Lưu ý
Cần có ủy quyền mới truy nhập được vào trang này. Bạn có thể thử đăng nhập hoặc thay đổi thư mục.
Cần có ủy quyền mới truy nhập được vào trang này. Bạn có thể thử thay đổi thư mục.
Important
Azure CDN Standard from Microsoft (classic) will be retired on September 30, 2027. To avoid any service disruption, it's important that you migrate your Azure CDN Standard from Microsoft (classic) profiles to Azure Front Door Standard or Premium tier by September 30, 2027. For more information, see Azure CDN Standard from Microsoft (classic) retirement.
Azure CDN from Edgio was retired on January 15, 2025. For more information, see Azure CDN from Edgio retirement FAQ.
Azure CDN uses CNAME records to validate domain ownership for onboarding of custom domains. CDN doesn't expose the frontend IP address associated with your CDN profile. You can't map your apex domain to an IP address if your intent is to onboard it to Azure CDN.
The DNS protocol prevents the assignment of CNAME records at the zone apex. For example, if your domain is contoso.com; you can create CNAME records for somelabel.contoso.com; but you can't create a CNAME for contoso.com itself. This restriction presents a problem for application owners who have load-balanced applications behind Azure CDN. Since using a CDN profile requires creation of a CNAME record, it isn't possible to point at the CDN profile from the zone apex.
This problem can be resolved by using alias records in Azure DNS. Unlike CNAME records, alias records are created at the zone apex. Application owners can use it to point their zone apex record to a CDN profile that has public endpoints. Application owners point to the same CDN profile that's used for any other domain within their DNS zone. For example, contoso.com and www.contoso.com can point to the same CDN profile.
Mapping your apex or root domain to your CDN profile requires CNAME flattening or DNS chasing. A mechanism where the DNS provider recursively resolves the CNAME entry until it hits an IP address. This functionality is supported with Azure DNS for CDN endpoints.
Note
There are other DNS providers as well that support CNAME flattening or DNS chasing, however, Azure CDN recommends using Azure DNS for its customers for hosting their domains.
You can use the Azure portal to onboard an apex domain on your CDN and enable HTTPS on it by associating it with a certificate for TLS termination. Apex domains are also referred as root or naked domains.
Important
CDN-managed certificates are not available for root or apex domains. If your Azure CDN custom domain is a root or apex domain, you must use the Bring Your Own Certificate (BYOC) feature.
Create an alias record for zone apex
Open Azure DNS configuration for the domain to be onboarded.
Select + Record set.
In Add record set, enter or select the following information:
Setting Value Name Enter @. Type Select A. Alias record set Select Yes. Alias type Select Azure resource. Choose a subscription Select your subscription. Azure resource Select your CDN endpoint. Enter your value for TTL.
Select OK to submit your changes.
The above step creates a zone apex record pointing to your CDN resource. A CNAME record-mapping cdnverify is used for onboarding the domain on your CDN profile.
- Example, cdnverify.contoso.com.
Onboard the custom domain on your CDN
After you've registered your custom domain, you can then add it to your CDN endpoint.
Sign in to the Azure portal and browse to the CDN profile containing the endpoint that you want to map to a custom domain.
On the CDN profile page, select the CDN endpoint to associate with the custom domain.
Select + Custom domain.
In Add a custom domain, Endpoint hostname, is pre-filled and is derived from your CDN endpoint URL: <endpoint-hostname>.azureedge.net. It can't be changed.
For Custom hostname, enter your custom root or apex domain to use as the source domain of your CNAME record.
- For example, contoso.com. Don't use the cdnverify subdomain name.
Select Add.
Azure verifies that the CNAME record exists for the custom domain name you entered. If the CNAME is correct, your custom domain is validated.
It can take up to ten minutes for the new custom domain settings to propagate to all CDN edge nodes.
Enable HTTPS on your custom domain
For more information on enabling HTTPS on your custom domain for Azure CDN, see Tutorial: Configure HTTPS on an Azure CDN custom domain
Next steps
- Learn how to create a CDN endpoint.