17

AWS Route53 Alias value

Consider a domain registered on AWS Route53. HTTP requests to this domain should be served from a AWS CloudFront CDN distribution. In order to achieve this, an alias A record is defined:

enter image description here

dig results

However, dig results shows actual IP addresses. In fact, these IP addresses are not constant and change over time:

# dig @1.1.1.1 serverlessdaystlv.io

...

;; ANSWER SECTION:
serverlessdaystlv.io.   60      IN      A       13.32.67.21
serverlessdaystlv.io.   60      IN      A       13.32.67.27
serverlessdaystlv.io.   60      IN      A       13.32.67.97
serverlessdaystlv.io.   60      IN      A       13.32.67.122
serverlessdaystlv.io.   60      IN      A       13.32.67.141
serverlessdaystlv.io.   60      IN      A       13.32.67.159
serverlessdaystlv.io.   60      IN      A       13.32.67.201
serverlessdaystlv.io.   60      IN      A       13.32.67.216

# dig @1.1.1.1 serverlessdaystlv.io

...
;; ANSWER SECTION:
serverlessdaystlv.io.   60      IN      A       52.222.232.13
serverlessdaystlv.io.   60      IN      A       52.222.232.24
serverlessdaystlv.io.   60      IN      A       52.222.232.43
serverlessdaystlv.io.   60      IN      A       52.222.232.55
serverlessdaystlv.io.   60      IN      A       52.222.232.63
serverlessdaystlv.io.   60      IN      A       52.222.232.104
serverlessdaystlv.io.   60      IN      A       52.222.232.136
serverlessdaystlv.io.   60      IN      A       52.222.232.224

My question

What is a Route53 Alias record? Is it a built-in type of a DNS record, or simply an internal AWS alias for the actual IP of the CloudFront distribution that is never exposed to the outside?

Adam Matan
  • 12,504
  • 19
  • 54
  • 73
  • 4
    Note that in the specific case of CloudFront, the answers to an Alias lookup not only change *over time* but also *over space* -- you're being provided with answers that Route 53 (on behalf of CloudFront) has determined are "optimal" based on where you are querying *from*, geographically. Your answers all happen to be IP addresses of edge location servers in London. I queried your domain just now, from the midwestern U.S., and my answers are IP addresses of servers in Atlanta, GA (US). – Michael - sqlbot Apr 08 '18 at 14:38

1 Answers1

22

Route53 alias records is an own concept separate from DNS protocol record types: e.g. A is an address record and CNAME is a canonical name record. CNAME is the one that acts like an alias pointing to the canonical name, while A has nothing to do with aliases. (See RFC 1035.)

An alias record is an internal Amazon specific pointer working on a higher level; on technical DNS level it may result as an A or as a CNAME, depending on the situation. The DNS doesn't need to be aware of this internal pointer type nor target, as Route53 only answers with the resulting record.

An Amazon article Choosing Between Alias and Non-Alias Records explains this in detail:

Alias records provide a Route 53–specific extension to DNS functionality. Instead of an IP address or a domain name, an alias record contains a pointer to a CloudFront distribution, an Elastic Beanstalk environment, an ELB Classic, Application, or Network Load Balancer, an Amazon S3 bucket that is configured as a static website, or another Route 53 record in the same hosted zone. When Route 53 receives a DNS query that matches the name and type in an alias record, Route 53 follows the pointer and responds with the applicable value:

  • An alternate domain name for a CloudFront distribution – Route 53 responds as if the query had asked for the CloudFront distribution by using the CloudFront domain name, such as d111111abcdef8.cloudfront.net.

  • An Elastic Beanstalk environment – Route 53 responds to each request with one or more IP addresses for the environment.

  • An ELB load balancer – Route 53 responds to each request with one or more IP addresses for the load balancer.

  • An Amazon S3 bucket that is configured as a static website – Route 53 responds to each request with one IP address for the Amazon S3 bucket.

  • Another Route 53 record in the same hosted zone – Route 53 responds as if the query had asked for the record that is referenced by the pointer.

The confusion is understandable, as you seem to be adding an A type IPv4 address record while the target is a hostname instead of an IP address; something you would rather use with a CNAME!

Esa Jokinen
  • 43,252
  • 2
  • 75
  • 122