Capabilities()
Infrastructure
Provision, manage, and monitor servers.
Compute
Run containers, VMs, and functions easily.
Networking
Built-in load balancing, DNS, & service discovery.
Storage
Integrated support for LVM, iSCSI, & Ceph.
Observability
Real-time metrics, events, and logs.
Automation
Automatic updates, pipelines, and IaC.
Reference()
Platform DocumentationAPI Reference
Objectives()
For Serious Builders
Read the manifesto and reclaim your sanity.
Developers
Focus on code, not config.
DevOps Engineers
Automate the boring stuff.
Infrastructure Teams
Manage everything from a single control plane.
Compare()
vs. Kubernetesvs. Herokuvs. Portainervs. Nomadvs. VMware
Documentation()
Quick Start GuidePlatform DocumentationPortal DocumentationLearn CenterAPI Reference
Resources()
Changelog
Platform releases, features, and fixes.
Platform Status
Live uptime data and incident reports.
About Us
The team building Cycle and why we built it.
Our Blog
Engineering deep-dives, product updates, and industry takes.
DevOps Toolbox
Free converters and utilities for everyday DevOps work.
Partners
Native integrations with the providers you already use.
Community()
Cycle CommunitySlack CommunityGithubContact Us
PricingLogin
Get Started

LINKED Records and HTTP Routing in the Cycle Portal.

A LINKED record is a special DNS record type in Cycle. Instead of mapping a domain to a static IP address the way a normal A or CNAME record would, a linked record points directly at something running in an environment on Cycle:

  • a container
  • a virtual machine
  • a tagged deployment

Cycle handles the load balancer and IP mapping automatically. When a workload scales, moves, or redeploys, the record keeps pointing at the right thing without any manual updates.

This guide walks through configuring LINKED records in the Cycle portal: how to create one, what each field on the form means, and how to use LINKED records for common patterns like path-based routing, blue/green deployments, and wildcard tenants.

LINKED records only resolve to workloads running on Cycle. If pointing a domain at an external system, use a CNAME, ALIAS, or A/AAAA record instead.

LINKED Record Create

Creating a LINKED record is covered here.

Match Path (Routing → HTTP).

The Routing section of the form is where Cycle load balancer learns how to decide whether an incoming HTTP request should be sent to this record's target. Today, the directive in this section is Match Path.

Match Path is optional. If it's left empty, the record matches every request that arrives at its domain. If it's filled in, the load balancer will only route a request to this record's target when the request path matches the value entered. This lets multiple LINKED records share the same domain and split traffic by path.

For example:

sending v1/api/* to one container and everything else to another.

Match Path has two modes. The portal picks the mode automatically based on the first character in the field.

  1. Prefix mode — starts with /. If the value starts with a forward slash, it's treated as a literal path prefix. A value of /api matches /api, /api/users, /api/v2/widgets/42, and any other path that begins with /api. Theres no need for a trailing wildcard.

  2. Regex mode — anything else. If the value doesn't start with /, it's interpreted as a regular expression matched against the request path. For example, ^/(assets|static)/.*\.(js|css|png)$ would match any path under /assets/ or /static/ ending in .js, .css, or .png.

Choosing the Right Mode

Prefix mode is the common case, pick it whenever routing a section of the site to a service. Reach for regex only when a match on file extensions, multiple disjoint paths, or anchored patterns is needed. Prefix mode is faster and easier to reason about.

How the load balancer picks between records

When several LINKED records on the same domain define different Match Path values, the load balancer picks the most specific match. So if there is one record with Match Path /api and another record with Match Path left empty, a request to /api/users goes to the /api record, and a request to /anything-else goes to the empty (catch-all) record. Unlike load balancer router precedence, this does not need to be configured.

If something else would feel natural here (redirects, URL rewrites, response caching, content modification) those options can be configured on the Load Balancer service inside the environment, not on the DNS record. LINKED records are responsible for matching the request to a target; the load balancer is responsible for what happens to the request after that.

Features.

In the API, TLS, wildcard options, and GeoDNS are listed under the features section.

TLS

The TLS toggle controls whether Cycle automatically provisions and renews a TLS certificate for this record's domain. When it's on, the platform handles issuance, renewal, and rotation.

Turn it off only when the record doesn't need TLS. For example, internal-only traffic, or see DMZ mode under Virtual Machine targets, below.

Nuance in TLS with User Uploaded Certs

There is some nuance to the above when interacting with non-hosted zones and user uploaded certs. Read this User Uploaded Certs page for more info.

GeoDNS

Requires at least 3 load balancer instances for the given environment.

The GeoDNS toggle controls whether Cycle resolves the record to the load balancer that's geographically closest to the user making the request. If your workload runs in multiple regions, turning this on reduces latency by routing each user to their nearest entry point.

GeoDNS only helps if your target workload (or the load balancers serving it) actually runs in more than one region. For a single-region deployment, leave it off — it adds nothing and slightly complicates resolution.

Wildcard Records and Resolving Subdomains

API Only

This feature is currently API only but is coming soon to portal.

When this is on, every subdomain of the wildcard resolves through this record. When it's off (or the wildcard section is left unset), only the primary domain resolves and subdomains return no match.

Turn it on when you want a single LINKED record to back many subdomains — customer-specific tenants like acme.app.example.com, globex.app.example.com, and so on, all routed to the same container.

Targets.

Every LINKED record points at exactly one of three things: a Container, a Virtual Machine, or a Deployment. Pick the type with the Target selector on the form, and the rest of the Target section form fields update based on the first choice.

Container

Pick a specific container from the dropdown, and traffic to the record's domain (and matching Match Path, if set) is routed to instances of that container.

A container target is pinned to that exact container. If the container is deleted, for any reason, the record stops working and needs to be updated. Generally this pattern is used for long lived, seldom updated containers or containers that take advantage of reimaging for updates.

Virtual Machine

Pick a VM from the dropdown, then choose whether DMZ is on or off.

With DMZ off, traffic flows through the Cycle load balancer the same way it would for a container — Match Path, TLS, and GeoDNS all apply normally.

With DMZ on, traffic skips the load balancer entirely and goes directly to the VM through the environment's gateway service. Use this for workloads that need to handle non-HTTP protocols, manage their own TLS, or otherwise can't sit behind the load balancer.

DMZ mode bypasses load-balancer features. When DMZ is on, the Match Path and TLS settings on this record don't apply, because those are load balancer features and the load balancer is no longer in the request path. The VM is responsible for its own routing and certificates.

Deployment

Instead of pinning to a specific container ID, a Deployment target references a container by identifier inside a deployment.

Fill in two form fields for this option:

  • Container Identifier — the container's identifier inside that environment (the short name, like api-server, not the long ID).
  • Tag — a deployment tag like api-staging or website-live.

Deployment tags are defined on the environment and map to specific deployment versions. This is what makes rainbow style deployments with zero downtime possible.

For a full guide on deployments and pipelines check out one of these resources:

Cookies

Cookies Preferences

We run basic, anonymous analytics by default to measure site traffic. By clicking "Accept," you allow additional cookies for advanced app improvements and tailored advertising. Choose what you share by clicking "Customize."