Solved

Pointing my domain to a big commerce store using a cname

Posted on 2016-09-06
46
69 Views
Last Modified: 2016-09-13
I was contacted by my marketing sale and marketing department and told that they were having our website rebuild and that it was going to be build on the Big Commerce platform.  Currently we have our old website hosted and have three A records pointing to the IP address where the site is being hosted.  Today I receive an email saying that the site is ready to go and that there is no IP address and that we will have to point to the store using a cname record.  I have never run into this before.  I am just double checking with you experts here.  So i was told we could go ahead and delete those A records  for the old site and then create a cname .  I created the cname record www and pointed it towards the stores URL that they emailed to me.  Is this all that needs to be done for this to work.  This is somewhat confusing because I've always been used to having an IP address to point an A record to.
0
Comment
Question by:techitch2
  • 15
  • 11
  • 10
  • +3
46 Comments
 
LVL 17

Expert Comment

by:Garry-G
ID: 41787289
This expert suggested creating a Gigs project.
A "cname" is more or less just an alias for another entry. By adding a CNAME, you're telling the user client that, once it looks up the initial name, like "www.myname.com", to then look up a different name, e.g. "www.bigshop.com", and use it instead. Simple as that. So once you have confirmed the lookup to work, you're ready to go ...
0
 
LVL 32

Expert Comment

by:aleghart
ID: 41787362
CNAME records are used all the time for hosted services.

Your CNAME for 'store.mydomain.tld' will point to the A record 'mydomain.service.tld'.

The service provider will point their A record to an IP address.

The end result is that an HTTP request gets to the correct host with the host.domain part of the URL intact.

The target of your CNAME record could be a single server instance or a big load balancer With clisters of hosts behind it....you don't know, and it doesn't matter.

As a simple example, think of the thousands of companies and organizations using Google mail.  You don't point 'mail.domain.tld' to a single IP address.

You make a CNAME to Google's mail infrastructure, like 'ghs.googlehosted.com'.  There are many IP addresses that answer for that FQDN, depending on where amd when you query.

Make sure you know your TTL for your DNS records.  5 minutes is good for testing, bit some DNS providers will not honor it.  It's also useful for disaster recovery or preparing dor transition to a new service/server.

Somewhere between 300 - 86,400 (5m - 24h).
0
 

Author Comment

by:techitch2
ID: 41787665
Guys lets see if you can help.  I will detail what is going on now.  On network solutions when setting up a cname it does not allow you to leave the "alias" portion blank or use the @ or * symbols.  So when i set up the cname i set ours up with www as the alias and it puts mydomain.com behind.  Now we were told to delete our old A records because we do not want them pointing to our old server.  They also said big commerce (which we built our new website with) has a dynamic IP address so we would have to use the cname.  We could use the A record but that the IP would change at some point and people would not be able to reach our website.  So as it stands we have no A records for our website.  We have a cname with www as the alias.  I can resolve my website if i type into the address bar www.mydomain.com however if I just type mydomain.com I get mydomain's server DNS address could not be found.  

Any help here?
0
 
LVL 17

Expert Comment

by:Garry-G
ID: 41787683
In a regular zone file your config would look something like this:

www   IN CNAME     cname.of.bigcommerce.com
@  IN CNAME     cname.of.bigcommerce.com

Open in new window


That way, both entries www.mydomain.com and mydomain.com would be redirected to cname.of.bigcommerce.com which in turn redirects to some other entry that contains the actual IP addresse of the destination system.
As for Network Solutions, you'd have to check with them how to get the "@ IN CNAME" entry configured, it's definitely something that is a legal entry ... so possibly it's just a glitch in their web configuration interface ... check with their customer support ...
0
 

Author Comment

by:techitch2
ID: 41787734
Yes I have tried and the web interface for the cname area says the cname has to be alphanumeric and will not allow me to create the cname @.  I will call them and ask what the deal is.
0
 
LVL 32

Expert Comment

by:aleghart
ID: 41787970
The web interface error is because there is an RFC that says a CNAME cannot co-exist with another resource.  In this case, for the root domain (naked domain, apex, zone, or whatever you want to call it) already has an SOA record, and likely an MX record.

Some DNS providers will synthesize an @ CNAME by a propietary record type called ALIAS or ANAME, and special handling by their resolving servers.  It's not universal.  You have to use a DNS provider that has this setup.

Route53 has such a service.  You can probably guess why.

I know Cloudflare caved in and made something work because people were threatening to leave.

Best bet is to conract tech support for your DNS provider.
1
 
LVL 70

Expert Comment

by:Chris Dent
ID: 41788270
A CNAME at the apex is a violation of the RFCs for DNS. In the case of some protocols such a violation might not matter, however DNS is a vast distributed system, adherence to standards is strict.

Route53 achieves the effect by customising a DNS service that fabricates a record at the point of request. The "alias" construct is not visible to the (DNS) client (whereas you can trivially create a query for a CNAME record).

Chris
0
 

Author Comment

by:techitch2
ID: 41788290
So are you guys saying Network Solutions will not be able to do this for us because it violates some rules?  How the hell do folk build a site on Big Commerce and point to it if it's servers use dynamic addressing.  They all pay for additional service?  I have a request in to Network Solutions to create this record for us and am waiting to hear back.
0
 
LVL 70

Assisted Solution

by:Chris Dent
Chris Dent earned 125 total points
ID: 41788326
They may, although I'm not aware of them offering any such service. It would be wise to ask them directly before seeking alternatives.

The rules in this case are what defines one of the most, if not the most, important highly distributed sub-system that under-pins the Internet. The limitation, restriction, whatever you prefer to call it on the use of CNAME records has been kicking around for nearly 30 years now.

If you must point the apex at a dynamic entry you will have to find a vendor that provides a work-around (Route53 likes you to point the psuedo-record at their load balancers). Or implement your own work-around by bouncing the apex record through a separate load balancer on a fixed IP (or anything else that takes the problem outside of the DNS).
0
 
LVL 61

Expert Comment

by:gheist
ID: 41788392
It should be permanent redirect. Store probably does not accept your host name.
0
 
LVL 32

Accepted Solution

by:
aleghart earned 250 total points
ID: 41788420
techitch2,

Simple answer...yes, you must choose a DNS provider who will create synthetic CNAME-style resolution using a non-RFC method.

RFC 1912: Common DNS Operational and Configuration Errors, February 1996
2.4 CNAME records
A CNAME record is not allowed to coexist with any other data.

RFC 2181: Clarifications to the DNS Specification, July 1997
10.1. CNAME resource records
....An alias name (label of a CNAME record) may, if DNSSEC is in use, have SIG, NXT, and KEY RRs, but may have no other data.


Some DNS providers who already have workarounds for CNAME-style resolution of the root/apex/@ of a domain:

CloudFlare: CNAME flattening
https://blog.cloudflare.com/zone-apex-naked-domain-root-domain-cname-supp/

DNSimple: ALIAS
https://support.dnsimple.com/articles/alias-record/

AWS Route53: ALIAS
http://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resource-record-sets-choosing-alias-non-alias.html

DynDNS (dyn.com): ALIAS
https://help.dyn.com/enabling-alias-records-in-managed-dns/

DNS Made Easy: ANAME
http://www.dnsmadeeasy.com/services/anamerecords/
2
 
LVL 32

Expert Comment

by:aleghart
ID: 41788429
Some hosting providers will allow you to create a URL-based 301 server-side redirect.  But, this does not work with DNS resolution.  The web request must hit their web servers first, then re-direct.  I think you're looking for a DNS solution, right?
0
 
LVL 61

Expert Comment

by:gheist
ID: 41788451
You have to hit your website. www.amazon.com will not respond to requests directed at www.ebay.com, no matter how hard you configure DNS
0
 

Author Comment

by:techitch2
ID: 41788463
Guys I don't know what I'm looking for.  Until now I've only used A records to point to whoever is hosting our website.  I've only created a cname in the past for auto-discovery for our email service.  I usually manage the DNS through the registrar's advanced DNS settings.  Using their Name servers.  A lot of what you guys are list here is Greek to me.  

The coding company we worked with to get this site up and running has just said we need to create a cname.  I received no other info from them and when I called them they seemed to know less then me about the topic, which does not say much.

We have no A records for our domain at the moment and one cname that points to www.mydomian.com
if you leave the www off while typing into the browser it states it can not find the domain.  Although some browsers just add the www and it's good to go.

So at this point i have contacted network solutions and asked them to create a cname of @ to point to that store.  They told me they would have to escalate that request and get back to me.
0
 
LVL 32

Expert Comment

by:aleghart
ID: 41788487
CNAME for @ is not possible.
There are workarounds, but they are not actual CNAME records.  It behaves the same.

Different name.  Additional tech beyond a standard DNS server.

But, effectively the same.

Just tell them what you need:  your root domain pointed to an FQDN "like a CNAME for @".

They'll understand, and point you in the right direction.
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 41788526
I would be prepared for the answer from network solutions to "can't do that" though (hope for better, but prepare for no). The list of providers above is a good one and worth researching, you may need to move to one of those if this is an absolute requirement.

Remember that you can work-around this problem outside of DNS as well though. The thing answering on the root domain does not have to be the same as the thing on www. The thing you implement on the root domain might just be a redirect (301 as above) to help someone along the way to www.
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 41788548
One last comment before dinner.

I would consider the following migration path, depending a bit on your current services and assuming network solutions say "Eh? What?".

1. Set-up new system (wherever that might be).
2. Update www to direct to the new system (CNAME). Treat this as the primary ingress.
3. Configure a 301 redirect on the existing system, sending to www (web-service level redirection).

This, in my mind, buys you time to figure out a better solution. Be clear that what you have is a work-around and more cost may be incurred. It still provides a functional service to satisfy your clients and stakeholders.
0
 

Author Comment

by:techitch2
ID: 41788551
So I just got off the phone with big commerce and they said all we have to do is just create a cname record for mydomain.com (with nothing in front of our domain name) and point it towards our store url.  They also said people do it all the time.  I am really confused.  

They also said we could use A records and that their servers IP's have changed but it is rare and that they would email the store owner ahead of time should the IP change.  The downfall to this is when the user would punch up our domain (since we'd be using a shared SSL cert) they'd see the stores url instead of www.mydomain.com

Then there is a third option.  We can purchase an SSL cert from them and then the IP would never change and the store would show our URL and not the stores URL.

Oh my word...............
0
 
LVL 32

Expert Comment

by:aleghart
ID: 41788562
You can't create a CNAME for 'mydomain.com'.

The records are relative to the domain root.

Same way you can't create  CNAME for 'www.mydomain.com'.

In the zone for 'mydomain.com' you can create a CNAME record for 'www'.

If people did it all the time, you wouldn't see the many years of google search history for this very problem.

You can only use the toold provided by the DNS service provider.  They will be the authoritative opinion on what you can and can't do.
0
 

Author Comment

by:techitch2
ID: 41788572
Aleg I'm just relaying the info to you guys.  This is what their employees are telling people.  They told me that mydomin.com points nowhere right now and that is the problem.
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 41788575
Well, they're wrong and they're advocating a non-compliant configuration. Great. You cannot do that for the domain root without a specialist work-around in most cases.

If you owned the DNS service (as in ran your own), you could do that by tweaking the options that check for the configuration error. However, just because you might be able to does not mean you should. A DNS service is not only run for the benefit of you, and you cannot control what happens on other DNS servers and clients when things are done outside of the published standards. This is moot if you're limited by a hosted DNS service.

Buy and SSL cert? Sounds like they use that as the only means of supplying a static IP, presumably at that point because they pretty much must.
0
 
LVL 32

Expert Comment

by:aleghart
ID: 41788590
techitch2,
I wasn't criticizing _you_.  What they said sounds a lot like "it's not my problem", or a kiss off.  We get that a lot from tier 1 tech support types who don't actually have to do the things that you do.  So, I empathisize with your frustration.

What I was trying to do was reinforce what you are saying.  That you can't do what they are asking.  Simply because it's not possible.  Not because you are doing anything wrong.  And, no, people don't do it all the time.

I've had to do the URL redirect (301) in the past for things that needed a CNAME.  It's clumsy, and requires extra work.

The DNS workarounds offered by a few providers are much cleaner, and don't require any kind of web server to do it.

Let us know if NetSol has a workaround.  If not, DNS transition to another provider is possible.  Not fun.  Not free.  But, it's an option.
0
 
LVL 16

Assisted Solution

by:vivigatt
vivigatt earned 125 total points
ID: 41788832
OK, so if CNAME does not work, you could keep your existing CNAME and A records and host a root page with a redirection mechanism.
I would go for a php page with a header(location) instruction
<?
header('Location:mytargeturl.com');
?>

Open in new window

However, there are many drawbacks and it would work only if there is only one host and no path in your URLs, since, for instance, download.mydomain.com will not resolve to the mytargeturl.com, nor will www.mydomain.com/download...
But if your new web site is such that everything is handled with a request behind www.mydomain.com or mydomain.com, this would do the trick...

Otherwise, check this discussion, they are addressing a very similar issue:
http://stackoverflow.com/questions/656009/how-to-overcome-root-domain-cname-restrictions
0
What Is Threat Intelligence?

Threat intelligence is often discussed, but rarely understood. Starting with a precise definition, along with clear business goals, is essential.

 

Author Comment

by:techitch2
ID: 41789371
Just an update, Network solutions fixed this issue by creating cname "mydmoain.com..mydomain.com" but now our incoming email is not working.   SMH!
0
 
LVL 16

Expert Comment

by:vivigatt
ID: 41789378
Can you edit your post?
It's not clear where the typo(s) are.

Regarding email, you have to create MX records pointing to the mail server(s) allowed to process mails incoming to mydomain.com

It may be much easier if you posted your DNS zone (after replacing the names, since it seems you do not want to disclose them)
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 41789395
Did they really create mydomain.com.mydomain.com? It won't do any good if that's so, but I'm concerned e-mail is broken.

Review the records created at the root with:
nslookup -q=a mydomain.com.
nslookup -q=cname mydomain.com.

Open in new window

The lookup for the CNAME should return the SOA record like this:
C:\WebServices> nslookup -q=cname google.com
Server:  <MyDnsServer>
Address:  <MyDnsServerIP>

google.com
        primary name server = ns1.google.com
        responsible mail addr = dns-admin.google.com
        serial  = 132542417
        refresh = 900 (15 mins)
        retry   = 900 (15 mins)
        expire  = 1800 (30 mins)
        default TTL = 60 (1 min)

Open in new window

Review MX records with:
nslookup -q=mx mydomain.com.

Open in new window

This should show you each of the servers you expect mail to be delivered to.

You should also have NS and SOA records exposed at the root:
nslookup -q=ns mydomain.com.
nslookup -q=soa mydomain.com.

Open in new window

You don't need to do anything with these, but the queries should work without error.

You should also be able to execute a query for any:
nslookup -q=any mydomain.com.

Open in new window

That should return all of the records above and anything else configured at the apex.

Note: the trailing period (.) is deliberate. It stops nslookup appending a suffix search list and muddying the results.
0
 
LVL 16

Expert Comment

by:vivigatt
ID: 41789407
I guess they created mydomain.com..mydomain.com, with the double dot.
But we would have to be sure, this is why I asked the OP to edit his post!
0
 

Author Comment

by:techitch2
ID: 41789418
Vivi for whatever reason it won't let me edit.  I did typo it should be "mydomain.com..mydomain.com"
That cname was created last night pointing to our big commerce store.  Underneath in a note that was placed by whoever created the record it says "Network Solutions E-mail"

We have MX records.  Two of them pointing to rackspace servers.  But when rackspace looks up our mx it points to the cname of "mydomain.com..mydomain.com"

I also have to wait for a data cleanse for them to remove this screw-up.
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 41789427
That's quite special. I have to doubt the person making the change had the slightest idea about impact.

I strongly advise you get them to remove that record as soon as you can. The MX symptom is exactly why CNAMEs at the root aren't supportable. You need to seek an alternative, be that a web redirect or a different DNS host I'm afraid.
0
 

Author Comment

by:techitch2
ID: 41789433
:(   I think I'm just going to buy an SSL cert from Big Commerce so i can create A records to point to a friggen static IP.

Also the MX dig points to our store which i believe is coming from the creation of the cname "mydomain.com..mydomain.com"
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 41789438
I think that's a sound plan, even if it's less than ideal.
0
 
LVL 16

Expert Comment

by:vivigatt
ID: 41789459
MX CANNOT point to a CNAME, as per rfc2181 section-10.3
http://tools.ietf.org/html/rfc2181#section-10.3
MX has to point to an A record.

I created a small test page to check this compliance, it's here :
http://win10wiwi.com/testrfcMX.php

Some ISPs refuse to process e-mails sent to a domain which MX points to a CNAME...
0
 

Author Comment

by:techitch2
ID: 41789476
Will you guys help me if i give you our domain.  I'm confused when you say MX has to point to an a record.  We do not have any A records.  Our A records were pointing to our old web site.
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 41789485
You'd have to be happy posting it in the clear here. Using other means (such as e-mail) is against the site rules.
0
 

Author Comment

by:techitch2
ID: 41789500
I am not happy about that or this situation I am in at all.  I knew after speaking with you guys yesterday I should have called Net Solution and cancelled my request to create the @ cname.  Not thinking in a million years they'd just create a different cname that screws our email up.

Vivi your test shows that our domain does not exist.
0
 
LVL 70

Expert Comment

by:Chris Dent
ID: 41789539
To be honest there's probably not much debugging we can add anyway now, we've gone on enough about the lack of CNAME support at the apex :)

If you manage to get them to un-do the CNAME it should at least bring everything back into operation, using dig or nslookup will let you test resolution of individual records.

I can't see a problem if big commerce assign you a static IP. Ultimately the advice they've given you (about the CNAME record) throughout this process has been suspect and ill-considered; acting on that advice has led to the e-mail outage you're suffering from which is frustrating as they're posing as a technical authority.

We may as well have a brief detour into SSL.

Confirm that you will be supplying the certificate or acquiring a signature from a CSR (certificate signing request), and that you will be responsible for renewal (when it expires as all certificates do). If they give you an admin portal it's likely generation of the request will happen there.

If you are supplying the certificate, I would ask about Subject Alternative Names (SAN), and ensure the SAN field lists both mydomain.com and www.mydomain.com to avoid certificate errors when accessing the site using either name. Without this the certificate will only be error free when configured to use either mydomain.com or www.mydomain.com (not both).
0
 
LVL 32

Expert Comment

by:aleghart
ID: 41789582
MX record shouldn't point to a CNAME.

mydomain.com MX = 'mail.mydomain.com 10'

mail.mydomain.com should be an (A) record pointing to an IPv4 address, not a CNAME.

This ensures that the sending mail server does not get caught in recursion purgatory hopping from one CNAME to another without ever finding a valid (A) record.

Some SMTP relays won't play that game, and decide to drop the session when they hit a CNAME, assuming it's misconfigured.

Your MX can point at multiple mail servers, but all should be (A) records.
0
 
LVL 16

Expert Comment

by:vivigatt
ID: 41789621
Is "Big Commerce" supposed to run the mail server for "mydomain.com"?
If not, you can try to do something like this

mail 300 IN A 123.45.67.89
@ 10800 IN MX 10 mail.mydomain.com.

Open in new window


Then, your emails will be processed by the email server running on "mail.mydomain.com", which has an A record (which IP address you have to supply).
You could try to get the corresponding MX records from the old DNS zone entry for your MX, if your email server still runs there.

Regarding the "domain does not exist" on my page, well, it means that the process was not able to resolve the MX record for your domain name. I am using the php function:
dns_get_record($domain, DNS_MX);

Open in new window


No wonder why you don't receive emails if there are no valid MX records for your domain...
0
 
LVL 32

Expert Comment

by:aleghart
ID: 41789645
With no valid MX record, many SMTP relays will attempt the DNS (A) record for that domain/subdomain.

Many organizations rely on this crutch without knowing it...until they move hosting providers or split IP addresses from web & mail hosts.  Then, mail stops.
0
 

Author Comment

by:techitch2
ID: 41790015
So it looks like net sol deleted that record, however we are just receiving emails intermittently.  Even though every MX lookup I've run on our domain looks to be now resolving  to our mxrecords with rack space.   I am getting some deliveries and some perminant failures Technical details of permanent failure:
DNS Error: 46589762 DNS type 'mx' lookup of responded with code NOERROR
46589762 DNS type 'mx' lookup of  had no relevant answers.
46589762 DNS type 'aaaa' lookup of  responded with code NOERROR
46589762 DNS type 'aaaa' lookup of  had no relevant answers.
46589762 DNS type 'a' lookup of  responded with code NOERROR
46589762 DNS type 'a' lookup of  had no relevant answers.
which i was not receiving before the cleared this cname record.

It's been a little over 2 hours since they clear that record.

Vivi my domain now comes up as  is RFC 2181 (section 10.3) compliant since
there is no MX record pointing to a CNAME

Is this just a matter of propagation?
0
 
LVL 32

Expert Comment

by:aleghart
ID: 41790039
Caching will be a problem.  Not necessarily propagation.  Those DNS servers under their control will sync fairly quickly.  Usually 15 minutes.  At most a few hours.

What was the original TTL?  Consider that it will be cached by at least that long.  Sometimes longer.

AOL used to b notorious for caching for a week or two, even if you had a DNS record TTL set to 5 minutes.
0
 

Author Comment

by:techitch2
ID: 41790059
TTL 7200........it appears as though email are now flowing in however emails that were sent throughout the day are just trickling in.  When i send from my gmail now it is instantly hitting my inbox.
0
 

Author Comment

by:techitch2
ID: 41790287
Holy CRAP....guys!  Our email is back to working properly.  I am going to take your advice and use one of these third party services.  Stand by for points.  I will be completing this on Sunday.  I want to thank all of you for trying to enlighten me on this topic.
0
 
LVL 16

Expert Comment

by:vivigatt
ID: 41790301
The records are now propagated correctly to DNS servers, they do know how/where to send emails to!

I am very surprised, however, that this "Big Commerce" company does not have a proper way to set DNS records for their customers...
Amazon EC2 offers the following pages for instance:
http://docs.aws.amazon.com/gettingstarted/latest/swh/getting-started-configure-route53.html

Take care and good luck for the future.
1
 
LVL 32

Expert Comment

by:aleghart
ID: 41790505
techitch2,

We were just spectators.  You were doing the hard work:  getting the phone calls and angry emails, while completely helpless.

We've all been there.  Glad it's working out.
0
 

Author Closing Comment

by:techitch2
ID: 41795881
I ended up moving all the DNS records to Big Commerce, who I found out will house our records free of charge.  This helped resolve all of our issues.  I appreciate you all helping out.  I really am great full.
0

Featured Post

How to run any project with ease

Manage projects of all sizes how you want. Great for personal to-do lists, project milestones, team priorities and launch plans.
- Combine task lists, docs, spreadsheets, and chat in one
- View and edit from mobile/offline
- Cut down on emails

Join & Write a Comment

If you're not part of the solution, you're part of the problem.   Tips on how to secure IoT devices, even the dumbest ones, so they can't be used as part of a DDoS botnet.  Use PRTG Network Monitor as one of the building blocks, to detect unusual…
PRTG Network Monitor lets you monitor your bandwidth usage, so you know who is using up your bandwidth, and what they're using it for.
After creating this article (http://www.experts-exchange.com/articles/23699/Setup-Mikrotik-routers-with-OSPF.html), I decided to make a video (no audio) to show you how to configure the routers and run some trace routes and pings between the 7 sites…
This video gives you a great overview about bandwidth monitoring with SNMP and WMI with our network monitoring solution PRTG Network Monitor (https://www.paessler.com/prtg). If you're looking for how to monitor bandwidth using netflow or packet s…

705 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now