6

I am trying to set up the urls https://www.mywebsite.net.au and https://mywebsite.net.au to work for my Azure App Service using with Cloudflare.

Where mywebsite represents my web site name.

Currently when I go to this url I get a 404 error.

In Azure, In Custom Domains, when I try to add a host name for www.jobtalk.net.au and click validate I get a Domain Ownership error "No CNAME records were found. Please add a CNAME record pointing to sbdwebapp.azurewebsites.net"

If I try adding a CNAME for www with the value sbdwebapp.azurewebsites.net

I get an error message:

n A, AAAA or CNAME record already exists with that host. (Code: 81053)

I am trying to follow https://docs.microsoft.com/en-us/azure/app-service-web/app-service-web-tutorial-custom-domain#cname

DNS showing in CloudFlare

Kirsten
  • 185
  • 4
  • 20
  • investigating https://serverfault.com/questions/718503/why-do-you-need-the-awverify-cname-record-for-azure – Kirsten Jun 25 '17 at 05:34
  • 1
    What exactly are you trying to achieve? A 5 second look at that documentation (may have been less) suggests you need a CNAME for the www subdomain pointing at Azure using the Azure domain name. – Tim Jun 25 '17 at 07:17
  • 1
    `awverify` is only needed for validation before moving `www`. The `TXT` doesn't make any sense: is it just a test of which RR allows this syntax, because `CNAME` is not allowed for `@` (for a good reason). – Esa Jokinen Jun 25 '17 at 08:35
  • @EsaJokinen The TXT record is required at configuration time. – Kirsten Jun 25 '17 at 22:23
  • @Tim I have updated the question to be more clear I hope. – Kirsten Jun 25 '17 at 22:25
  • @Tim the record that says "is an alias of myapp.azurewebsites.net" is what shows in CloudFlare DNS records when I type myapp.azurewebsites.net into their Domain Name box. – Kirsten Jun 25 '17 at 22:32
  • What is an "Azure web app?" Do you have a virtual machine that's running an application? Is it some kind of azure specific technology? It's difficult to know how to resolve a URL to a service if you don't understand the service. – Tim Jun 25 '17 at 22:40
  • @Tim I corrected the question to state Azure App Service. – Kirsten Jun 25 '17 at 22:49
  • 1
    The instructions seem fairly comprehensive. Maybe a screenshot of your DNS settings would help, along with a screenshot of the DNS part of your azure app. The main problem here is we're having to drag information out of you, try to add as much information as you can before the question is closed for being too broad. – Tim Jun 26 '17 at 03:01
  • Thanks @Tim, I updated the question to show a picture of the DNS. – Kirsten Jun 27 '17 at 21:49

3 Answers3

13

The problem is due to a conflict between CloudFlare's CNAME flattening and Azure's CNAME verification. The CNAME flattening essentially returns A records, which speeds up DNS resolution and is a good idea in general. However, Azure's CNAME verification only verifies CNAME records.

The best workaround I've found is to:

  1. Disable CloudFlare's HTTP proxying (click the orange cloud on that CNAME record so that it turns grey); this also disables CNAME flattening for that record.
  2. Check your host on dig until you see the CNAME records show up.
  3. Verify your CNAME host on the Azure portal.
  4. Re-enable CloudFlare's HTTP proxying (click the grey cloud on that CNAME record so it turns orange).

This allows you to verify on Azure and still take advantage of CloudFlare's CDN.

Stephen Cleary
  • 301
  • 2
  • 5
0

It can take a while before you can see changes made in DNS settings. From what I can see, the setup seems correct and all you have to do now is wait. I never used CloudFlare to manage DNS, but they're known by their strong caching in all of their platforms, and I have to assume a managed DNS works the same way. It also could be a problem with your ISP/Microsoft TTL, not CloudFlare.

One way to verify the configuration is to directly access the DNS server from your workstation using the nslookup command. That way you can match what is the source DNS server and what is the information from your ISP. 

c:\> nslookup
> set type=CNAME
> www.mywebsite.net.au

and compare the results with:

c:\> nslookup - 123.123.123.123  <- replace with cloudflare dns server
> set type=CNAME
> www.mywebsite.net.au

Usually, Microsoft validates DNS settings directly with the DNS Server where your domain is managed, so it doesn't take long, but I had some odd cases before.

Additionally, although I don't see it in documentation anymore, it was a requirement before to add an alias for the awverify entry, so try to add the following to your dns settings:

awverify CNAME awverify.myapp.azurewebsites.net

This was a requirement to validate the domain before using it. You can delete after verification.

Bruno Faria
  • 3,804
  • 1
  • 11
  • 18
  • by my ISP do you mean Azure? or my Domain Name Registrar? – Kirsten Jun 26 '17 at 05:19
  • nslookup reports the primary name server is at cloudflare – Kirsten Jun 26 '17 at 05:20
  • but what about the CNAME entry? can you see it? You just need to change the filter to CNAME in the console and query the FQDN of your site. – Bruno Faria Jun 26 '17 at 23:16
  • I set type=CNAME as you instructed the information that was returned did not include the word CNAME. mywebsite.net.au primary name server = myserver.ns.cloudflare.com responsible mail addr = dns.cloudflare.com other properties such as serial, refresh, retry, expire and default TTL were also listed. – Kirsten Jun 27 '17 at 03:56
  • could you provide the domain name that you are trying to setup in Azure for me to check? – Bruno Faria Jun 27 '17 at 08:32
  • https://www.jobtalk.net.au/ fails where as https://jobtalk.net.au works – Kirsten Jun 27 '17 at 20:14
  • Apparently, it's not properly configured. See this image http://imgur.com/rlLYId2. As there's no result when filtering by CNAME, it just returns the results for the naked domain. I queried my blog address to show you the difference. It seems that your configuration in cloudflare is correct as per screenshot, but are you sure it was applied? – Bruno Faria Jun 27 '17 at 23:32
  • How do I check it was applied? – Kirsten Jun 28 '17 at 02:04
  • I just checked for you. Querying CloudFlare DNS server directly is not showing the entries you added. Maybe there's an error or something else you need to do before committing new DNS entries in CloudFlare? – Bruno Faria Jun 28 '17 at 02:59
-1

In CloudFlare DNS I have

Type Name Value
CNAME www        is an alias of myapp.azurewebsites.net

Please modify www to your hostname in Cloudflare management page, like this:

CNAME     jasontest321       jasontest321.azurewebsites.net

It works for me:enter image description here

Jason Ye
  • 2,399
  • 1
  • 8
  • 10