For a few weeks I was trying to get a custom domain working with
Substack, which does allow it, usually they specify to use the "www."
domain level for the CNAME to point at *target.substack-custom-domains.com*
But some people want to to this at the domain apex, and the Substack
docs state that /some /providers support zone apex aliasing.
Which is true.
But most providers do it via CNAME flattening, so at the end of the
process, they aren't really CNAMEs, they're A recs.
But this will not work for Substack custom domains - and after going
back and forth with their support, who took it up with some ops, it
turns out that custom domains /at the apex/ on Substack will /only work/
when the query returns, literally, a CNAME when queried.
The example they gave me to replicate was: *theamazingnewsletterofjosh.com*
which if you do
$ dig theamazingnewsletterofjosh.com @dns1.registrar-servers.com
gives you
;; ANSWER SECTION:
theamazingnewsletterofjosh.com. 60 IN CNAME
target.substack-custom-domains.com.
Even though if you also do this:
$ dig -t ns theamazingnewsletterofjosh.com @dns1.registrar-servers.com
you'll get
;; ANSWER SECTION:
theamazingnewsletterofjosh.com. 1800 IN NS dns1.registrar-servers.com.
theamazingnewsletterofjosh.com. 1800 IN NS dns2.registrar-servers.com.
Which would seem to be non-compliant (CNAME and other data)
but if you do this
$ dig -t soa theamazingnewsletterofjosh.com @dns1.registrar-servers.com
you get
;; ANSWER SECTION:
theamazingnewsletterofjosh.com. 60 IN CNAME
target.substack-custom-domains.com.
Which is also weird
So apparently, Namecheap (which I believe uses UltraDNS on the backend)
and apparently Cloudflare handle this apex aliasing, with a literal
alias, but if you simply flatten the apex alias, for some reason, it
will not work as a Substack custom domain.
I thought maybe the powerdns ALIAS pseudo type might facilitate this,
https://doc.powerdns.com/authoritative/guides/alias.html
but after setting up a test case, it looks like it too, implements this
by flattening it out to A records.
Am I to assume this is some customized DNS response then?
Is it even standards compliant to be handing out a CNAME response for
the same zone that has NS records? (I would say no, but it seems to be a
thing?)
- mark
--
Mark E. Jeftovic <[email protected]>
Co-founder & CEO easyDNS Technologies Inc.
+1-(416)-535-8672 ext 225
/"Never expect a thing you do not want,
and never desire a thing you do not expect."
-- Bob Proctor /
_______________________________________________
dns-operations mailing list
[email protected]
https://lists.dns-oarc.net/mailman/listinfo/dns-operations
