While on-boarding a site to Incapsula, current DNS records are captured and stored in the Incapsula management console -- > Site --> Settings --> Origin Servers tab.
Once a customer points the site to Incapsula the following flow occurs:
User -> Incapsula -> Origin Server.
CNAME as Origin Server:
The default behavior of Incapsula when adding a site is to resolve and capture the IP address i.e. A records.
However, a domain may point to a CNAME to support dynamic changes in ip-addresses:
www.example.com CNAME abc.example.com
abc.example.com A 126.96.36.199
For most CNAMEs Incapsula proxy can capture the CNAME, and add it to the Origin Servers tab.
Whenever a CNAME is configured for a site as the origin server, the Incapsula proxy will regularly query it. The querying interval will occur in accordance with the returned TTL for the CNAME record.
AWS "A ALIAS" Record:
To increase DNS query efficiency AWS offers another record type "A ALIAS"
AWS documentation is located here.
With this configuration the DNS server is configured as below:
www.example.com A ALIAS abc.example.com
However, running a DNS query returns A records and not CNAME:
www.examle.com 60 IN A 188.8.131.52
Hence, when on-boarding domains with "A ALIAS" records to Incapsula, Incapsula will capture the A records and not the CNAME.
Currently, Incapsula doesn't support identifying cname record for domains configured as "A ALIAS".
To support this configuration, navigate to Site --> Settings --> Origin Servers and manually add the required CNAME as the origin server.