A(Host) Records with AWS Load Balancer

Question

I have a question regarding AWS Load Balancers.

I can point my CNAME www to my load balancer's DNS perfectly and i know it will always work, BUT I also need to point the @ record to the load balancer so people can access mysite.com instead of www.mysite.com and hit the loadbalancer.

The problem is that the A Records have to point an IP Address so i can't point to the DNS and the IP of the load balancer keeps changing so mysite.com stops working.

Can anyone recommend me a work around for this?

Answer 1

Here are the steps.

1. Click create record set
2. For zone apex record just leave the name field blank
3. Select the type of alias you want to make A or AAAA (all steps after this are the same for both types)
4. Select the yes radio button.
5. Open the EC2 console in another tab and navigate to the list of your load balancers. Click on the load balancer and look at the description tab in the pane below the list. Sample output below

Answer 2

You need a web server that does a redirect instead. ie you want to send a 301 "Moved Permanently" from the web server that mysite.com points to, redirecting to www.mysite.com. Then you CNAME www.mysite.com over to Amazon.

Some DNS hosting providers will do this for you, I think GoDaddy does. Otherwise you need to set up a web server you can configure to do this.

The Apache configuration in .htaccess could be for example:

RewriteEngine on
RewriteCond %{HTTP_HOST} mysite.com
RewriteRule ^(.*)$ http://www.mysite.com/$1 [L,R=permanent]

If you have a generic Apache-hosting site that supports .htaccess then you could do that.

Anyway what you're looking for is a redirect.

Answer 3

Technically, it can't be done. You can only refer to an Amazon load balancer using a CNAME and it breaks DNS rules to assign a CNAME to the root of the domain because of issues this causes with MX records.

That said, some DNS provider do allow you to do this, Amazon's route 53 doesn't, but Zoneedit allows it (with a warning). If you don't need your email to work for that domain, this is a solution. If you do need email, mine did happen to work using Zoneedit, but the DNS rules says you can't rely on this.

Edit: After my post Amazon added the ability to map the root of a domain (aka the zone apex) to a load balancer using Route 53. See this blog post .

Answer 4

As David points out, you can't do it and still remain within DNS RFC. You could just build a small no load balanced instance somewhere that just redirecs mysite.com -> www.mysite.com. Not a totally elegant solution, but a work around..

Answer 5

Amazon now has functionality in Route53 that provides a mechanism for binding A records to ELBs: http://www.allthingsdistributed.com/2011/05/aws_ipv6.html

Answer 6

You do NOT need a redirect, and yes it CAN be done. It's just not in the normal mode of working with DNS, so many people aren't comfortable using zone apexes with ELB aliases yet.

See the links given in other answers here, especially https://serverfault.com/questions/342904/how-do-you-create-a-zone-apex-alias-that-points-to-a-elastic-load-balancer-in-th

Answer 7

Amazon has added a special alias option in their route 53 DNS service. You can point an A record as an alias to the load balancer dns. I ran into this same problem because I host my own DNS servers using Bind 9. I didn't want to use the CNAME with redirect solution. The route 53 solution is better and Amazon is great at propagating DNS info across the globe.

Here is an explanation of how to use route 53 with the special alias record for elastic load balancers.

https://serverfault.com/questions/342904/how-do-you-create-a-zone-apex-alias-that-points-to-a-elastic-load-balancer-in-th

Answer 8

The redirect from DNS service provider didn't work for me. I decided to give up the use of load balancer (from the beginning i created it only to try to hack the mentioned certificate problem). If you must use LB read the opt #2 bellow i didn't try it but i think it's should work.

Opt #1 (without LB) Take the certificate you got from the trusted issuer and install it directly on the server. Give redirect order from the server (http to https) it will handle www as well. I used image of bitnami so i could use bncert-tool for that.

Opt #2 (with LB you should have certificate body and private key) You should do Opt #1 and go to certificate manager at AWS-> import certificate and then use that certificate with your LB that way you have the same certificate with both cases I never tried opt #2

Good luck

Answer 9

For someone who is not using Amazon Route 53 it seems like a recommended solution is to create a Network Load Balancer which then points to an Application Load Balancer, which then points to our EC2 instances.

The Network Load Balancer has a static IP Address, which is what you want.

Source: https://aws.amazon.com/premiumsupport/knowledge-center/alb-static-ip/