Many AWS users encounter the error "RRSet with DNS name example.com., type A contains an alias target that contains a hosted zone that is an invalid alias target" when attempting to create zone apex records through the Route 53 management console. Unlike the CLI approach documented in AWS guides, the GUI requires specific handling of both A and AAAA records.
Route 53 requires special treatment for zone apex records (naked domain records). When pointing to an ELB, you must use:
- For A records: The hosted zone ID matching your ELB's region (e.g., Z35SXDOTRQ7X7K for us-east-1)
- For AAAA records: The same hosted zone ID as the A record
Here's how to properly create the records in Route 53 console:
1. Navigate to Route 53 → Hosted zones → Select your domain
2. Click "Create record"
3. Leave the record name blank (for zone apex)
4. Select record type:
- For IPv4: Choose "A - IPv4 address"
- For IPv6: Choose "AAAA - IPv6 address"
5. Toggle "Alias" switch to ON
6. In "Route traffic to" section:
- Choose "Alias to Application and Classic Load Balancer"
- Select your AWS region
- Choose your ELB from dropdown
7. Click "Create records"Error Scenario: When the hosted zone ID doesn't match the ELB's region.
Solution: Verify the correct hosted zone ID for your ELB's region from AWS documentation.
After creation, verify the records using:
dig example.com A
dig example.com AAAA
nslookup example.comOr through AWS CLI:
aws route53 list-resource-record-sets \
--hosted-zone-id /hostedzone/YOUR_HOSTED_ZONE_ID \
--query "ResourceRecordSets[?Name == 'example.com.']"For reference, here's the equivalent CLI command:
aws route53 change-resource-record-sets \
--hosted-zone-id /hostedzone/YOUR_HOSTED_ZONE_ID \
--change-batch '{
"Changes": [{
"Action": "CREATE",
"ResourceRecordSet": {
"Name": "example.com",
"Type": "A",
"AliasTarget": {
"HostedZoneId": "Z35SXDOTRQ7X7K",
"DNSName": "dualstack.your-elb.amazonaws.com",
"EvaluateTargetHealth": false
}
}
}]
}'When working with AWS infrastructure, many developers face difficulties configuring zone apex records (naked domain records like example.com) to point to Elastic Load Balancers through Route 53's web interface. While the CLI method works reliably, the GUI approach presents some unexpected validation hurdles.
The key error RRSet with DNS name example.com., type A contains an alias target that contains a hosted zone that is an invalid alias target typically occurs when:
- The alias target selection doesn't properly recognize the ELB's hosted zone ID
- The GUI validation has different requirements than the API/CLI
- The record type (A vs AAAA) isn't properly synchronized with the target
Here's how to properly create the alias record in Route 53's console:
- Navigate to Route 53 → Hosted zones → Select your domain
- Click "Create record"
- Leave the record name field empty (for zone apex)
- Select record type:
- For IPv4: Choose A record - For IPv6: Choose AAAA record - Toggle "Alias" switch to ON
- In the route traffic to section:
- Select "Alias to Application and Classic Load Balancer" - Choose the correct AWS region - Select your ELB from the dropdown - Click "Create records"
Symptom: GUI rejects ELB as invalid target
Fix: Ensure you've selected the proper region where the ELB resides. The hosted zone IDs differ by region.
Symptom: AAAA record fails to validate
Fix: Verify your ELB actually has IPv6 support enabled. Classic Load Balancers don't support IPv6 by default.
For infrastructure-as-code approach, here's a sample CloudFormation snippet:
Resources:
DNSRecord:
Type: AWS::Route53::RecordSet
Properties:
HostedZoneName: example.com.
Name: example.com
Type: A
AliasTarget:
DNSName: dualstack.my-elb-1234567890.us-west-2.elb.amazonaws.com
HostedZoneId: Z1H1FL5HABSF5
Note the dualstack prefix which handles both IPv4 and IPv6 resolution.
After configuration, verify with:
dig example.com A
dig example.com AAAA
nslookup example.comThe results should show your ELB's DNS name in the ANSWER SECTION.
Proper zone apex configuration is crucial for:
- SEO (search engines treat www and naked domains differently)
- SSL certificate validation
- User experience (consistent domain access)
- IPv6 compliance