Domain configuration, managed certificates, and Web Application Firewall options.

DNS & WAF

The DNS section is optional (controlled by a master toggle). When enabled, it configures domain management, SSL/TLS certificates, and web application firewall protection.

Fields

Field	Type	Description
Enabled	Toggle	Master switch for DNS configuration
Zone ID	Select or text	Existing DNS hosted zone
Domain Name	Text input	Auto-filled from zone, or manually entered
Managed Certificate	Toggle	Auto-provision SSL/TLS certificate
WAF Options	Toggles	Provider-specific WAF configuration

DNS Zones

The zone selector shows existing DNS zones discovered by the resource refresh job:

Route 53 hosted zones (public only). Zone ID format: Z1234567890ABC.

Cloud DNS managed zones. Zone name format: my-zone.

Azure DNS zones. Zone name format: example.com.

DNS zones are provider-specific. When duplicating a vine across providers, the zone ID and domain are cleared and must be re-configured. See Multi-Cloud Conversion.

Managed Certificates

When enabled, the platform provisions a TLS certificate automatically:

Provider	Service	Validation
AWS	ACM (AWS Certificate Manager)	DNS validation via Route 53
GCP	Google-managed certificate	DNS validation via Cloud DNS
Azure	App Service Certificate	DNS validation via Azure DNS

Certificates are renewed automatically before expiration.

Web Application Firewall

WAF protects web applications from common attacks (SQL injection, XSS, bot traffic).

Two WAF options (can enable both):

Option	Protects	Cost
CloudFront WAF	CDN-level protection	~$5/mo base
Application WAF (ALB)	Load balancer level	~$5/mo base

AWS WAFv2 with managed rule groups (AWS Managed Rules, Bot Control).

Cloud Armor — DDoS and application-layer protection at the load balancer.

Azure WAF — protection via Application Gateway or Front Door.

WAF costs are reflected in the cost sidebar immediately when toggled.

DNS & WAF

DNS & WAF

Fields

DNS Zones

Managed Certificates

Web Application Firewall

On this page