BTW, would you mind to give an example on how you are using HOST_REGEXP > 0 in your production?
We thought HOST_REGEXP > 0 should be very similar to HOST_REGEXP = 0, but sounds like it is not the case. Thanks, Zhilin On 8/30/17, 12:46 PM, "Zhilin Huang (zhilhuan)" <zhilh...@cisco.com> wrote: Hi Dave, Thanks a lot for your response! Sorry, I am not quite catch up with you. I am still confused about how HOST_REGEXP will work in the production, may need more clarification: 1) “To support CNAMES from domains outside of the Traffic Control top level DNS domain, enter multiple HOST_REGEXP lines”: What does this mean about “outside of the Traffic Control top level DNS domain”, will the CNAME still be response by Traffic Router? If yes, then looks like it could only work to replace “tr” or “edge” field. For example, a CDN with domain name “example.com”, and DS with HOST_REGEXP 0 “.*\.movie\..*” and HOST_REGEXP 1 “.*\.aliens\.*”, a zone file “movie.example.com.” will be created. So traffic router could only serve DNS request for “*.movie.example.com”. Does this mean “aliens.movie.example.com” will be a CNAME for “tr.movie.example.com”? I think domain name like “tr.aliens.example.com” could not be resolved by Traffic Router, correct? 2) “we use HOST_REGEXP > 0 as CNAMES which would be domains we are not authoritative for and we don't control.”: Does this mean the CNAMES are not managed by Traffic Router, and need be configured in other DNS servers? If yes, how could that work for HTTPS? Take the above example, if DNS query for “tr.aliens.example.com” would be response as CNAME of “tr.movie.example.com” by outside DNS server, then Traffic Router will response for further DNS query for “tr.movie.example.com”. The client will still use “tr.aliens.example.com” in the HTTPS request, therefore the SSL certificate will still not work since no SSL SAN configured. Thanks, Zhilin On 8/29/17, 11:32 PM, "Dave Neuman" <neu...@apache.org> wrote: This doc states To support CNAMES from domains outside of the Traffic Control top level DNS domain, enter multiple HOST_REGEXP lines, which shows that we intended HOST_REGEXP > 0 to be for CNAMES. http://trafficcontrol.apache.org/docs/latest/admin/traffic_ops/using.html?highlight=host_regexp#delivery-service-regexp On Tue, Aug 29, 2017 at 9:29 AM, Dave Neuman <neu...@apache.org> wrote: > Hi Zhilin, > Sorry for not responding sooner. > > I answered your questions inline below. Let me know what other questions > you have. > > Thanks, > Dave > > On Mon, Aug 28, 2017 at 8:32 PM, Zhilin Huang (zhilhuan) < > zhilh...@cisco.com> wrote: > >> Hmm, no response… >> >> I think I should suppose no one is using multiple subdomains in >> production. Please response if I am wrong. >> >> Thanks, >> Zhilin >> >> >> On 8/25/17, 3:12 PM, "Zhilin Huang (zhilhuan)" <zhilh...@cisco.com> >> wrote: >> >> Hi folks, >> >> The multiple subdomain (HOST_REGEXP) looks not working in TC version >> we are using. However, after checking the code in latest master branch, I >> would suspect if this is fully supported: >> >> 1. Based on the code, Traffic Router may not fully support >> HOST_REGEXP with “set_number” not equal 0. The cr-config generated will >> only include the first HOST_REGEXP into the “domains” field for each >> delivery service. So the auto-zones will not be generated for other >> HOST_REGEXP. >> > > Correct, the regex is in the CrConfig but not in the domains section. The > HOST_REGEXP > 0 is intended (at least the way we use it) for CNAMEs on > other domains. Since the CNAMEs are not on the domain the TR is > authoritative for, the TR cannot manage zones for them. > > >> >> 2. For HTTPS delivery service, the SSL certificate will only be >> generated for the first HOST_REGEXP. >> > > Correct, again we use HOST_REGEXP > 0 as CNAMES which would be domains we > are not authoritative for and we don't control. > > >> Have anyone of you are using multiple HOST_REGEXP in your delivery >> services? Please correct me if my understanding is wrong. >> >> If we want to fully support multiple subdomain (HOST_REGEXP), should >> we do: >> >> For item 1) above, expand all HOST_REGEXP and add into “domains” >> field for each delivery service in “cr-config”. Is there any special reason >> to only include the first one? >> > > Yes, we put CNAMEs in this field so TR could not be authoritative for > those zones. You would need to do some check to make sure that TR can > actually manage the zone before adding including it in the domains section. > > >> >> For item 2) above, add SAN in SSL certificate for all HOST_REGEXP >> other than the first one (set_number == 0)? >> > > See above. > > >> Thanks, >> Zhilin >> >> >> >> >> >