diff --git a/hieradata/country/au/region/drw1/infra/halb/haproxy.yaml b/hieradata/country/au/region/drw1/infra/halb/haproxy.yaml
index d67dc86..75dcd39 100644
--- a/hieradata/country/au/region/drw1/infra/halb/haproxy.yaml
+++ b/hieradata/country/au/region/drw1/infra/halb/haproxy.yaml
@@ -82,3 +82,8 @@ profiles::haproxy::certlist::certificates:
 profiles::pki::vault::alt_names:
   - puppetboard.main.unkin.net
   - puppetdbapi.main.unkin.net
+
+# additional cnames
+profiles::haproxy::dns::cnames:
+  - puppetboard.main.unkin.net
+  - puppetdbapi.main.unkin.net
diff --git a/site/profiles/manifests/haproxy/dns.pp b/site/profiles/manifests/haproxy/dns.pp
new file mode 100644
index 0000000..af0e8ac
--- /dev/null
+++ b/site/profiles/manifests/haproxy/dns.pp
@@ -0,0 +1,27 @@
+# profiles::haproxy::dns
+class profiles::haproxy::dns (
+  Array[Stdlib::Fqdn] $cnames = [],
+  Integer             $order  = 10,
+){
+
+  # create an A record for each load balancer in a region
+  $location_environment = "${facts['country']}-${facts['region']}-${facts['environment']}"
+  profiles::dns::record { "${facts['networking']['fqdn']}_${location_environment}-halb_A":
+    value  => $::facts['networking']['ip'],
+    type   => 'A',
+    record => "${location_environment}-halb",
+    zone   => $::facts['networking']['domain'],
+    order  => $order,
+  }
+
+  # export cnames for haproxy applications
+  $cnames.each |$cname| {
+    profiles::dns::record { "${::facts['networking']['fqdn']}_${cname}_CNAME":
+      value  => "${location_environment}-halb",
+      type   => 'CNAME',
+      record => "${cname}.",
+      zone   => $::facts['networking']['domain'],
+      order  => $order,
+    }
+  }
+}
diff --git a/site/profiles/manifests/haproxy/server.pp b/site/profiles/manifests/haproxy/server.pp
index ed185f3..1864727 100644
--- a/site/profiles/manifests/haproxy/server.pp
+++ b/site/profiles/manifests/haproxy/server.pp
@@ -2,6 +2,7 @@
 class profiles::haproxy::server (
   Hash  $globals = {},
   Hash  $defaults = {},
+  Array $cnames = [],
 ){
 
   # default global/defaults arrays
@@ -50,6 +51,7 @@ class profiles::haproxy::server (
   include profiles::haproxy::ls_stats  # default status listener
   include profiles::haproxy::fe_http   # default http frontend
   include profiles::haproxy::fe_https  # default https frontend
+  include profiles::haproxy::dns       # manage dns for haproxy
 
   # for each backend:
   $backends = lookup('profiles::haproxy::backends')