Hey Zhilin, The HOST_REGEXP > 0 is not used the same as HOST_REGEXP = 0. I understand this is confusing, but it is what it is. We should probably get a ticket in to change the behavior or wording so that it is less confusing. The HOST_REGEXP > 0 is meant to be a CNAME. So, if you have a CDN with the domain name `example.com` and a HOST_REGEXP 0 of `.*\.movies\.*` you could have a HOST_REGEXP 1 of `movies.foo.bar.com` which will be a CNAME to ` movies.example.com`. This will need to be configured in a different DNS server (the one for `bar.com`) and will also need to be a SAN in the DS certificate. Then when the client looks up `different.domain.com` they will be pointed at `tr.movies.example.com` and TR will do the right thing.
I hope that helps? If not, let me know. Thanks, Dave On Tue, Aug 29, 2017 at 10:52 PM, Zhilin Huang (zhilhuan) < zhilh...@cisco.com> wrote: > BTW, would you mind to give an example on how you are using HOST_REGEXP > > 0 in your production? > > We thought HOST_REGEXP > 0 should be very similar to HOST_REGEXP = 0, but > sounds like it is not the case. > > Thanks, > Zhilin > > > On 8/30/17, 12:46 PM, "Zhilin Huang (zhilhuan)" <zhilh...@cisco.com> > wrote: > > Hi Dave, > > Thanks a lot for your response! > > Sorry, I am not quite catch up with you. I am still confused about how > HOST_REGEXP will work in the production, may need more clarification: > > 1) “To support CNAMES from domains outside of the Traffic Control top > level DNS domain, enter multiple HOST_REGEXP lines”: > > What does this mean about “outside of the Traffic Control top level > DNS domain”, will the CNAME still be response by Traffic Router? > > If yes, then looks like it could only work to replace “tr” or “edge” > field. For example, a CDN with domain name “example.com”, and DS with > HOST_REGEXP 0 “.*\.movie\..*” and HOST_REGEXP 1 “.*\.aliens\.*”, a zone > file “movie.example.com.” will be created. So traffic router could only > serve DNS request for “*.movie.example.com”. Does this mean “ > aliens.movie.example.com” will be a CNAME for “tr.movie.example.com”? I > think domain name like “tr.aliens.example.com” could not be resolved by > Traffic Router, correct? > > 2) “we use HOST_REGEXP > 0 as CNAMES which would be domains we are not > authoritative for and we don't control.”: > Does this mean the CNAMES are not managed by Traffic Router, and need > be configured in other DNS servers? If yes, how could that work for HTTPS? > Take the above example, if DNS query for “tr.aliens.example.com” would be > response as CNAME of “tr.movie.example.com” by outside DNS server, then > Traffic Router will response for further DNS query for “ > tr.movie.example.com”. The client will still use “tr.aliens.example.com” > in the HTTPS request, therefore the SSL certificate will still not work > since no SSL SAN configured. > > Thanks, > Zhilin > > > > On 8/29/17, 11:32 PM, "Dave Neuman" <neu...@apache.org> wrote: > > This doc states To support CNAMES from domains outside of the > Traffic > Control top level DNS domain, enter multiple HOST_REGEXP lines, > which shows > that we intended HOST_REGEXP > 0 to be for CNAMES. > > http://trafficcontrol.apache.org/docs/latest/admin/traffic_ > ops/using.html?highlight=host_regexp#delivery-service-regexp > > > On Tue, Aug 29, 2017 at 9:29 AM, Dave Neuman <neu...@apache.org> > wrote: > > > Hi Zhilin, > > Sorry for not responding sooner. > > > > I answered your questions inline below. Let me know what other > questions > > you have. > > > > Thanks, > > Dave > > > > On Mon, Aug 28, 2017 at 8:32 PM, Zhilin Huang (zhilhuan) < > > zhilh...@cisco.com> wrote: > > > >> Hmm, no response… > >> > >> I think I should suppose no one is using multiple subdomains in > >> production. Please response if I am wrong. > >> > >> Thanks, > >> Zhilin > >> > >> > >> On 8/25/17, 3:12 PM, "Zhilin Huang (zhilhuan)" < > zhilh...@cisco.com> > >> wrote: > >> > >> Hi folks, > >> > >> The multiple subdomain (HOST_REGEXP) looks not working in > TC version > >> we are using. However, after checking the code in latest master > branch, I > >> would suspect if this is fully supported: > >> > >> 1. Based on the code, Traffic Router may not fully support > >> HOST_REGEXP with “set_number” not equal 0. The cr-config > generated will > >> only include the first HOST_REGEXP into the “domains” field for > each > >> delivery service. So the auto-zones will not be generated for > other > >> HOST_REGEXP. > >> > > > > Correct, the regex is in the CrConfig but not in the domains > section. The > > HOST_REGEXP > 0 is intended (at least the way we use it) for > CNAMEs on > > other domains. Since the CNAMEs are not on the domain the TR is > > authoritative for, the TR cannot manage zones for them. > > > > > >> > >> 2. For HTTPS delivery service, the SSL certificate will > only be > >> generated for the first HOST_REGEXP. > >> > > > > Correct, again we use HOST_REGEXP > 0 as CNAMES which would be > domains we > > are not authoritative for and we don't control. > > > > > >> Have anyone of you are using multiple HOST_REGEXP in your > delivery > >> services? Please correct me if my understanding is wrong. > >> > >> If we want to fully support multiple subdomain > (HOST_REGEXP), should > >> we do: > >> > >> For item 1) above, expand all HOST_REGEXP and add into > “domains” > >> field for each delivery service in “cr-config”. Is there any > special reason > >> to only include the first one? > >> > > > > Yes, we put CNAMEs in this field so TR could not be > authoritative for > > those zones. You would need to do some check to make sure that > TR can > > actually manage the zone before adding including it in the > domains section. > > > > > >> > >> For item 2) above, add SAN in SSL certificate for all > HOST_REGEXP > >> other than the first one (set_number == 0)? > >> > > > > See above. > > > > > >> Thanks, > >> Zhilin > >> > >> > >> > >> > >> > > > > > > >
