Onboard a root or apex domain to an existing Azure CDN endpoint
Azure CDN uses CNAME records to validate domain ownership for onboarding of custom domains. CDN doesn't expose the frontend IP address associated with your CDN profile. You can't map your apex domain to an IP address if your intent is to onboard it to Azure CDN.
The DNS protocol prevents the assignment of CNAME records at the zone apex. For example, if your domain is
contoso.com; you can create CNAME records for
somelabel.contoso.com; but you can't create CNAME for
contoso.com itself. This restriction presents a problem for application owners who have load-balanced applications behind Azure CDN. Since using a CDN profile requires creation of a CNAME record, it isn't possible to point at the CDN profile from the zone apex.
This problem can be resolve by using alias records in Azure DNS. Unlike CNAME records, alias records are created at the zone apex. Application owners can use it to point their zone apex record to a CDN profile that has public endpoints. Application owners point to the same CDN profile that's used for any other domain within their DNS zone. For example,
www.contoso.com can point to the same CDN profile.
Mapping your apex or root domain to your CDN profile requires CNAME flattening or DNS chasing. A mechanism where the DNS provider recursively resolves the CNAME entry until it hits an IP address. This functionality is supported by Azure DNS for CDN endpoints.
There are other DNS providers as well that support CNAME flattening or DNS chasing, however, Azure CDN recommends using Azure DNS for its customers for hosting their domains.
You can use the Azure portal to onboard an apex domain on your CDN and enable HTTPS on it by associating it with a certificate for TLS termination. Apex domains are also referred as root or naked domains.
Create an alias record for zone apex
Open Azure DNS configuration for the domain to be onboarded.
Select + Record set.
In Add record set, enter or select the following information:
Setting Value Name Enter @. Type Select A. Alias record set Select Yes. Alias type Select Azure resource. Choose a subscription Select your subscription. Azure resource Select your CDN endpoint.
Enter your value for TTL.
Select OK to submit your changes.
The above step will create a zone apex record pointing to your CDN resource. A CNAME record-mapping cdnverify is used for onboarding the domain on your CDN profile.
- Example, cdnverify.contoso.com.
Onboard the custom domain on your CDN
After you've registered your custom domain, you can then add it to your CDN endpoint.
Sign in to the Azure portal and browse to the CDN profile containing the endpoint that you want to map to a custom domain.
On the CDN profile page, select the CDN endpoint to associate with the custom domain.
Select + Custom domain.
In Add a custom domain, Endpoint hostname, is pre-filled and is derived from your CDN endpoint URL: <endpoint-hostname>.azureedge.net. It cannot be changed.
For Custom hostname, enter your custom root or apex domain to use as the source domain of your CNAME record.
- For example, contoso.com. Don't use the cdnverify subdomain name.
Azure verifies that the CNAME record exists for the custom domain name you entered. If the CNAME is correct, your custom domain will be validated.
It can take some time for the new custom domain settings to propagate to all CDN edge nodes:
- For Azure CDN Standard from Microsoft profiles, propagation usually completes in 10 minutes.
- For Azure CDN Standard from Akamai profiles, propagation usually completes within one minute.
- For Azure CDN Standard from Verizon and Azure CDN Premium from Verizon profiles, propagation usually completes in 10 minutes.
Enable HTTPS on your custom domain
For more information on enabling HTTPS on your custom domain for Azure CDN, see Tutorial: Configure HTTPS on an Azure CDN custom domain
- Learn how to create a CDN endpoint.