diff --git a/domains/environment_domains/dns.tf b/domains/environment_domains/dns.tf
index 6a2177c..cba8dcc 100644
--- a/domains/environment_domains/dns.tf
+++ b/domains/environment_domains/dns.tf
@@ -5,7 +5,7 @@ data "azurerm_dns_zone" "main" {
 
 resource "azurerm_dns_txt_record" "main" {
   for_each            = { for k in toset(var.domains) : k => k if !startswith(k, "apex") }
-  name                = join(".", ["_dnsauth", "${each.key}"])
+  name                = join(".", ["_dnsauth", each.key])
   zone_name           = data.azurerm_dns_zone.main.name
   resource_group_name = var.resource_group_name
   ttl                 = 300
diff --git a/domains/environment_domains/front_door.tf b/domains/environment_domains/front_door.tf
index dcaac0e..cbe1933 100644
--- a/domains/environment_domains/front_door.tf
+++ b/domains/environment_domains/front_door.tf
@@ -36,7 +36,7 @@ resource "azurerm_cdn_frontdoor_custom_domain" "main" {
   name                     = replace(each.key, ".", "-")
   cdn_frontdoor_profile_id = data.azurerm_cdn_frontdoor_profile.main.id
   dns_zone_id              = data.azurerm_dns_zone.main.id
-  host_name                = startswith(each.key, "apex") ? "${var.zone}" : "${each.key}.${var.zone}"
+  host_name                = startswith(each.key, "apex") ? var.zone : "${each.key}.${var.zone}"
   tls {
     certificate_type    = "ManagedCertificate"
     minimum_tls_version = "TLS12"
diff --git a/domains/environment_domains/front_door_rules.tf b/domains/environment_domains/front_door_rules.tf
index 29bcbb2..97423c1 100644
--- a/domains/environment_domains/front_door_rules.tf
+++ b/domains/environment_domains/front_door_rules.tf
@@ -17,7 +17,7 @@ resource "azurerm_cdn_frontdoor_rule" "rule" {
   conditions {
     host_name_condition {
       operator     = "Equal"
-      match_values = [for d in [var.redirect_rules[count.index]["from-domain"]] : startswith(d, "apex") ? "${var.zone}" : "${d}.${var.zone}"]
+      match_values = [for d in [var.redirect_rules[count.index]["from-domain"]] : startswith(d, "apex") ? var.zone : "${d}.${var.zone}"]
     }
   }
 
diff --git a/domains/environment_domains/tfdocs.md b/domains/environment_domains/tfdocs.md
index b2b36a9..97cea94 100644
--- a/domains/environment_domains/tfdocs.md
+++ b/domains/environment_domains/tfdocs.md
@@ -44,7 +44,7 @@ No modules.
 | <a name="input_host_name"></a> [host\_name](#input\_host\_name) | Origin host name ie domain to where front door sends the requests. It may not be used if all requests are redirected. | `string` | `"not-in-use.education.gov.uk"` | no |
 | <a name="input_multiple_hosted_zones"></a> [multiple\_hosted\_zones](#input\_multiple\_hosted\_zones) | n/a | `bool` | `false` | no |
 | <a name="input_null_host_header"></a> [null\_host\_header](#input\_null\_host\_header) | The origin\_host\_header for the azurerm\_cdn\_frontdoor\_origin resource will be var.host\_name (if false) or null (if true). If null then the host name from the incoming request will be used. | `bool` | `false` | no |
-| <a name="input_redirect_rules"></a> [redirect\_rules](#input\_redirect\_rules) | List of ordered redirect rules with format:<br>    [<br>      {<br>        "from-domain": "One of the domains from var.domains to redirect from",<br>        "to-domain": "Redirect destination domain",<br>        "to-path": "Optional path appended to the destination URL. If not provided, the path will be the same as in the incoming request",<br>        "to-query-string": "Optional path appended to the destination URL. If not provided, defaults to empty string"<br>      },<br>      {<br>        ...<br>      }<br>    ] | `map` | `{}` | no |
+| <a name="input_redirect_rules"></a> [redirect\_rules](#input\_redirect\_rules) | List of ordered redirect rules with format:<br>    [<br>      {<br>        "from-domain": "One of the domains from var.domains to redirect from",<br>        "to-domain": "Redirect destination domain",<br>        "to-path": "Optional path appended to the destination URL. If not provided, the path will be the same as in the incoming request",<br>        "to-query-string": "Optional path appended to the destination URL. If not provided, defaults to empty string"<br>      },<br>      {<br>        ...<br>      }<br>    ] | `list(any)` | `[]` | no |
 | <a name="input_resource_group_name"></a> [resource\_group\_name](#input\_resource\_group\_name) | n/a | `any` | n/a | yes |
 | <a name="input_rule_set_ids"></a> [rule\_set\_ids](#input\_rule\_set\_ids) | n/a | `list(any)` | `[]` | no |
 | <a name="input_zone"></a> [zone](#input\_zone) | n/a | `any` | n/a | yes |
diff --git a/domains/environment_domains/variables.tf b/domains/environment_domains/variables.tf
index 1ae115d..023e8f2 100644
--- a/domains/environment_domains/variables.tf
+++ b/domains/environment_domains/variables.tf
@@ -43,8 +43,9 @@ variable "exclude_cnames" {
 }
 
 variable "redirect_rules" {
+  type        = list(any)
   nullable    = false
-  default     = {}
+  default     = []
   description = <<EOF
     List of ordered redirect rules with format:
     [