Google Cloud DNS and 301 redirects - http-status-code-301

Namecheap and other registrars provide a way to setup HTTP 301 or 302 redirects when configuring DNS. It is a nice feature since otherwise you would need to implement it yourself. See screenshot below from Namecheap DNS configuration page.
Does Google Cloud DNS offer something similar?

Google Cloud DNS does not provide a "URL Redirect". This isn't actually a DNS feature - it requires a webserver to serve the 302 redirect. You could implement this with a small cloud funciton like:
exports.redirectFunc = function redirectFunc (req, res) {
res.set('Location', 'https://example.com/destination');
res.status(302);
res.end();
};

Firebase now has a very simple setup to achieve domain redirection, just do the following:
[Your firebase project] > Console > Hosting > Connect domain
Then it should display the following:

Although Google Cloud DNS does not have this feature, if you register your domain with Google Domains, it has a "subdomain forwarding" feature (https://support.google.com/domains/answer/6072198 that implements not only 301 / 302 redirects but also provides integrations for G Suite and other platforms that set up other types of synthetic records (https://support.google.com/domains/answer/6069273).
Google Domains runs on the same DNS serving infrastructure as Google Cloud DNS, but currently you have to choose between the "Google Domains name servers" and Google Cloud DNS name servers that serve managed zones that you can control programmatically with the Google Cloud DNS API. This means you have to choose between the Domains-specific features like synthetic records and the Cloud DNS API and GUI console. You can delegate subdomains of a domain hosted on the Google Domains name servers to specific managed zones in Cloud DNS, so it is possible to mix and match this a bit.

Though it isn't supported directly in Cloud DNS yet (see issue: https://issuetracker.google.com/issues/70980380) a workaround can be to deploy an HTTP(S) Load Balancer and set up a redirect in the URL-map and then map the root domain to the IP address of the load balancer via an A record in Cloud DNS (and the same load balancer can be used to serve all subdomains as well without requiring any other Cloud DNS records), see: https://cloud.google.com/load-balancing/docs/url-map-concepts#url-redirects

Related

extending Cloudflare hosted security to the not-cloudflare resources

Halo, i’m a dev recently diving into cloudflare security layers and got few questions on a website security which is deployed to cloudflare. I’m using Pages and my domain is directly hosted by cloudflare Registrar. I’m also using the security layers provided with cloudflare infrastructure, including [ Bots, DDos, Settings, Page Shield ], which can be found in security tab of my domain in cloudflare dashboard. Below list is my questions:
security layers in use: [ Bots, DDos, Settings, Page Shield ]
I’m using firebase hosting to link my firebase functions with the domain which is hosted by cloudflare. In this case, do the above listed security layers of cloudflare automatically protect the firebase hosting resources or traffics?
I’m using cloudflare workers to manage Durable Objects. The Workers’ functions are also linked to the same root domain with different subdomain. In this case, do the above listed security layers of cloudflare automatically protect the Worker traffics?
the proxy status of firebase hosting connection is “DNS only” mode(not “Proxied” mode), since in the case of Proxied, the dns connection does not work(i didn't figure out the reason yet..). In this case, it makes me feel like the firebase hosting resources are not being protected since the orange switch in DNS dash is turned off
please consider the cloudflare plan is Pro
Thank you in advance [:
For the products you are listing, Cloudflare is implemented as a reverse proxy.
This means that from an end user perspective, when they try to connect to your services, their traffic reaches Cloudflare first (since a proxied record resolves to a Cloudflare anycast IP). Cloudflare carries out the features and security services that are configured, then forwards the HTTP requests to your origin infrastructure as specified in your Cloudflare DNS tab. This is true when the traffic is directed to proxied records.
For records in DNS-only mode, Cloudflare only performs DNS resolution (answering to the DNS query for that DNS record). Once this is done, the client will connect directly to the specified resource and the traffic will not be flowing through the Cloudflare network, meaning Cloudflare cannot provide proxy services in this scenario.
For a full explanation, I recommend the following documentation page

DNS_PROBE_FINISHED_NXDOMAIN error when conntecting to 'website.com' but not 'www.website.com'

I have a static website hosted on an azure CDN (Verizon premium plan). There is a custom domain associated with this, lets call it www.website.com.
When typing 'website.com' into the nav bar, it returns a DNS_PROBE_FINISHED_NXDOMAIN error. However when typing 'www.website.com' it returns fine.
Is there a way that 'website.com' can be mapped/redirected to 'www.website.com'?
Your scenario is pointing apex domain to Azure Services, here Storage account.
Here is the Azure documentation which helps you to configure: https://learn.microsoft.com/en-us/azure/dns/dns-alias#point-zone-apex-to-azure-cdn-endpoints
Let me know if you have any questions while configuring.
In this case, you could also enable the custom domain website.com in your Azure CDN. If so, you could host your custom domain in Azure DNS first then add an alias record that points to your Azure CDN endpoint in the DNS zone for your custom domain.

Point azure hosted root domain to aws classic load balancer

I'm need to point an Azure hosted root domain/naked domain (example.com) to an AWS Elastic Load Balancer. Classic ELB's don't have IP's while A records can only point to IP's. Azure doesn't support the non-standard ALIAS/ANAME records that allow a CNAME-like configuration for A records.
Azure DNS provides a way to point to Azure cloud hosted websites using a combination of pointing the A record to the website's IP and creating a TXT record containing the DNS name of the website.
AWS Route 53 provides the ALIAS record type for connecting root domains to Load Balancers.
Is there a way to do this without resorting to using an extra server instance with a static (elastic) IP address just to do 301 redirects to www.example.com?
EDIT:I should add that since asking this question I found out that AWS network load balancers support both static and elastic IPs but we are on OpsWorks Chef 11 stacks which only supports classic load balancers.
Azure doesn't support the non-standard ALIAS/ANAME records
Note that these are not non-standard records, because they aren't record types at all. They are configuration entries that allow the nameservers to generate and return a standard A or AAAA record (or other standard types, in Route 53) based on information obtained dynamically by the nameserver, rather than based on static configuration.
But, there isn't another good solution to this. That's why these options exist.
A workaround is to use a service like http://wwwizer.com.
But your easiest and most straightforward solution is to host the domain on Route 53. This doesn't require changing your registrar -- you only have to change the authoritative nameservers. If you have subdomains that need their DNS hosted elsewhere for operational reasons, you can always delegate them. But this is a limitation of the fundamental design of DNS.

Client cname pointing to my domain on cloudflare

A client of ours has the domain client.com
Our application is at superapp.mycompany.com
We want the client to be able to access our application via their own subdomain, like: superapp.client.com.
Normally we'd just tell the client to add a cname for superapp and point it to superapp.mycompany.com. Then on our server (IIS) we'd bind their domain to our app and everything would work as intended.
However, we can't replicate this functionality when our mycompany.com domain is managed via cloudflare.
When we navigate to superapp.client.com we get the following error page:
Error 1001
What happened?
You've requested a page on a website (superapp.client.com) that is on the Cloudflare network. Cloudflare is currently unable to resolve your requested domain (superapp.client.com).
Is there any way that Cloudflare can be used in this fashion?, this seems like a pretty standard set up for a multi tenant application that supports custom domains.
We don't need all the protection that Cloudfront offers for these client domains, but we want to use the Cloudfront nameservers for out application (mainly for fast switching of DNS records in the event we migrate servers, etc).
Any help is appreciated.
I hope it's not too late. But just found a way to do so.
You just need to add your client's domain (Add site in Cloudflare) to your account.
You don't need to change client domain's NS. So in your Cloudflare panel this domain will showing as "Pending Nameserver Update".
Next step is add the CName record to this domain.
Although the NS of client domain is not changed to CF, but CF has a lookup record as CName for it.
Hope it helps.
Just in case someone arrived here with same issue as me. Here is the answer. For short, no that won't work.
Since Cloudflare is a reverse proxy for the domain that is on Cloudflare, the CNAME redirect for the domain (not on Cloudflare) wouldn't know where to send the traffic to.
Ref: https://support.cloudflare.com/hc/en-us/articles/360017421192-Cloudflare-DNS-FAQ#CloudflareDNSFAQ-CanICNAMEadomainnotonCloudflaretoadomainthatisonCloudflare
If you don't need the CDN benefits, you can still use Cloudflare nameservers to manage your DNS zone and keep your current configuration. Just make sure the CDN is deactivated for the target subdomain in your zone (superapp.mycompany.com in your case).
You can tell if the CDN is activated or deactivated for a subdomain by looking at the cloud icon on the right of each DNS entry: if the cloud is orange the CDN is active, if it is gray, it isn't.
Cloudflare also supports external CNAME resolution in their CDN infrastructure, but it's only available for its Enterprise customers:
https://support.cloudflare.com/hc/en-us/articles/217371987-Managed-CNAME

Linking domain via cloudflare to google cloud

Oke so here is the situation:
I have bought a domain from a registrar(hostnet) and my hosting is on Google Cloud.
Now i want to link the domain i bought from hostnet via cloudflare to Google Cloud.
I changed the nameservers of the registrar to use cloudflares nameservers. And then on cloudflare i changed the A records to point to my Google Cloud external IP-address.
The site works fine but on Google Pagespeed insight i see a 'delay in server response' so i'm thinking im doing something wrong. Also i haven't done anything on Google Cloud so it seems more like a redirect(slow) rather than a correct implementation. That would mean anyone could link any domain name to my ip address.. that seems off.
What would be the correct way to connect my domain from hostnet to my google cloud via cloudflares cdn.

Resources