Transfer Godaddy Domain to Azure App Service - dns

I have a domain in Godaddy called "x.app" and I want to transfer it to Azure App Service. I have created a DNS Zone called "x.app" and I changed all the Nameservers in Godaddy:
In Azure DNS Zone, I have created a CNAME, A, TXT Records:
A has name of # and value of App Service IP Address
CNAME has name of wildcard * and alias of App Service domain
TXT has name of # and value of App Service domain
I have added the Name of x.app as a custom domain and added a keyvault certificate:
When I just browse my domain: x.app I receive this error:
Your connection is not private Attackers might be trying to steal your
information from x.app (for example, passwords, messages, or credit
cards).
Anybody has an idea, what could cause this problem? Thank you!

There might be a typo. According to your DNS records configuration in Azure DNS, you should add the domain x.app instead of x.com as the custom domain in the app service.
If you have done it. These errors typically originate from two things: the first is a client-side issue (your browser, computer, OS), and the second is that there is an actual problem with the certificate on the website (expired, wrong domain, not trusted by the organization). You could get more tips to fix the error here.
For the error, you could also check an error code message which helps to try and pinpoint the exact issue and click the Advanced in Google Chrome. For example,
NET::ERR_CERT_COMMON_NAME_INVALID (this occurs when the certificate
does not match the domain)
In this case, you could upload an SSL certificate in which CN or DNS name matches the domain x.app. Additionally, when you bind a certificate with IP SSL, App Service creates a new, dedicated IP address for your app. You should remap A record for IP SSL with this dedicated IP address.

Related

I cannot access my domain after delegation in Azure

after changing name servers in my registered domain (in namecheap) which has the name for example "contoso.net" to name servers, which matches the four nameservers in my Azure DNS zone (ex: ns1-08.azure-dns.com) I could not access my website as usual , and I receive the error message, which referes to the this problem with name servers (DNS_PROBE_FINISHED_NXDOMAIN).
so, when I reset again the default name server to "namecheap web hosting DNS", then I can again access the website.
can anyone help? thanks!
When you change the name server for that domain to Azure provider name server, actually you have delegated that domain to Azure DNS name servers and you could edit your DNS records in the Azure DNS zone.
In this case, you need to add A or CNAME records mapping to your website's hostname or IP address in your original domain provider, then you will access websites again. Usually, it takes about a few minutes or hours for the DNS propagation. If you still could not access the websites after verifying the DNS update, please clear the cache or type ipconfig/flushdns on the windows command prompt.
References:
https://learn.microsoft.com/en-us/azure/dns/dns-domain-delegation
https://learn.microsoft.com/en-us/azure/dns/dns-web-sites-custom-domain

Azure doesn't use the right certificate

I have build a new webapp on Azure. So i followed that steps:
Add A Record (A/#/52.173.76.33), a CNAME (CNAME/www/saschamannsde.azurewebsites.net) and a TXT (TXT/#/saschamannsde.azurewebsites.net)
Added a custom domain to the webapp (Then it is listed as available host)
Upload the PFX and CER and bind it to my domain.
Azure now shows me, that it is a valid Certificate with my hostname saschamanns.de and issued by Sectigo RSA Domain Validation Secure Server CA (ID 134d36755287a5e0718554ff9c9103d13f331d34).
If i now typing https://saschamanns.de the browser tells me, i have a false cert, issued for shortener.secureserver.net.
Inside the Supportpage of Azure it tells me two problems:
Certificate mismatch detected (
The hostname saschamanns.de is configured to a Certificate with the thumbprint 134d36755287a5e0718554ff9c9103d13f331d34 on this Azure web app. However, the site returned a certificate with thumbprint 22873d8fefeb318394d1b906a5e4657876552d80.) A traceroute gives me:
https://paste.ubuntu.com/p/5427RCBmMF/
And it looks like it routes to the MS Routes.
DNS resolution error detected (As per the current DNS settings, URL saschamanns.de resolves to 184.168.131.241. The web app on Azure however is configured to listen on 52.173.76.33.)
But i have already set the IP to 52.173.76.33. The other IP comes from my Domain Manager GoDaddy.
Maybe anyone can help to identify the problem?
From the Dig web interface , saschamanns.de is also pointing to 184.168.131.241 . What is this 184.168.131.241 ip ?
saschamanns.de. 599 IN A 184.168.131.241
saschamanns.de. 599 IN A 52.173.76.33
If you browse the web app , certificate ( Thumbprint : 22873d8fefeb318394d1b906a5e4657876552d80) showing in browser is issued to shortener.secureserver.net .
Certificate which is binded to web app is not issued to saschamanns.de
Can you try bind the certificate again to web app by removing the existing one. Hopefully that should resolve the issue.
I also just ran into the same issue. Basically, the reason why I got the certificate mismatch error was according to the Forwarding Feature of GoDaddy.
If you use the forwarding feature - it will add a locked "A record" entry to the domain pointing to ip.secureserver.net which in my case was 184.168.131.241.
However tanner west explains the forwarding issue in a gist article.
In a nutshell, donĀ“t use the forwarding feature and edit the DNS forwarding manually.
This is the feature I am talking about.

Remove DNS authorization for IP address in Azure

I have a couple of web applications on an Azure server. A client allowed the domain to lapse, and I can no longer access the DNS settings for this domain. The domain's DNS settings (A records, CNAMES) are still authorized in Azure to control traffic for the server's IP address. So, any app I create on this server now resolves to the domain that is no longer under my control.
How do I get myself out of this pickle? Can I change the server's IP address? I have not been able to find out how to do that. Can I de-authorize the DNS settings that now control access to this IP address?
If you want to remove access to the app from a domain, you just remove the domain from the App Service.
DNS tells users where to go for a particular domain name.
If your app doesn't mention it as a domain, the request won't be routed to it.
Remember that addresses in Azure App Service are shared so it requires that you actually explicitly mention the domain in the app service's configuration.
Ugh. Ok, my issue was that I was redirecting to the domain in my web.config.

If you change your domain nameservers does that void all DNS/MX/A record you input in your domain registrar?

say you have a domain (mydomain.com) in registered to a registrar, say namecheap,
you have setup MX record to handle email sent to your domain
you had setup an A record to make a subdomain use a different webhost
Name: intranet.mydomain.com
Value: 108.xxx.xxx.xx
Type: A name
now, you want to host the primary domain to a webhost, so that when a user load mydomain.com to their browser it will use webhost to load the resources
Question, the webhost requires you to update domain nameserver to use
ns1.myhost.com
ns2.myhost.com
Will updating my nameserver to my domain registrar to use the nameservers above will void/not-implement the already existing A records?
If not, how do you solve the problem?
Thanks!
In somewhat laymen's terms:
You need to distinguish between 3 different (yet related) services:
Domain name registration - you pay for your domain name here. Except for the name itself, here you need to enter your Domain Name server names, which will point to where the next service is hosted:
DNS service - here is where you enter all your records (A, MX, ...) which point to your other services (web hosting, mail servers, etc..)
Service hosting provider (for example web hosting, or email service)
You can have different parties host these services for you, but it is not uncommon that one service provider can offer all these services. From your description, it looks like that at the moment your Name registrar (1) is also hosting your DNS service (2) (which is quite common). Now, your new web hosting provider wants to host your DNS service, and is requiring that at your name registrar, you enter its name server names (which is also not uncommon). And you are right, if you do that, any DNS records that you entered at your current DNS provider will be void (they will remain there, but no end user will ever see them since (1) will point them to use your new hosting provider's name service to resolve your domain records).
You have two options:
Do not comply with your webhost's request, instead ask them what DNS records (probably A or CNAME) you need to add at your current DNS service provider in order that your new website becomes reachable.
Comply with your webhost's request, but then you will have to go to your new provider's name service console and again add all the records that you already have entered at your previous DNS provider.
I would choose option 1, as less risky

Pointing same domain to different app service in Azure

I am using Azure App Service to host my NodeExpress application, I am right now stuck at a very strange requirement.
I have 2 different azure app services.
1) myApp
2) sampleApp
I have a domain pointed at myApp. (Added hostname www.myapp.com)
now I want to delete myApp and shift my hostname (www.myapp.com) to sampleApp.
now my Question is,
will it change my IP Address? (This I think it would because I haven't bought any static IP)
if my app service pointing IP is changed, will I have to do anything with the domain DNS manager to move www.myapp.com in hostnames of sample app?
I don't have access to DNS Manager because client has it. I have to tell client to add CNAME to verify domain ownership. I want to point this domain to different app service without adding delay of asking my client to change its cname to verify domain ownership.
You can actually migrate the domainname without downtime by using a verify record. Just create the record:
awverify.www.mydomain.com CNAME mynewnodeapp1.azurewebsites.net
That will enable you to add the hostname www.domain.com to sampleApp in azure (and add an SSL binding).
Source: https://learn.microsoft.com/en-us/azure/app-service/manage-custom-dns-migrate-domain
You have to register the new CNAME from your web application in the DNS server before adding it to Azure App Service. Right now you have something like this:
www.mydomain.com CNAME mynodeapp1.azurewebsites.net
First, change it to your new application address:
www.mydomain.com CNAME mynewnodeapp1.azurewebsites.net
And then add the custom domain to your new web application.
App Service does provide you with a public IP address, but it's not guaranteed to remain the same, although it's unlikely to change. Said that, as long as you keep using CNAME, you shouldn't have any problems. If you delete the original app and recreate using the same Azure FQDN, then you don't need to change anything on customer DNS settings, Azure will be able to verify the domain successfully in this case.

Resources