Once I have verified my domain in Azure with the CNAME record, can I remove the CNAME record safely from my DNS server without breaking anything?
You can safely delete the awverify records. Those are used only when validating the custom domain (while associating a new domain in the portal) and post that, they are not used so feel free to remove them.
Related
I have static website on azure storage, it's connected to azure cdn to have https, and i have my custom domain folla.com.pl I want this domain to point to https://companywebsitecdn.azureedge.net/ which is address of my website on azure cdn. I chose custom domain on cdn configuration site, it asks me to make dns mapping to verify ownership, so i make CNAME cdnverify.folla.com.pl to cdnveriy.companywebsitecdn.azureedge.net and it get me to other window with custom doamin https config. And here's my problem, it get's stuck on second step
How I'm suppouse to configure another mapping to make it work, what i mean is to make folla.com.pl to point to https://companywebsitecdn.azureedge.net/ with https. I can't proivde what i already tried with my dns because it was a lot and i don't remember all of it. Also it's already second try and everytime after failure I have wait 8 hours for another try. Thanks in advance
This is my DNS config
When you try to add your custom domain folla.com.pl in the custom domains settings of Azure CDN endpoint. Before this step, you should have a CNAME record in the following format in the DNS zone.
When you turn on the custom domain https, you don't need to make a CNAME cdnverify.folla.com.pl to cdnveriy.companywebsitecdn.azureedge.net. Read here.
If that CNAME record still exists and does not contain the cdnverify
subdomain, the DigiCert CA uses it to automatically validate ownership
of your custom domain.
If the CNAME record entry contains the cdnverify subdomain, follow the rest of the instructions in this step.
DigiCert sends a verification email to the following email addresses. Verify that you can approve directly from one of the following addresses and read here.
admin#<your-domain-name.com>
administrator#<your-domain-name.com>
webmaster#<your-domain-name.com>
hostmaster#<your-domain-name.com>
postmaster#<your-domain-name.com>
Automatic validation typically takes a few hours. If you don’t see your domain validated in 24 hours, open a support ticket.
the company I’m working for provided me a subdomain. test.mycomp.com . I want to add it to my azure web app via custom domain.
The azure system recommends a CNAME delegation and provided me the information to enter web-zeudz-staging.azurewebsites.net in the dns management as CNAME.
After doing so and verifiying via DNS Lookup, Azure always gives me „Domain Ownership Error“. What can I do to make this work?
Is your DNS provider also a CDN provider, for example cloudflare? If so, turn off the CDN/proxy function so it's a DNS only record and try again.
If you don't have any control over the CDN function you can use txt record validation.
Create your TXT record awverify.subdomain.test.mycomp.com with value web-zeudz-staging.azurewebsites.net and validate again. It should succeed.
There's also a CNAME awverify method but you need CDN disabled for that too.
I find it strange that your company doesn't have the option to enable/disabled CDN for any given DNS entry though.
When we tried to add a custom domain to our current Azure CDN endpoint, the CDN was down while it was trying to verify and issue an SSL certificate for the custom domain. I cancelled the process and everything came back after a few minutes.
I know that in the instructions it states to map the custom domain to the temporary cdnverify subdomain,https://learn.microsoft.com/en-us/azure/cdn/cdn-map-content-to-custom-domain#map-the-temporary-cdnverify-subdomain, but I think this is only if the URL we are using for the custom domain is in use. Is this correct?
Is there any way to avoid this downtime or should this not happen?
but I think this is only if the URL we are using for the custom domain
is in use. Is this correct?
Correct. The link states that when you map an existing domain that is in production. First map your custom domain to your CDN endpoint hostname with the Azure cdnverify subdomain to create a temporary CNAME mapping. so you can access your custom domain URL without interruption while the DNS mapping occurs.
Is there any way to avoid this downtime or should this not happen?
If you have verified that the cdnverify subdomain has been successfully mapped to your endpoint, you can then map the custom domain directly to your CDN endpoint hostname. After creating CNAME for your custom domain, you can delete the temporary cdnverify subdomain CNAME record. It should avoid this downtime.
Let's say I register the domain name mydomain.com using GoDaddy (or any other registrar). Then I immediately delegate the domain to Azure (i.e change the NS records for the domain to point to Azure's name servers). As far as I understand I would then use Azure's DNS admin tools exclusively to add/change/delete DNS records fot my domain.com.
But do I still need to have any type of relation with GoDaddy (or whichever registrar I used to register mydomain.com)? For example, if I would like to delegate my domain once more from Azure to some other nameserver would I do this through Azure or GoDaddy? Or when I need to renew my domain name, would I have to do this through GoDaddy? Or if my GoDaddy account is hacked, would mydomain.com be at risk somehow? Or would GoDaddy be involved with mydomain.com in some other way I haven't considered?
The registrar is still key in almost every situation.
They are the people you pay your subscription/fee for the domain name (normally every few yrs depending on the domain).
They are the 'tag' holder (in the case of .uk names some info here) which means they are the ones you have to approach if you wanted to move your actual name (and payment) to another registrar (e.g if you decided you didn't like GoDaddy any more you could move to Namesco, or someone else) .com domains have a similar setup
Renewals and any changes to the account or domain name would go via the registrar - this includes any further/new delegation you might do.
If your registrar account gets hacked then anything associated with that account is 'at risk' this includes the hijacking of the domain name to be pointed anywhere.
Your registrar is usually the controlling name server (Check the whois records) so any query would hit them first before any delegations you have in place.
You talked about further delegation of your domain; so presuming one day you decide to move from Azure to AWS (say) then you would go back to your registrar portal and update the NS records to point to your new IP(s) on your new host.
You can either you manage all your DNS via your registrar, or delegate the NS records (as you have already) and run your own DNS Server. In your setup you use the Azure (or whatever) tools to manage your actual records, but you would need to go back to the registrar to manage the NS records that controlled the delegation of the domain. You should note that not all registrar will allow the delegation of NS records and in effect 'force' you to use there own portal/DNS tools so check carefully.
The short of it is - you still have and must maintain any relationship
with the registrar.
I managed to get my custom subdomain name assigned to my Azure website, following this (very carefully):
link to azure custom domain name instructions
Is it necessary to keep the "awverify" DNS records after the custom domain names linkage has been established?
I deleted the awverify DNS record for the test subdomain, and was able to add another subdomain pointer to my azurewebsites test site.
Maybe I did not wait long enough. Does anyone else have any experience with this, to say one way or the other?
Not sure if I understand the issue you are running into... but the CNAME entry with the 'awverify' subdomain is used to "prove" to Azure that you own that domain when you are wiring up a custom domain name. Once that is established, you no longer need that.