\n<\/ul>\n<p><em>What is an ALIAS record in Route 53?<\/em><\/p>\n<p>It is a virtual record types that provide CNAME like behavior, with none of the downsides. Alias records let you route traffic to selected AWS resources, such as Load balancer, CloudFront.<\/p>\n<p>Unlike a CNAME record, you can create an alias record at the top node of a DNS namespace, also known as the\u00a0<em>zone apex<\/em>. For example, if you register the DNS name example.com, the zone apex is example.com. You can\u2019t create a CNAME record for example.com, but you can create an alias record for example.com that routes traffic to\u00a0<a href=\"http:\/\/www.example.com\/\" target=\"_blank\" rel=\"noopener\">www.example.com<\/a>.<\/p>\n<p>Note: \u2013\u00a0<u>ALIAS records can only be applied to AWS resources<\/u>.<\/p>\n<\/div>\n<div id=\"section2\" class=\"\">\n<h2>What is Application Load Balancer in AWS?<\/h2>\n<p>An Application Load Balancer (ALB) functions at the application layer, the seventh layer of the Open Systems Interconnection (OSI) model. After the load balancer receives a request, it evaluates the listener rules in priority order to determine the path in which traffic will be routed.<\/p>\n<ul>\n<li>ALB supports path-based routing.<\/li>\n<li>Support for redirecting requests from one URL to another. This is the feature we will be using to route the root domain to the other subdomain given to us by the website provider.<\/li>\n<\/ul>\n<p><strong>Now, let\u2019s start with the setup:<\/strong><\/p>\n<p><em>Assumption: \u2013<\/em><\/p>\n<ul>\n<li>We will assume our root domain is example.com<\/li>\n<li>That a Hosted zone is already created for example.com on route 53.<\/li>\n<li>We will assume an URL (subdomain) has been provided to us by the PAAS Solution (web hosting provider).<\/li>\n<li>SSL certificate of the root domain from AWS ACM created and verified.<\/li>\n<\/ul>\n<p>&nbsp;<\/p>\n<\/div>\n<div id=\"section3\" class=\"\">\n<h2>Creating an Application Load Balancer<\/h2>\n<p><strong>Creating a Target group:<\/strong><br \/>\nFunnily, this target group will be unnecessary after the setup is complete and we can delete it, but AWS doesn\u2019t support creating ALB without target groups.<\/p>\n<p><em>Steps:<\/em><br \/>\na) Go to EC2 console -&gt; Target group<br \/>\nb) Create a Target group with default settings given. Do not attach any\u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 \u00a0 targets to the target group<br \/>\nc) Note the VPC where the target group you are creating. This is where ALB will also be created.<br \/>\n<em>Note: \u2013\u00a0<u>IT is advisable to select a VPC where there is multiple<\/u>\u00a0<u>public subnets in different availability zones<\/u>.<\/em><br \/>\nd) Give a name for the target group.<\/p>\n<p>&nbsp;<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-314 size-full\" src=\"https:\/\/codelogicx.com\/blog\/wp-content\/uploads\/2023\/01\/target-group.jpg\" sizes=\"auto, (max-width: 451px) 100vw, 451px\" srcset=\"https:\/\/blog.codelogicx.com\/wp-content\/uploads\/2023\/01\/target-group.jpg 451w, https:\/\/blog.codelogicx.com\/wp-content\/uploads\/2023\/01\/target-group-145x300.jpg 145w\" alt=\"\" width=\"451\" height=\"933\" \/><\/p>\n<p>&nbsp;<\/p>\n<p><strong>Creating Application Load Balancer:<\/strong><\/p>\n<p><em>\u00a0\u00a0Steps:<\/em><br \/>\na)\u00a0\u00a0\u00a0\u00a0 Go to EC2 console -&gt; Load balancer<br \/>\nb)\u00a0\u00a0\u00a0\u00a0 Select Create Load balancer -&gt; Application Load balancer<br \/>\nc)\u00a0\u00a0\u00a0\u00a0 Select the scheme as Internet-facing.<br \/>\nd)\u00a0\u00a0\u00a0\u00a0 Select the same VPC where the Target group was created.<br \/>\ne)\u00a0\u00a0\u00a0\u00a0 Choose 1 public subnets from each availability zone.<br \/>\nf) \u00a0\u00a0\u00a0\u00a0 Create\/select a security group.<br \/>\nI) \u00a0<strong>\u00a0Inbound Rule: Port 80 &amp; 443 should be open to 0.0.0.0\/0 (all)<\/strong><br \/>\nII)\u00a0\u00a0\u00a0<strong>Outbound Rule: All ports should be open to 0.0.0.0\/0 (all)<\/strong><\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-307 size-large\" src=\"https:\/\/codelogicx.com\/blog\/wp-content\/uploads\/2023\/01\/inbound-rules-1024x278.jpg\" sizes=\"auto, (max-width: 640px) 100vw, 640px\" srcset=\"https:\/\/blog.codelogicx.com\/wp-content\/uploads\/2023\/01\/inbound-rules-1024x278.jpg 1024w, https:\/\/blog.codelogicx.com\/wp-content\/uploads\/2023\/01\/inbound-rules-300x81.jpg 300w, https:\/\/blog.codelogicx.com\/wp-content\/uploads\/2023\/01\/inbound-rules-768x209.jpg 768w, https:\/\/blog.codelogicx.com\/wp-content\/uploads\/2023\/01\/inbound-rules.jpg 1182w\" alt=\"\" width=\"640\" height=\"174\" \/><\/p>\n<p>g)\u00a0\u00a0\u00a0 Select the Listener protocol &amp; port as<strong>\u00a0HTTPS &amp; 443<\/strong>. Select the Target group \u00a0\u00a0 \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0created above as \u2019<em>Forward default action\u2019<\/em>.<br \/>\nh)\u00a0\u00a0\u00a0 Select the SSL certificate you created from ACM.<br \/>\ni)\u00a0\u00a0\u00a0 Create the Load balancer with a unique name.<\/p>\n<ul>\n<li><strong>Updating Listener rules in ALB:<\/strong><\/li>\n<\/ul>\n<p><em>Steps:<\/em><br \/>\na) Select the listener HTTPS:443.<br \/>\nb) Edit the default action from the details page<\/p>\n<p>i) Remove the default action from listener details. Create a new action with Action type: \u2018Return fixed response\u2019.<br \/>\nii) Enter response code as 404. Optionally you can add response body.<\/p>\n<p><em>*<u>\u00a0The reason is, if anyone tries to open the URL of the load\u00a0<\/u><\/em><em><u>balancer directly, the response will be 404 Not found. The ALB can only forward traffic when it is redirected from the root domain URL through the ALIAS record<\/u><\/em>.<\/p>\n<p>c)\u00a0\u00a0 In the same listener under Rules, select manage rules<br \/>\ni)\u00a0 Select add rules (shown by + sign on top)<br \/>\nii) Add IF condition as \u2018<em>Host Header<\/em>\u2019. The value is the name of the root domain from which you want to redirect.<br \/>\niii) Under Add action select: \u2018Redirect to\u2019.<br \/>\niv) Select the redirect protocol as HTTPS with \u2018Custom host, path, \u00a0\u00a0\u00a0\u00a0query\u2019.<br \/>\nv) For Host, enter www.{root_domain}. For example, if your root \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0domain is example.com, the Host will be \u2018www.example.com\u2019.<\/p>\n<p>*\u00a0<em><u>The way it works, the root domain redirects to a<\/u><u>subdomain of its, for which CNAME record can be added.<\/u><\/em><em><u>Generally, that subdomain is \u2018www\u2019. In the later phase we<\/u><u>have to update a CNAME record on Route 53 for this<\/u><\/em><em><u>subdomain (<\/u><\/em><a href=\"http:\/\/www.example.com\/\" target=\"_blank\" rel=\"noopener\"><em>www.example.com<\/em><\/a><em><u>, as ex here)<\/u><\/em>.<\/p>\n<p>*\u00a0<em><u>Note the \u2018Host value\u2019 you added as we have to create a<\/u><\/em><em><u>CNAME record for this value in Route 53. This subdomain<\/u><\/em><em><u>record will point to the URL provided to us by the web-hosting site<\/u><\/em>.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-308 size-large\" src=\"https:\/\/codelogicx.com\/blog\/wp-content\/uploads\/2023\/01\/listener-1024x266.jpg\" sizes=\"auto, (max-width: 640px) 100vw, 640px\" srcset=\"https:\/\/blog.codelogicx.com\/wp-content\/uploads\/2023\/01\/listener-1024x266.jpg 1024w, https:\/\/blog.codelogicx.com\/wp-content\/uploads\/2023\/01\/listener-300x78.jpg 300w, https:\/\/blog.codelogicx.com\/wp-content\/uploads\/2023\/01\/listener-768x199.jpg 768w, https:\/\/blog.codelogicx.com\/wp-content\/uploads\/2023\/01\/listener.jpg 1359w\" alt=\"\" width=\"640\" height=\"166\" \/><\/p>\n<p><strong>Creating Listener HTTP: 80:<\/strong><\/p>\n<p><em>Steps:<\/em><br \/>\na)\u00a0 Under the listener tab in the Load balancer main page, select \u2018Add Listener\u2019<br \/>\nb) \u00a0<em>Select the Protocol as HTTP:80. Under \u2018default Action\u2019 select \u2018Redirect\u2019<\/em>.<br \/>\nc)\u00a0 \u00a0<strong>Under \u2018Redirect\u2019 select Protocol HTTPS:443.<\/strong><br \/>\nd)\u00a0\u00a0 For redirection rule, select: \u2018<strong>Original, host, path, query<\/strong>\u2019. Save the setting.<\/p>\n<p>*\u00a0<em><u>The reason is, if the URL is requested with HTTP protocol it will auto-redirect to HTTPS<\/u><\/em>..<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-309 size-large\" src=\"https:\/\/codelogicx.com\/blog\/wp-content\/uploads\/2023\/01\/listener-2-1024x183.jpg\" sizes=\"auto, (max-width: 640px) 100vw, 640px\" srcset=\"https:\/\/blog.codelogicx.com\/wp-content\/uploads\/2023\/01\/listener-2-1024x183.jpg 1024w, https:\/\/blog.codelogicx.com\/wp-content\/uploads\/2023\/01\/listener-2-300x54.jpg 300w, https:\/\/blog.codelogicx.com\/wp-content\/uploads\/2023\/01\/listener-2-768x138.jpg 768w, https:\/\/blog.codelogicx.com\/wp-content\/uploads\/2023\/01\/listener-2.jpg 1374w\" alt=\"\" width=\"640\" height=\"114\" \/><\/p>\n<\/div>\n<div id=\"section4\" class=\"\">\n<h2>Creating Records in Route 53: &#8211;<\/h2>\n<p><strong>We need to add 2 records in route 53:<\/strong><br \/>\n<em>*<\/em>\u00a0<em>Adding the ALB ALIAS record to the root domain.<\/em><\/p>\n<p><em>* Adding CNAME record to the subdomain that redirects to the URL\u00a0<\/em>\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0 \u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0\u00a0<em>provided to us from the web hosting provider<\/em><\/p>\n<p><em>Create record under the Hosted zone: \u2013<\/em><\/p>\n<p><strong>The 1<sup>st<\/sup>\u00a0record is for ALIAS:<\/strong><\/p>\n<p><em>Steps:<\/em><br \/>\na) Since the record will be on root domain, we keep subdomain value as blank.<br \/>\nb) Select the Record type as\u00a0<strong>A record<\/strong>.\u00a0<strong>TURN ON ALIAS<\/strong>\u00a0radio icon.<br \/>\nc) Select \u2018Route traffic to\u2019 as \u2018<em>Alias to Application &amp; classic load balancer<\/em>\u2019.<br \/>\nd) Select the proper\u00a0<strong>region and the ALB DNS<\/strong>\u00a0<strong>name<\/strong>\u00a0of the Load balancer you created for this project.<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-311 size-full\" src=\"https:\/\/codelogicx.com\/blog\/wp-content\/uploads\/2023\/01\/create-record-1.jpg\" sizes=\"auto, (max-width: 964px) 100vw, 964px\" srcset=\"https:\/\/blog.codelogicx.com\/wp-content\/uploads\/2023\/01\/create-record-1.jpg 964w, https:\/\/blog.codelogicx.com\/wp-content\/uploads\/2023\/01\/create-record-1-300x155.jpg 300w, https:\/\/blog.codelogicx.com\/wp-content\/uploads\/2023\/01\/create-record-1-768x397.jpg 768w\" alt=\"\" width=\"964\" height=\"498\" \/><\/p>\n<p><strong>The 2<sup>nd<\/sup>\u00a0record is for CNAME:<\/strong><\/p>\n<p><em>Steps:<\/em><\/p>\n<p>a) Enter the subdomain value, the Host value you used when creating the ALB HTTPS listener custom rule.<\/p>\n<p>*\u00a0<em><u>The reason is, the load balancer will redirect to this CNAME record and<\/u><\/em>\u00a0<em><u>this CNAME record will finally redirect to the URL that is used on web-hosting.<\/u><\/em><\/p>\n<p>b)\u00a0 Select the Record type as\u00a0<strong>CNAME record<\/strong>.<br \/>\nc) Finally, put the\u00a0<strong>URL provided by the web-hosting provider as value<\/strong>.<\/p>\n<p>&nbsp;<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-312 size-full\" src=\"https:\/\/codelogicx.com\/blog\/wp-content\/uploads\/2023\/01\/quick-create-record.jpg\" sizes=\"auto, (max-width: 949px) 100vw, 949px\" srcset=\"https:\/\/blog.codelogicx.com\/wp-content\/uploads\/2023\/01\/quick-create-record.jpg 949w, https:\/\/blog.codelogicx.com\/wp-content\/uploads\/2023\/01\/quick-create-record-300x145.jpg 300w, https:\/\/blog.codelogicx.com\/wp-content\/uploads\/2023\/01\/quick-create-record-768x372.jpg 768w\" alt=\"\" width=\"949\" height=\"460\" \/><\/p>\n<\/div>\n<div id=\"section5\" class=\"\">\n<h2>How Everything Works?<\/h2>\n<ul>\n<li>The root domain redirects to the Application load balancer.<\/li>\n<li>The load balancer redirects to the CNAME record of the root domain.<\/li>\n<li>The CNAME record redirects to the URL of the web-hosting site.<\/li>\n<\/ul>\n<p>Redirection Flow through Route 53<\/p>\n<p><img loading=\"lazy\" decoding=\"async\" class=\"aligncenter wp-image-331 size-full\" src=\"https:\/\/codelogicx.com\/blog\/wp-content\/uploads\/2023\/01\/route-53.jpg\" sizes=\"auto, (max-width: 392px) 100vw, 392px\" srcset=\"https:\/\/blog.codelogicx.com\/wp-content\/uploads\/2023\/01\/route-53.jpg 392w, https:\/\/blog.codelogicx.com\/wp-content\/uploads\/2023\/01\/route-53-125x300.jpg 125w\" alt=\"\" width=\"392\" height=\"942\" \/><\/p>\n<p>In conclusion, through Application Load balancer we can forward the domain root to a CNAME record.<\/p>\n<\/div>\n","protected":false},"excerpt":{"rendered":"<p>Introduction The following blog address the limitation of Route 53 to add CNAME record on the root domain (zone apex) with which the Hosted Zone is been created. For legitimate reasons CNAME records are illegal for domains that are not sub-domain. There are mainly 2 reasons: SOA and NS records are mandatory\u00a0to be present at &hellip; <\/p>\n<p class=\"link-more\"><a href=\"https:\/\/www.codelogicx.com\/blog\/adding-cname-record-on-root-domain-zone-apex-in-route-53\/\" class=\"more-link\">Continue reading<span class=\"screen-reader-text\"> &#8220;Adding CNAME Record on Root Domain (zone apex) in Route 53&#8221;<\/span><\/a><\/p>\n","protected":false},"author":1,"featured_media":118,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"footnotes":""},"categories":[1],"tags":[36,35],"class_list":["post-112","post","type-post","status-publish","format-standard","has-post-thumbnail","hentry","category-startupx","tag-application-load-balancer","tag-cname-record"],"acf":[],"_links":{"self":[{"href":"https:\/\/www.codelogicx.com\/blog\/wp-json\/wp\/v2\/posts\/112","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.codelogicx.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.codelogicx.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.codelogicx.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.codelogicx.com\/blog\/wp-json\/wp\/v2\/comments?post=112"}],"version-history":[{"count":3,"href":"https:\/\/www.codelogicx.com\/blog\/wp-json\/wp\/v2\/posts\/112\/revisions"}],"predecessor-version":[{"id":125,"href":"https:\/\/www.codelogicx.com\/blog\/wp-json\/wp\/v2\/posts\/112\/revisions\/125"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/www.codelogicx.com\/blog\/wp-json\/wp\/v2\/media\/118"}],"wp:attachment":[{"href":"https:\/\/www.codelogicx.com\/blog\/wp-json\/wp\/v2\/media?parent=112"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.codelogicx.com\/blog\/wp-json\/wp\/v2\/categories?post=112"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.codelogicx.com\/blog\/wp-json\/wp\/v2\/tags?post=112"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}