Ronny Lam

about://tech

50 Shades: The Naked Domain

Alright, the title is probably the most exciting thing about is post. Or is it?

As you might know, I am serving this blog from Heroku. Heroku is a very cool PaaS, which is very elastic and horizontally scalable. You can start apps and services within the minute. And you don’t have to worry about the network or the OS, only about your app, which is in my case a web service.

Normally you get a very redundant service which get automatically balanced and rerouted when needed. You point your domain–name to your Heroku URL of your app, configure Heroku to connect those URLS and your done:

1
2
3
4
5
6
7
8
$ heroku domains:add www.ronnylam.nl
Adding www.ronnylam.nl to ronnylam... done

$ nslookup www.ronnylam.nl
Non-authoritative answer:
www.ronnylam.nl   canonical name = ronnylam.herokuapp.com.
Name: ronnylam.herokuapp.com
Address: 23.23.113.171

This works great and you will see that the actual IP-address is changing once in a while, because Heroku is rerouting and balancing traffic.

A while ago I decided to change this blog URL to be the naked root domain ronnylam.nl. Root domains in DNS can not be a CNAME, a canonical name pointing to another name. They have to be A-records, which point to an ip-address, or multiple addresses. So I pointed this to one of the herokuapp addresses.

1
2
3
4
$ nslookup ronnylam.nl 
Non-authoritative answer:
Name: ronnylam.nl
Address: 23.23.113.171

Together with sending a 301 pointing to ronnylam.nl for anything else that was not ronnylam.nl I switched over. Yesterday it turned out to be not a good idea documented by Heroku.

Naked domains, also called bare, root or apex domains, are configured in DNS via A-records and have serious availability implications when used in environments such as massive on-premise datacenters, cloud infrastructure services, and platforms like Heroku.

To overcome this I changed the 301 rule to www.ronnylam.nl to start with. But since I can not trust on Heroku ip-addresses to be persistent I had to move the 301-service to forward users from ronnylam.nl to www.ronnylam.nl outside Heroku. This is of course because ronnylam.nl can NOT be a CNAME.

For that I turned to the free service of wwwizer.

Just point your naked domain to 174.129.25.170 and it will be redirected to the same domain with www in front.

The service is so dead-simple that you don’t have to sign up for this.

Now the flows are like this:

  • ronnylam.nl -> wwwizer 301 -> www.ronnylam.nl CNAME -> ronnylam.herokuapp.com IP
  • blog.ronnylam.nl -> ronnylam.herokuapp.com 301 -> www.ronnylam.nl CNAME -> ronnylam.herokuapp.com IP
  • www.ronnylam.nl CNAME -> ronnylam.herokuapp.com IP
  • ronnylam.herokuapp.com -> ronnylam.herokuapp.com 301 -> www.ronnylam.nl CNAME -> ronnylam.herokuapp.com IP

It looks more complicated than it really is, but this assures connectivity.