Update (9/17/2012): as of today, Azure Web Sites have direct support for A record, so the hack below is no longer necessary!
Warning: the following is just something that worked for me, and that others asked me about. It is not a Microsoft approved technique, and it could cause your cat to self-combust with no warning. I’m just a guy trying random things here.
Windows Azure Web Sites (WAWS) support custom domain names, as documented on this page. This makes it easy to use a name like www.davidebbo.com, by setting up a CNAME record in your DNS.
But a lot of people are asking how to make the name just davidebbo.com, which is known as a naked domain (aka a bare or root domain). Normally, this is done by setting up an A record, but this requires a stable IP address, which is not currently available in WAWS.
But it turns out that you can use use a CNAME for the naked domain, even though many people say it’s a bad idea (more on this below).
I’m not sure if this works with all registrars, but I use NameCheap, and it works with them. Here is what it looks like in the NameCheap DNS records:
So I’m doing two things here:
- First I’m making http://davidebbo.com go to my WAWS
- Then I’m making http://www.davidebbo.com redirect to http://davidebbo.com/. This is optional.
Then I have the following in the Configure tab of my WAWS:
Though really, I only need the last entry since I’m redirecting www to the naked domain. I just left the www entry in there because it doesn’t hurt. The first one could go too.
So what’s wrong with doing this?
If you search around, you’ll find a number of pages telling you that it’s unsupported, and breaks RFC1034 (e.g. see this page). And I’m sure that the experts will crucify me and call me an idiot for blogging this, but heck, I can live with that!
Personally, I don’t care so much about breaking an RFC, as much as I care about breaking my award winning http://davidebbo.com/ web site, which brings me most of my income.
So what might break? From what I’m told, doing this breaks MX records, which matters if you’re running an email server under your host name. So if I wanted to be me@davidebbo.com, I probably couldn’t. But I don’t, so I don’t care. It might also affect other types of records that I’m not using.
All I can say is that so far, I’m yet to find something broken about it, and I’ve heard from several others that they’ve been using this successfully for a while (not with WAWS, but that shouldn’t matter).
Anyway, I think you get my point: try at your own risk! And sorry about your cat.
I've personally used a CNAME on the naked domain, also using NameCheap for DNS, but to a Azure VM and I can confirm it breaks MX records, but otherwise it seems to work okay.
ReplyDeleteHi David,
ReplyDeleteI encountered this issue about a year ago for the Azure site for my open source minification tool hosted on Azure (http://rejuice.me)
I had a discussion with my (awesome!) DNS provider (http://dnsimple.com) and they gave a great, detailed explanation:
"It is true that some DNS providers allow it, but it goes against the DNS protocol and thus we do not. From RFC 1912 (http://www.ietf.org/rfc/rfc1912.txt):
2.4 CNAME records
A CNAME record is not allowed to coexist with any other data. In
other words, if suzy.podunk.xx is an alias for sue.podunk.xx, you
can't also have an MX record for suzy.podunk.edu, or an A record, or
even a TXT record. Especially do not try to combine CNAMEs and NS
records like this!:
podunk.xx. IN NS ns1
IN NS ns2
IN CNAME mary
mary IN A 1.2.3.4
This is often attempted by inexperienced administrators as an obvious
way to allow your domain name to also be a host. However, DNS
servers like BIND will see the CNAME and refuse to add any other
resources for that name. Since no other records are allowed to
coexist with a CNAME, the NS entries are ignored. Therefore all the
hosts in the podunk.xx domain are ignored as well!
If there were a way to do it and still be compliant I assure you we would. Perhaps you can use an A record with a low TTL and dynamically update it from the host if the host address changes? Jason Seifer put together a nice example of how to do this with a shell script: http://jasonseifer.com/2011/04/04/auto-update-ip-dnsimple"
I hope that helps.
Sam
@Mark: glad to hear that! It gives me hope that it won't completely blow up in my face :)
ReplyDelete@Sam: thanks for sharing this info, which gives some good context from people who obviously know more than me :)
ReplyDeleteAt this point, I'm waiting to find a concrete case that's broken for me. This very blog is using a CNAME for blog.davidebbo.com, and the 'illegal' naked CNAME entry is apparently not hurting it.
I guess time will tell. I'll update this post if I run into anything interesting.
One somewhat related caveat: You can't currently do SSL with this approach. https://davidebbo.azurewebsites.net works, but https://www.davidebbo.com will not. This isn't so much because of the DNS config (I don't think), but more because Azure doesn't currently support it and give you a place to put a SSL certificate.
ReplyDelete