-1

I would like to point a subdomain to be displayed in another external domain using CNAME flattening.

e.g. book.webbangkok.com to be displayed at property.thailandbusinessconsultant.com

In webbangkok.com DNS, I have created the CNAME blog to the value of property.thailandbusinessconsultant.com. What do I need to do within the DNS for property.thailandbusinessconsultant.com to display it?

Patrick Mevzek
  • 9,921
  • 7
  • 32
  • 43
SavPhill
  • 101
  • If you have a static website with only relative links, then no further action is needed. – Pothi Kalimuthu Jul 11 '19 at 06:10
  • But what validation would I need to perform at newdomain.com, in order to display. – SavPhill Jul 11 '19 at 06:59
  • 2
    You don't have to do anything else with the DNS. Are you actually having a problem? – Michael Hampton Jul 11 '19 at 07:04
  • Yes. In testdomain.com DNS, CNAME is mapped as blog to the value of newdomain.com. Now when i visit newdomain.com, the blog.testdomain.com site does not display. – SavPhill Jul 11 '19 at 07:14
  • 1
    What do you see in the new domain? It is much easier to troubleshoot, if you share the actual domain name/s. – Pothi Kalimuthu Jul 11 '19 at 08:05
  • book.webbangkok.com is the subdomain being mapped by CNAME to property.thailandbusinessconsultant.com. I am using cloudflare for both, and this is where i have added the CNAME. – SavPhill Jul 11 '19 at 08:33
  • Put exactly in your question what command do you attempt, what result/error you get and what you expected instead. Because "Now when i visit newdomain.com, the blog.testdomain.com site does not display." (I fixed your bad obfuscation in your question) lacks any complete actionable detail. As Michael Hampton said you have nothing to configure on the DNS for the target domain, but you need to configure your website correctly so that it handles requests coming from the aliased name. – Patrick Mevzek Jul 12 '19 at 04:13

1 Answers1

0

book.webbangkok.com is the subdomain being mapped by CNAME to property.thailandbusinessconsultant.com.

The DNS does not agree with you right now:

$ dig book.webbangkok.com

[..]

;; ANSWER SECTION:
book.webbangkok.com.    3600    IN  A   104.24.120.92
book.webbangkok.com.    3600    IN  A   104.24.121.92

There is no CNAME record in place.

That will be the first thing to fix, since property.thailandbusinessconsultant.com resolves to two other completely different IP addresses.

After that you have to configure the website currently at IP addresses 104.28.11.67 and 104.28.10.67 (property.thailandbusinessconsultant.com resolves to those) to accept connections for the name book.webbangkok.com.

So by emulating a connection on your website as is the CNAME was in place, that is by forcing resolution to be at the second set of IP addresses:

curl --verbose --resolve book.webbangkok.com:80:104.28.11.67 http://book.webbangkok.com/
* Expire in 0 ms for 6 (transfer 0x55c303be45c0)
* Added book.webbangkok.com:80:104.28.11.67 to DNS cache
* Hostname book.webbangkok.com was found in DNS cache
*   Trying 104.28.11.67...
* TCP_NODELAY set
* Expire in 200 ms for 4 (transfer 0x55c303be45c0)
* Connected to book.webbangkok.com (104.28.11.67) port 80 (#0)
> GET / HTTP/1.1
> Host: book.webbangkok.com
> User-Agent: curl/7.64.0
> Accept: */*
> 
< HTTP/1.1 301 Moved Permanently
< Date: Fri, 12 Jul 2019 04:20:54 GMT
< Transfer-Encoding: chunked
< Connection: keep-alive
< Cache-Control: max-age=3600
< Expires: Fri, 12 Jul 2019 05:20:54 GMT
< Location: https://book.webbangkok.com/
< Server: cloudflare
< CF-RAY: 4f503a33ad2323ac-IAD
< 
* Connection #0 to host book.webbangkok.com left intact

Ok redirect to HTTPS, this is fine and good, but then the result is not:

$ curl --verbose --resolve book.webbangkok.com:443:104.28.11.67 https://book.webbangkok.com/
* Expire in 0 ms for 6 (transfer 0x5572f5fcb5c0)
* Added book.webbangkok.com:443:104.28.11.67 to DNS cache
* Hostname book.webbangkok.com was found in DNS cache
*   Trying 104.28.11.67...
* TCP_NODELAY set
* Expire in 200 ms for 4 (transfer 0x5572f5fcb5c0)
* Connected to book.webbangkok.com (104.28.11.67) port 443 (#0)
* ALPN, offering h2
* ALPN, offering http/1.1
* successfully set certificate verify locations:
*   CAfile: none
  CApath: /etc/ssl/certs
* TLSv1.3 (OUT), TLS handshake, Client hello (1):
* TLSv1.3 (IN), TLS handshake, Server hello (2):
* TLSv1.3 (IN), TLS handshake, Encrypted Extensions (8):
* TLSv1.3 (IN), TLS handshake, Certificate (11):
* TLSv1.3 (IN), TLS handshake, CERT verify (15):
* TLSv1.3 (IN), TLS handshake, Finished (20):
* TLSv1.3 (OUT), TLS change cipher, Change cipher spec (1):
* TLSv1.3 (OUT), TLS handshake, Finished (20):
* SSL connection using TLSv1.3 / TLS_AES_256_GCM_SHA384
* ALPN, server accepted to use h2
* Server certificate:
*  subject: C=US; ST=CA; L=San Francisco; O=CloudFlare, Inc.; CN=sni.cloudflaressl.com
*  start date: Mar 24 00:00:00 2019 GMT
*  expire date: Mar 24 12:00:00 2020 GMT
*  subjectAltName: host "book.webbangkok.com" matched cert's "*.webbangkok.com"
*  issuer: C=US; ST=CA; L=San Francisco; O=CloudFlare, Inc.; CN=CloudFlare Inc ECC CA-2
*  SSL certificate verify ok.

This is good, no certificate problem. But the HTML page returned has:

<div class="cf-column">
                    <h2>What happened?</h2>
                    <p>Cloudflare is unable to establish an SSL connection to the origin server.</p>
                </div>

                <div class="cf-column">
                    <h2>What can I do?</h2>
                          <h5>If you're a visitor of this website:</h5>
      <p>Please try again in a few minutes.</p>

      <h5>If you're the owner of this website:</h5>
      <p><span>It appears that the SSL configuration used is not compatible with Cloudflare. This could happen for a several reasons, including no shared cipher suites.</span> <a href="https://support.cloudflare.com/hc/en-us/articles/200278659">Additional troubleshooting information here.</a></p>
                </div>

You have the link to CloudFlare documentation to fix the problem.

Patrick Mevzek
  • 9,921
  • 7
  • 32
  • 43
  • Thank you Patrick for your detailed answer. I will go through the information provided to fix. – SavPhill Jul 13 '19 at 03:31
  • I followed the link attached, which explained that I needed to update the Cloudflare certificate from Full (strict) to Full. "After that you have to configure the website currently at IP addresses"- This is my final action needed, and relates to my original question, as I do not understand what action is needed at this domain. @patrick-mevzek – SavPhill Jul 13 '19 at 03:41