You have tried to access an archived page. Please go to the new to find more documents.

If you want to point a second-level domain name, e.g. "" to your root360 environment, you cannot simply point an A record to a public IP of your root360 environment. Root360 environments are accessed through elastic loadbalancers that do not have stable IPs. Instead, they have stable domain names which point to a set of changing IPs to enable cross-availability-zone redundancy.

You cannot point an A record to the load balancer's domain. However, you can point a CNAME record to the load balancer domain and this is how we ask  you to connect your third-level domains (such as to the loadbalancer. Second-level domains cannot use a CNAME record in this scenario (see below for a technical explanation).

We solve this issue by providing a redirect server that performs http(s)-based redirects to one of your third-level domains which in turn points via CNAME to the load balancer.

To use this service, create an A record that points from your second-level domain to our redirect service. See below for a detailed explanation.

Example of an application

A website is hosted at The dispatch of newsletters and purchase confirmations is made via eg "". In addition, newsletters and the website contain elements that do not use the fully-qualified domain, but it is linked eg

There are now two problems. If is set as CNAME to the AWS load balancer, mail is no longer working. If is set as an A-Record to one of the loadbalancer IPs, AWS may change the IP of their loadbalancer at any time an the DNS entry will be obsolete.

The solution is:

Features (warning)

Letsencrypt certificates will be refused by the default browsers in Android devices using Android <7.1.1 beginning in January 11, 2021. For more information see the announcement about the changes of letsencrypts root certificate.

Access and usage

To use the redirect service set an A record for the domain-to-be-redirected to "".

The root360-redirect-service does not support IPv6/AAAA-records. Take care to remove AAAA records from your domain-to-be-redirected.

Technical background for DNS 2nd level CNAME violation

The DNS standard (RFC1033) requires that the tree of the alias is not traversed when a CNAME is used, all information resolved at the target. If, for example, is a CNAME, but besides the CNAME, there are other entries, such as MX or SPF, they can not be found and mailing through these MX/SPF records is not possible.

Some proprietary DNS implementations, such as AWS Route53 or CloudFlare violate the standard and allow traversing the records, even if a CNAME exists.