CNAME for aws domain forwarding without S#

Question

So I want to have the following setup in a zone named doggs.com to try to catch a misspelled domain name:

doggs.com      NS       ns-1485.awsdns-03.co.uk.
                        ns-265.awsdns-32.com.
                        ns-634.awsdns-16.net.
                        ns-1510.awsdns-59.org.
doggs.com      SOA      ns-1485.awsdns-03.co.uk. awsdns-hostmaster.amazon.com. 1 7200 900 1209600 86400
*.doggs.com    CNAME    doggs.com
doggs.com      CNAME    proxy.dogs.com

But unfortunately it won't let me enter the last CNAME and throws the following error:

RRSet of type CNAME with DNS name doggs.com. is not permitted at apex in zone doggs.com.

How should I set this up to redirect the doggs.com domain to my desired host without using the S3 setup that people commonly use for AWS.

Answer 1

Rather than using a CNAME record for that apex domain, you could use an A record, and point it directly at the IP address for an EC2 instance. (You could use an Elastic IP if you need that IP address to never change, or if you trust the stability of an EC2 instance, you could just use the instance's public IP address.)

Then, on that instance, you run an HTTP server whose sole purpose is to issue HTTP redirects to your proxy.dogs.com server. For example, using nginx, this configuration might look like:

server {
    listen      123.45.678.90:80;
    server_name doggs.com;
    error_log  /var/log/httpd/domains/doggs.com.error.log error;

    # Always redirect to HTTPS
    redirect 301 https://proxy.dog.com$request_uri;
}

server {
    listen      123.45.678.90:443 ssl;
    server_name doggs.com;
    error_log  /var/log/httpd/domains/doggs.com.error.log error;
    ssl_certificate /path/to/server.crt
    ssl_certificate_key /path/to/server.key

    # Always redirect to HTTPS
    redirect 301 https://proxy.dog.com$request_uri;
}

Hope this helps!

Answer 2

Use an A record and the IP address or use an ALIAS record to point to the AWS resource endpoint.