DNS "A ALIAS" Record type support for Origin Server

Created at:
Avatar
Updated

While on-boarding a site to the Cloud WAF, current DNS records are captured and stored in the Cloud WAF management console -- > Site --> Settings --> General/Advanced tab.

Once a customer points the site to Cloud WAF the following flow occurs:

 

User -> Cloud WAF -> Origin Server. 

 

CNAME as Origin Server

The default behavior of Cloud WAF when adding a site is to resolve and capture the IP address i.e. A records.

However, a domain may point to a CNAME to support dynamic changes in IP-addresses:

www.example.com CNAME abc.example.com 

abc.example.com A 1.1.1.1

For most CNAMEs, Imperva Cloud WAF proxies can capture the CNAME, and add it to the Origin Servers tab. 

Whenever a CNAME is configured for a site as the origin server, the Cloud WAF proxy will regularly query it. The querying interval will occur in accordance with the returned TTL for the CNAME record.

 

AWS "An ALIAS" Record:

To increase DNS query efficiency AWS offers another record type "A ALIAS" 

AWS documentation is located here

With this configuration the DNS server is configured as below:

www.example.com A ALIAS abc.example.com 

 

However, running  a DNS query returns A records and not CNAME: 

#dig www.example.com 

;;ANSWER SECTION

www.examle.com 60 IN A 1.1.1.1

 

Hence, when on-boarding domains with "A ALIAS" records to Cloud WAF, the Imperva Cloud WAF will capture the A records and not the CNAME. 

Currently, Cloud WAF doesn't support identifying the CNAME record for domains configured as "A ALIAS".

To support this configuration, navigate to Site --> Settings --> Origin Servers and manually add the required CNAME as the origin server.  

 

Was this article helpful?
3 out of 3 found this helpful
Have more questions? Submit a request

Comments

Powered by Zendesk