(Archived) Which scenario does the root360-redirect service cover

You have tried to access an archived page. Please go to the new https://root360.atlassian.net/wiki/spaces/KB to find more documents.




If you want to point a second-level domain name, e.g. "example.com" to your root360 environment, you cannot simply point an A record to a public IP of your root360 environment. Root360 environments are accessed through elastic loadbalancers that do not have stable IPs. Instead, they have stable domain names which point to a set of changing IPs to enable cross-availability-zone redundancy.

You cannot point an A record to the load balancer's domain. However, you can point a CNAME record to the load balancer domain and this is how we ask  you to connect your third-level domains (such as www.example.com) to the loadbalancer. Second-level domains cannot use a CNAME record in this scenario (see below for a technical explanation).

We solve this issue by providing a redirect server that performs http(s)-based redirects to one of your third-level domains which in turn points via CNAME to the load balancer.

To use this service, create an A record that points from your second-level domain to our redirect service. See below for a detailed explanation.

Example of an application

A website is hosted at www.example.com. The dispatch of newsletters and purchase confirmations is made via eg "buchung@example.com". In addition, newsletters and the website contain elements that do not use the fully-qualified domain www.example.com, but it is linked eg example.com/schoenes-bild.jpg.

There are now two problems. If example.com is set as CNAME to the AWS load balancer, mail is no longer working. If example.com is set as an A-Record to one of the loadbalancer IPs, AWS may change the IP of their loadbalancer at any time an the DNS entry will be obsolete.

The solution is:

  • For www.example.com, set a CNAME with the domain name of the loadbalancer

  • Redirect example.com using our root360 redirect service by pointing it to an A record to our redirect service. The service will then redirect any http(s) requests to www.example.com

  • (Optional) always fully-qualified domains

Features 

  • Redirect any domain example.com to www.example.com for HTTP.  HTTPS works automatically because we provide a SSL certificate using letsencrypt (AWS SSL Certificates issued by Amazon are unfortunately not available).

  • Specific redirections from subdomains to the directory structure eg specialties.feinkost.de after www.feinkost.de/spezialitäten . This configuration requires configuration by root360. 

Letsencrypt certificates will be refused by the default browsers in Android devices using Android <7.1.1 beginning in January 11, 2021. For more information see the announcement about the changes of letsencrypts root certificate.



Access and usage

To use the redirect service set an A record for the domain-to-be-redirected to "52.29.127.0".

The root360-redirect-service does not support IPv6/AAAA-records. Take care to remove AAAA records from your domain-to-be-redirected.

Technical background for DNS 2nd level CNAME violation

The DNS standard (RFC1033) requires that the tree of the alias is not traversed when a CNAME is used, all information resolved at the target. If, for example, example.com is a CNAME, but besides the CNAME, there are other entries, such as MX or SPF, they can not be found and mailing through these MX/SPF records is not possible.

Some proprietary DNS implementations, such as AWS Route53 or CloudFlare violate the standard and allow traversing the records, even if a CNAME exists.

root360 Knowledge Base - This portal is hosted by Atlassian (atlassian.com | Privacy Policy)