BTW, would you mind to give an example on how you are using HOST_REGEXP > 0 in
your production?
We thought HOST_REGEXP > 0 should be very similar to HOST_REGEXP = 0, but
sounds like it is not the case.
Thanks,
Zhilin
On 8/30/17, 12:46 PM, "Zhilin Huang (zhilhuan)" <zhilh...@cisco.com> wrote:
Hi Dave,
Thanks a lot for your response!
Sorry, I am not quite catch up with you. I am still confused about how
HOST_REGEXP will work in the production, may need more clarification:
1) “To support CNAMES from domains outside of the Traffic Control top
level DNS domain, enter multiple HOST_REGEXP lines”:
What does this mean about “outside of the Traffic Control top level DNS
domain”, will the CNAME still be response by Traffic Router?
If yes, then looks like it could only work to replace “tr” or “edge” field.
For example, a CDN with domain name “example.com”, and DS with HOST_REGEXP 0
“.*\.movie\..*” and HOST_REGEXP 1 “.*\.aliens\.*”, a zone file
“movie.example.com.” will be created. So traffic router could only serve DNS
request for “*.movie.example.com”. Does this mean “aliens.movie.example.com”
will be a CNAME for “tr.movie.example.com”? I think domain name like
“tr.aliens.example.com” could not be resolved by Traffic Router, correct?
2) “we use HOST_REGEXP > 0 as CNAMES which would be domains we are not
authoritative for and we don't control.”:
Does this mean the CNAMES are not managed by Traffic Router, and need be
configured in other DNS servers? If yes, how could that work for HTTPS? Take
the above example, if DNS query for “tr.aliens.example.com” would be response
as CNAME of “tr.movie.example.com” by outside DNS server, then Traffic Router
will response for further DNS query for “tr.movie.example.com”. The client will
still use “tr.aliens.example.com” in the HTTPS request, therefore the SSL
certificate will still not work since no SSL SAN configured.
Thanks,
Zhilin
On 8/29/17, 11:32 PM, "Dave Neuman" <neu...@apache.org> wrote:
This doc states To support CNAMES from domains outside of the Traffic
Control top level DNS domain, enter multiple HOST_REGEXP lines, which
shows
that we intended HOST_REGEXP > 0 to be for CNAMES.
http://trafficcontrol.apache.org/docs/latest/admin/traffic_ops/using.html?highlight=host_regexp#delivery-service-regexp
On Tue, Aug 29, 2017 at 9:29 AM, Dave Neuman <neu...@apache.org> wrote:
> Hi Zhilin,
> Sorry for not responding sooner.
>
> I answered your questions inline below. Let me know what other
questions
> you have.
>
> Thanks,
> Dave
>
> On Mon, Aug 28, 2017 at 8:32 PM, Zhilin Huang (zhilhuan) <
> zhilh...@cisco.com> wrote:
>
>> Hmm, no response…
>>
>> I think I should suppose no one is using multiple subdomains in
>> production. Please response if I am wrong.
>>
>> Thanks,
>> Zhilin
>>
>>
>> On 8/25/17, 3:12 PM, "Zhilin Huang (zhilhuan)" <zhilh...@cisco.com>
>> wrote:
>>
>> Hi folks,
>>
>> The multiple subdomain (HOST_REGEXP) looks not working in TC
version
>> we are using. However, after checking the code in latest master
branch, I
>> would suspect if this is fully supported:
>>
>> 1. Based on the code, Traffic Router may not fully support
>> HOST_REGEXP with “set_number” not equal 0. The cr-config generated
will
>> only include the first HOST_REGEXP into the “domains” field for each
>> delivery service. So the auto-zones will not be generated for other
>> HOST_REGEXP.
>>
>
> Correct, the regex is in the CrConfig but not in the domains section.
The
> HOST_REGEXP > 0 is intended (at least the way we use it) for CNAMEs on
> other domains. Since the CNAMEs are not on the domain the TR is
> authoritative for, the TR cannot manage zones for them.
>
>
>>
>> 2. For HTTPS delivery service, the SSL certificate will only be
>> generated for the first HOST_REGEXP.
>>
>
> Correct, again we use HOST_REGEXP > 0 as CNAMES which would be
domains we
> are not authoritative for and we don't control.
>
>
>> Have anyone of you are using multiple HOST_REGEXP in your
delivery
>> services? Please correct me if my understanding is wrong.
>>
>> If we want to fully support multiple subdomain (HOST_REGEXP),
should
>> we do:
>>
>> For item 1) above, expand all HOST_REGEXP and add into “domains”
>> field for each delivery service in “cr-config”. Is there any special
reason
>> to only include the first one?
>>
>
> Yes, we put CNAMEs in this field so TR could not be authoritative for
> those zones. You would need to do some check to make sure that TR can
> actually manage the zone before adding including it in the domains
section.
>
>
>>
>> For item 2) above, add SAN in SSL certificate for all HOST_REGEXP
>> other than the first one (set_number == 0)?
>>
>
> See above.
>
>
>> Thanks,
>> Zhilin
>>
>>
>>
>>
>>
>
