We’ve been developing a high profile site with a vendor for a few years on Netlify and it’s been very good. However, the vendor we’re working with has some aggressive internal info-sec software that checks the reputation score of any site visited. The site we’ve built with them should be fine - but they note that since the site is CNAME pointed to .netlify.app - it seems to trigger a false positive on our site due to some sites in Netlify having a poor reputation score on their system. If we had a single IP resolution to whitelist (or a few), this should be pretty straightforward. Outside their network - all is well, but since it’s a content site they contribute to, it needs to also work internally.
Since our site is a subdomain (ie: site.example.com) - can we create an A record for that subdomain pointing to 22.214.171.124? I’ve read through [Support Guide] Can I host my site on Netlify but keep my DNS at my domain registrar? and Configure external DNS for a custom domain | Netlify Docs, and I’ve tested this on a non-primary subdomain and it works ok. That thread and URL deals with apex domains with respect to that IP - can a subdomain safely be setup as a primary domain with the A record of the subdomain pointing at the IP address of the load balancer?
Two more follow ups - just want to receive verification - but that load balancer IP address is not a single point of failure correct (like, it’s super highly available)? Also - if the IP address is to change, we’d be notified well in advance, correct? I’m pretty sure I know the answers, just doing my due diligence.