When configuring CNAME records in AWS Route 53 (or any DNS system), the presence or absence of a trailing dot significantly impacts how DNS resolution works. The dot represents the DNS root, making the record an absolute FQDN (Fully Qualified Domain Name).
# Without trailing dot (relative)
*.localroute.net. CNAME localroute.net
# With trailing dot (absolute)
*.localroute.net. CNAME localroute.net.
Your current setup without the trailing dot functions because Route 53's DNS resolver is smart enough to handle this common scenario. When it encounters a relative domain (no trailing dot), it automatically appends the zone name:
# What actually gets resolved:
localroute.net → localroute.net.localroute.net
However, this behavior isn't guaranteed across all DNS implementations, which is why best practices recommend always using absolute FQDNs with trailing dots.
For CNAME records pointing to external domains, the trailing dot becomes mandatory to prevent incorrect resolution:
# Correct (absolute FQDN)
www.example.net. CNAME example.com.
# Incorrect (would append current zone)
www.example.net. CNAME example.com
# Resolves to: example.com.example.net
When creating records via the AWS Management Console, the UI automatically handles the trailing dot appropriately. But when using the CLI or API, you must specify it explicitly:
# AWS CLI example
aws route53 change-resource-record-sets \
--hosted-zone-id Z1PA6795UKMFR9 \
--change-batch '{
"Changes": [{
"Action": "UPSERT",
"ResourceRecordSet": {
"Name": "*.localroute.net",
"Type": "CNAME",
"TTL": 172800,
"ResourceRecords": [{"Value": "localroute.net."}]
}
}]
}'
Use these commands to verify your CNAME resolution:
# Using dig
dig CNAME *.localroute.net +short
# Using nslookup
nslookup -type=CNAME *.localroute.net
Always check that the resolved value matches your expectation, especially when pointing to external domains.
If you're updating existing records:
- Lower TTL values before making changes (e.g., to 300 seconds)
- Make the change during low-traffic periods
- Verify resolution from multiple locations
When working with AWS Route 53 or any DNS system, the trailing dot in CNAME records often causes confusion. Let's break down what's happening in your specific case:
*.localroute.net. CNAME localroute.net
This configuration currently works because Route 53 is indeed smart enough to handle this case, but it's not considered a best practice. The system automatically resolves the unqualified domain by appending the current zone name (localroute.net) to the target value.
In DNS terminology, the trailing dot represents the fully qualified domain name (FQDN). Without it, the system will attempt to resolve the name relative to the current zone. Consider these two scenarios:
# Correct FQDN format (absolute)
www.example.net. CNAME example.com.
# Relative format (potentially ambiguous)
www.example.net CNAME example.com
Let's examine proper CNAME configurations for different scenarios in Route 53:
# Cross-domain mapping (must use FQDN)
help.example.org. CNAME support.thirdparty.com.
# Subdomain delegation
assets.example.com. CNAME s3-website-us-east-1.amazonaws.com.
# Wildcard record
*.cdn.example.net. CNAME example-distribution.cloudfront.net.
- DNS resolution failures in some resolver implementations
- Unexpected behavior during zone transfers
- Problems with DNSSEC validation
- Issues when migrating DNS providers
While Route 53 does handle relative names gracefully, you should still use FQDNs with trailing dots for:
- Cross-zone references
- External domain references
- Future-proofing your configuration
- Maintaining consistency with other DNS systems
You can validate your CNAME records using dig:
dig CNAME *.localroute.net +short
dig CNAME www.example.net +trace
For your specific case, I recommend updating to:
*.localroute.net. CNAME localroute.net.
This maintains compatibility while following DNS standards. The change won't cause any downtime as both forms currently resolve correctly in Route 53.