{ "version" : "https://jsonfeed.org/version/1", "content" : "news", "type" : "single", "title" : "A Domain by Any Other Name: CNAMES, Wildcard Records and Another Level of Indirection |Digital.gov", "description": "A Domain by Any Other Name: CNAMES, Wildcard Records and Another Level of Indirection", "home_page_url" : "/preview/gsa/digitalgov.gov/bc-archive-content-3/","feed_url" : "/preview/gsa/digitalgov.gov/bc-archive-content-3/2016/09/06/a-domain-by-any-other-name-cnames-wildcard-records-and-another-level-of-indirection/index.json","item" : [ {"title" :"A Domain by Any Other Name: CNAMES, Wildcard Records and Another Level of Indirection","summary" : "This is post 3 in the 5-part series The Right Tools for the Job: Re-Hosting DigitalGov Search to a Dynamic Infrastructure Environment. “All problems in computer science can be solved by another level of indirection, except of course for the problem of too many indirections.” – David Wheeler The simplest of our four requirements was","date" : "2016-09-06T13:00:05-04:00","date_modified" : "2025-01-27T19:42:55-05:00","authors" : {"nick-marden" : "Nick Marden"},"topics" : { "cloud-and-infrastructure" : "Cloud and infrastructure", "content-strategy" : "Content strategy", "product-and-project-management" : "Product and project management", "search" : "Search" },"branch" : "bc-archive-content-3", "filename" :"2016-09-06-a-domain-by-any-other-name-cnames-wildcard-records-and-another-level-of-indirection.md", "filepath" :"news/2016/09/2016-09-06-a-domain-by-any-other-name-cnames-wildcard-records-and-another-level-of-indirection.md", "filepathURL" :"https://github.com/GSA/digitalgov.gov/blob/bc-archive-content-3/content/news/2016/09/2016-09-06-a-domain-by-any-other-name-cnames-wildcard-records-and-another-level-of-indirection.md", "editpathURL" :"https://github.com/GSA/digitalgov.gov/edit/bc-archive-content-3/content/news/2016/09/2016-09-06-a-domain-by-any-other-name-cnames-wildcard-records-and-another-level-of-indirection.md","slug" : "a-domain-by-any-other-name-cnames-wildcard-records-and-another-level-of-indirection","url" : "/preview/gsa/digitalgov.gov/bc-archive-content-3/2016/09/06/a-domain-by-any-other-name-cnames-wildcard-records-and-another-level-of-indirection/","content" :"\u003cp\u003e\u003cem\u003eThis is post 3 in the 5-part series \u003ca href=\"/preview/gsa/digitalgov.gov/bc-archive-content-3/2016/08/18/the-right-tools-for-the-job-re-hosting-digitalgov-search-to-a-dynamic-infrastructure-environment/\"\u003eThe Right Tools for the Job: Re-Hosting DigitalGov Search to a Dynamic Infrastructure Environment\u003c/a\u003e\u003c/em\u003e.\u003c/p\u003e\n\u003cblockquote\u003e\n\u003cp\u003e“All problems in computer science can be solved by another level of indirection, except of course for the problem of too many indirections.” – \u003ca href=\"https://en.wikipedia.org/wiki/David_Wheeler_(British_computer_scientist)\"\u003eDavid Wheeler\u003c/a\u003e\u003c/p\u003e\n\u003c/blockquote\u003e\n\u003cp\u003eThe simplest of our four requirements was to allow customers to choose whether to use the \u003ctt\u003esearch.usa.gov\u003c/tt\u003e domain for their search results page, or create a “masked” domain name such as \u003ctt\u003esearch.someagency.gov\u003c/tt\u003e. While only about 1/4 of customer agencies use them, half of our search traffic comes through masked domains. \u003cdiv class=\"image\"\u003e\n \u003cimg\n src=\"https://s3.amazonaws.com/digitalgov/_legacy-img/2016/08/600-x-400-Search-bar-on-virtual-screen-Gajus-iStock-Thinkstock-178761722.jpg\"\n alt=\"Search bar on virtual screen.\"/\u003e\u003c/div\u003e\n\n\u003c/p\u003e\n\u003cp\u003eIn our previous infrastructure, the customer would create a \u003ca href=\"https://en.wikipedia.org/wiki/CNAME_record\"\u003eCNAME\u003c/a\u003e in their own DNS zone to point \u003ctt\u003esearch.someagency.gov\u003c/tt\u003e to the edge servers for \u003ctt\u003esearch.usa.gov\u003c/tt\u003e, and we had to register the customer’s domain mask with our DNS provider. All our customers used the same CNAME: \u003ctt\u003esearch.usa.gov.old-cdn-waf-provider.net\u003c/tt\u003e\u003c/p\u003e\n\u003cp\u003eWe knew that we wanted to avoid a “Big Bang” migration event in which all of our customers were suddenly pointed to the new AWS hosting infrastructure, so we asked our CNAME customers to point their agency-specific hostnames to customer-specific CNAMEs. This would allow us to shift traffic around on a customer-by-customer basis – both to the new infrastructure, but also back to the old infrastructure if the need arose:\u003c/p\u003e\n\u003cp\u003e\u003ctt\u003e$ORIGIN someagency.gov.\u003cbr /\u003e search IN CNAME someagency.sites.infr.search.usa.gov\u003c/tt\u003e\u003c/p\u003e\n\u003cp\u003eOnce a fair number of our customers had these CNAMEs in place, we were able to switch them over to our new AWS infrastructure one-at-a-time rather than switching everyone at once:\u003c/p\u003e\n\u003cp\u003e\u003ctt\u003e$ORIGIN sites.infr.search.usa.gov.\u003cbr /\u003e earlyadopteragency IN CNAME aws.search.usa.gov\u003cbr /\u003e anotherearlyadopteragency IN CNAME aws.search.usa.gov\u003cbr /\u003e notchangingnowagency IN CNAME old-infra.search.usa.gov\u003c/tt\u003e\u003c/p\u003e\n\u003cp\u003eThe snippet above is a bit of a simplification, however. We used \u003ca href=\"https://en.wikipedia.org/wiki/Wildcard_DNS_record\"\u003ewildcard DNS records\u003c/a\u003e at first to direct the majority of our customers to our previous hosting provider, and then later to our AWS-hosted site:\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eBefore:\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e\u003ctt\u003e$ORIGIN sites.infr.search.usa.gov.\u003cbr /\u003e earlyadopteragency IN CNAME aws.search.usa.gov\u003cbr /\u003e anotherdaringagency IN CNAME aws.search.usa.gov\u003cbr /\u003e ; All customers above will go to the new infrastructure\u003cbr /\u003e * IN CNAME old-infra.search.usa.gov\u003c/tt\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eLater:\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e\u003ctt\u003e$ORIGIN sites.infr.search.usa.gov.\u003cbr /\u003e * IN CNAME aws.search.usa.gov\u003cbr /\u003e ; All customers below will go to the old infrastructure\u003cbr /\u003e notchangingnowagency IN CNAME old-infra.search.usa.gov\u003c/tt\u003e\u003c/p\u003e\n\u003cp\u003e\u003cstrong\u003eFinally:\u003c/strong\u003e\u003c/p\u003e\n\u003cp\u003e\u003ctt\u003e$ORIGIN sites.infr.search.usa.gov.\u003cbr /\u003e ; Everyone goes to the new infrastructure\u003cbr /\u003e * IN CNAME aws.search.usa.gov\u003c/tt\u003e\u003c/p\u003e\n\u003cp\u003eAt any step in this process, we were always able to go back to our zone file and add a customer-specific CNAME to direct traffic as needed for that customer, but eventually the DNS migration came to an end and we were left with just the single wildcard record \u003ctt\u003e*.sites.infr.search.usa.gov\u003c/tt\u003e pointing to our AWS infrastructure.\u003c/p\u003e\n\u003ch3 id=\"series\"\u003e\n \u003cem\u003eRead more of this 5-part series:\u003c/em\u003e\n\u003c/h3\u003e\n\u003cul\u003e\n\u003cli\u003e\u003ca href=\"/preview/gsa/digitalgov.gov/bc-archive-content-3/2016/08/18/the-right-tools-for-the-job-re-hosting-digitalgov-search-to-a-dynamic-infrastructure-environment/\"\u003eThe Right Tools for the Job: Re-Hosting DigitalGov Search to a Dynamic Infrastructure Environment\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"/preview/gsa/digitalgov.gov/bc-archive-content-3/2016/09/02/quality-speed-and-lower-costs-yes-you-can-have-it-all/\"\u003eQuality, Speed, and Lower Costs: Yes, You Can Have It All\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"/preview/gsa/digitalgov.gov/bc-archive-content-3/2016/09/07/lets-encrypt-those-cnames-shall-we/\"\u003eLet’s Encrypt those CNAMES, Shall We?\u003c/a\u003e\u003c/li\u003e\n\u003cli\u003e\u003ca href=\"/preview/gsa/digitalgov.gov/bc-archive-content-3/2016/09/12/dnssec-vs-elastic-load-balancers-the-zone-apex-problem/\"\u003eDNSSEC vs. Elastic Load Balancers: the Zone Apex Problem\u003c/a\u003e\u003c/li\u003e\n\u003c/ul\u003e\n"} ] }