diff --git a/integrationTest/integration_test.go b/integrationTest/integration_test.go
index b66dba2c7..694d05284 100644
--- a/integrationTest/integration_test.go
+++ b/integrationTest/integration_test.go
@@ -1256,6 +1256,16 @@ func makeTests(t *testing.T) []*TestGroup {
 			),
 		),
 
+		testgroup("R53_ALIAS_Loop",
+			// This will always be skipped because rejectifTargetEqualsLabel
+			// will always flag it as not permitted.
+			// See https://github.com/StackExchange/dnscontrol/issues/2107
+			requires(providers.CanUseRoute53Alias),
+			tc("loop should fail",
+				r53alias("test-islandora", "CNAME", "test-islandora.**current-domain**"),
+			),
+		),
+
 		// CLOUDFLAREAPI features
 
 		testgroup("CF_REDIRECT",
diff --git a/providers/route53/auditrecords.go b/providers/route53/auditrecords.go
index be1eb8839..90fd30ff7 100644
--- a/providers/route53/auditrecords.go
+++ b/providers/route53/auditrecords.go
@@ -1,10 +1,31 @@
 package route53
 
-import "github.com/StackExchange/dnscontrol/v3/models"
+import (
+	"fmt"
+
+	"github.com/StackExchange/dnscontrol/v3/models"
+	"github.com/StackExchange/dnscontrol/v3/pkg/rejectif"
+)
 
 // AuditRecords returns a list of errors corresponding to the records
 // that aren't supported by this provider.  If all records are
 // supported, an empty list is returned.
 func AuditRecords(records []*models.RecordConfig) []error {
+	a := rejectif.Auditor{}
+
+	a.Add("R53_ALIAS", rejectifTargetEqualsLabel) // Last verified 2023-03-01
+
+	return a.Audit(records)
+}
+
+// Normally this kind of function would be put in `pkg/rejectif` but
+// since this is ROUTE53-specific, we'll include it here.
+
+// rejectifTargetEqualsLabel rejects an ALIAS that would create a loop.
+
+func rejectifTargetEqualsLabel(rc *models.RecordConfig) error {
+	if (rc.GetLabelFQDN() + ".") == rc.GetTargetField() {
+		return fmt.Errorf("alias target loop")
+	}
 	return nil
 }