Thanks for the response. We were trying to figure out why one user can access http://www.foo.com but cannot access https://www.foo.com (all other users seem to have no problem). We recently activated SSL for custom domains. This user is in a location severely affected by the blackouts. So I was working through a theory that the user's DNS might be stuck from our pre-ssl days. Maybe their computer clock has been reset. Dunno :)
On Thursday, July 5, 2012 2:53:23 PM UTC-7, barryhunter wrote: > > On Thu, Jul 5, 2012 at 8:33 PM, johnP <[email protected]> wrote: > > VIP SSL for custom domains, as I understand, means Virtual IP. I had a > > domain foo.com and recently activated VIP SSL for the domain. > > > > Question: > > > > a. Am I correct in understanding that httpS://foo.com will always > resolve > > to one IP Address? > > b. Does that mean that http://foo.com will also resolve to that same > IP > > Address? > > DNS is not protocol specific. So foo.com will resolve the same. > > On a 'naked domain' like that, CNAMEs dont work (well) so, you must be > using an actual IP address (ie a A record) - so it resolve to what you > set in your DNS settings. > > Because of that, not sure how good a idea it is to use App Engine with > a naked domain. Google Apps, does allow you to however setup > redirection on the naked domain. > > > Google will almost certainly be running a standard HTTP (port 80) > proxy on your VIP as well as a HTTPS (port 443) proxy. > > Or if Google are managing your DNS for you, they could be managing the > A record for the domain, so its the same as the CNAME. (I dont know if > Google offer this) > > > > > c. Is it possible that customers may have IP_orig DNS cached, and the > > cache has not updated recently (due to power outages on the East Coast, > for > > example), so httpS is trying to resolve to the old IP and failing? > > Well this is where using the CNAME would be good, the final IP should > have a short TTL, so wont be cached for long. But if Google need to > perform an emergency migration of your IP address, clients should > pickup the new IP relativly quickly. > > Or they might be able able to move your IP itself - at routing level, > to an unaffected location. > > But really use a CNAME, and let google worry about migrations. > > > > > > > -- > > You received this message because you are subscribed to the Google > Groups > > "Google App Engine" group. > > To view this discussion on the web visit > > https://groups.google.com/d/msg/google-appengine/-/uSqBKNAOgAUJ. > > To post to this group, send email to [email protected]. > > To unsubscribe from this group, send email to > > [email protected]. > > For more options, visit this group at > > http://groups.google.com/group/google-appengine?hl=en. > -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To view this discussion on the web visit https://groups.google.com/d/msg/google-appengine/-/_qxUokU6ww4J. To post to this group, send email to [email protected]. To unsubscribe from this group, send email to [email protected]. For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en.
