0

We run a service that provides on demand websites to our users as part of our offering. In order for our users to use their own domain with our website feature, we have them create an A record to our server's IP address on their domain registrar.

The problem is that ties the set up of all of our users' websites with our server IP, which could change unexpectedly at some point, for reasons we can't control (for example, the hosting company migrating our server to a different region, or changing their network set up), or because we would be moving to a different hosting provider (that happened once in the past and was very painful to manage the migration of all the websites configuration).

Is there a way to obtain an IP address that is used for DNS routing purposes only (i.e, just reroutes to a different IP that we can change if needed), and is not tied to any specific server/hosting company? Are there services that we can use for that purpose?

Eran Galperin
  • 629
  • 1
  • 5
  • 8
  • Use a `CNAME` record instead of an `A`. Won't work for apex though, only for `www`. And in a near future, let them create `HTTPS` DNS records to solve both problems together. – Patrick Mevzek May 27 '21 at 19:15
  • If you have enough business needs and justification, you should own your own IP blocks (as given by some LIR) and let whatever hosting provider handle them at point B. Otherwise, no matter what schema you achieve by going through an intermediate step, someone else will always own the IP addresses you need and hence you will always be dependent on its fate and rules and policies. – Patrick Mevzek May 27 '21 at 19:16
  • Or, ask your customers to let you handle their DNS needs so that they use your nameservers (or nameservers at third party but which you control) for resolution, and hence you can put there whatever IP is needed and change it whenever it is needed. – Patrick Mevzek May 27 '21 at 19:18
  • @PatrickMevzek We need an A record so we can serve the root domain, as well as generate SSL certificate via Letsencrypt. We don't need a whole IP block, just one fixed IP - it's fine if someone else owns it, but we want to decouple it from our server. Where would we acquire such an IP? – Eran Galperin May 27 '21 at 20:45
  • You can't get just one IP. It is blocks. It seems you just need to solve the problem contractually, not technically. Find a provider that guarantees you a stable IP or at least guarantees you a significant amount of time in advance to warn you if the IP is going to change. Otherwise, if you don't own the IP, no matter what you do technically, you will be in the danger of having it removed under your feet at any time. – Patrick Mevzek May 27 '21 at 21:56
  • We're just looking to decouple it from our server / hosting company. Hopefully someone will be able to chime in with suggestions on how to do that – Eran Galperin May 27 '21 at 23:55
  • " as well as generate SSL certificate via Letsencrypt." a CNAME is not a problem there, as `_acme-challenge` can be a CNAME into a zone you control. You just have the apex problem, and there aren't solution besides proprietary solution or `HTTPS` record in the future. In the mean time, you either own the IP concerned, or do DNS delegations from your customer to your nameservers, or you accept the risk of the need to change the IP address at any time. – Patrick Mevzek May 28 '21 at 00:32

1 Answers1

1

Provider independent space. Talk to your local internet registry.

However, IPv4 PI may not be available. IPv6 will be. Perhaps work on PI in parallel with requesting actual static addressing from your ISP.

As Patrick Mevzek mentioned in comments, you can have customers delegate DNS to you for the zone in question. However, this is a change from how things currently work with only records for the web server.

John Mahowald
  • 30,009
  • 1
  • 17
  • 32