What is with the reccommendation to use `www` domain on GitHub Pages? - github

If you look at the documentation for GitHub pages, it has a pretty strong reccommendation to use a www domain for your custom domain site hosted on GitHub Pages.
From here: https://help.github.com/en/articles/about-supported-custom-domains#www-subdomains
A www subdomain is the most commonly used type of subdomain, in which
the www stands for World Wide Web. For example, www.example.com is a
www subdomain because it contains the subdomain part www.
We strongly recommend that you use a www subdomain for these reasons:
It gives your GitHub Pages site the benefit of our Content Delivery Network.
It is more stable because it is not affected by changes to the IP addresses of GitHub's servers.
Pages will load significantly faster because Denial of Service attack protection can be implemented more efficiently.
Does this mean if I do not use a www domain I will not get the benefits of a CDN or DDOS Attack Protection?
What is the technical reason why there is a difference between a www and non-www domain here?

The difference lies in how you point the site to GitHub's servers in DNS.
The simplest use of DNS is to point a domain name, at whatever level, at an IP address, using an A record. The same address will be used by all users, and can be changed only by the owner of the "zone" where the A record was added - in this case you, configuring the zone of your custom domain.
A smarter way is to alias a particular domain name to a different zone - in this case one managed by GitHub - using a CNAME record. The owners of that zone can then change the IP address as needed, and can even give different answers to different users based on their location (which is where the CDN reference comes from).
The key restriction however is that you can't use a CNANE as the root of a zone. See this Server Fault question for the technical details.
If you own "example.com", you can point an A record for the root of that domain at one GitHub IP address (or a few, selected essentially at random by visitors), but will give GitHub more freedom to route the traffic if you point a CNAME for a sub-domain, like "www.example.com".
Some DNS providers offer tools to work around this limitation by adding a fake record for the root of the domain that looks like a CNAME, but may be labelled differently (e.g. ANAME, ALIAS). When asked for the root A record, the DNS provider looks up the actual A records for that domain and returns those. This is useful for records which change over time, but because the address is being looked up by your DNS provider not the actual visitor, it may still prevent GitHub serving the best address for that visitor.

DNS does not provide a reliable mechanism for forwarding on apex/root records (e.g. example.com) but does for subdomains (CNAME). In practice this means that while you can point an A record to a single IP address corresponding to a node on Github's infrastructure, they aren't able to route DNS lookups for your apex record to other IP addresses that are closer to the request (CDN) or use DNS to mitigate the effects of a (D)DoS attack.
Some DNS providers do offer synthetic records (ALIAS, ANAME) that mimic the behavior of a CNAME record with apex domains (e.g. dnsimple), but they're not widely available, introduce additional complexity and latency, and don't provide the same level of geographic routing opportunities to Github et al.

Related

SSL DSN hidden redirect from sub1.domain1.com to sub2.domain2.com

I need to do a setup, where users would be able to access URL sub1.domain1.com that would be mapped by DSN to sub2.domain2.com, so all further communication would appear to be with sub1.domain1.com, however in reality it would just be "redirected" to sub2.domain2.com. HTTPS is required too, so simple CNAME wouldn't do it.
So far I have found out about SAN certificate. With that certificate it seems like it would be possible to accomplish this. However it has one drawback for me - with every new domain that is added to this certificate, all other domain owners must confirm this. And this is not very suitable for my case, because I expect new domains to be added on regular basis.
All domains would point to one certain subdomain (for example: sub1.domain1.com -> sub2.domain2.com,sub3.domain3.com ->sub2.domain2.com, sub4.domain4.com->sub2.domain2.com ..), so the certificate doesn't have to allow redirection between all domains mutually, but it would be enough to allow redirection from all domains to one certain domain (sub2.domain2.com)
Are there more suitable alternatives to accomplish this?
If, when user types https://sub4.domain4.com in their browser's address bar, you don't want (when the page is displayed) address in the bar to change to https://sub2.domain2.com then technically there is no HTTP redirection involved. You just have one website/webapp which is reachable via multiple hostnames (which is nothing unusual).
You need
CNAMEs to be in place
If you can't get (or it is complicated to maintain - which is expected, especially if you do not own the domains) one SSL/TLS cert with all hostnames, then you can always configure your webserver with multiple virtual hosts, each with their own certificate, and keep adding virtual hosts as needed. All virtual hosts can be configured to serve the same content (or just reverse proxy requests to the same one webapp running behind the proxy). Technical implementation depends on the platform used, but is typically not complicated.

Can I use Cloudflare to 301 redirect domains without A records?

I am using CloudFlare to manage my websites DNS. I want to use Page Rules to setup redirects for a number of URLs to go to another website URL.
Currently my hosting account, I have set them all up as addon domains and then setup redirects in CPanel.
I am moving across my sites to my own cloud server without a CPanel - I am using VestaCP. I don't want to clutter up the website records by adding each and every site I want to redirect to the host (there is a dozen of them) - I want Cloudflare to manage it all.
Is it possible to do this? Like use Cloudflare page rules and remove the A record pointing to the host server IP?
In order for you to use Page Rule to redirect to another site, there are 2 conditions:
Valid A record or CNAME record
That record is orange-clouded
The A record can point to any public IP address, for example 8.8.8.8, it doesn't matter because the visitor will be redirected away anyway. However it can't be IP address that belongs to Cloudflare (e.g. 1.1.1.1).
Similarly to CNAME record, can be pointed to any domain/subdomain (e.g google.com).
Cloudflare has a KB article that explains how you can configure the Page Rule to do the 301 redirection.

Do I need to pay to change github pages domain?

I know that to make repository private, I need to change my plan to paid, but what if I want to change the default username.github.com to a custom domain?
No, it doesn't look like you would have to upgrade your GitHub account to use a domain name. From the docs at https://help.github.com/articles/quick-start-setting-up-a-custom-domain/ (the description doesn't mention anything about being a paid customer):
Pick a custom domain and register it with a DNS provider (if you
haven't already done so). A DNS provider is a company that allows
users to buy and register a unique domain name and connect that name
to an IP (Internet Protocol) address by pointing your domain name to
an IP address or a different domain name. A DNS provider may also be
called a domain registrar or DNS host.
Set up your custom domain with your DNS provider. Our guides outline
how to set up your pages custom domain with your DNS provider
depending on the type of custom domain you have.
However, these are the only domain types that are supported by GitHub (https://help.github.com/articles/about-supported-custom-domains/):
www subdomain (www.example.com)
one apex domain & one www subdomain (example.com & www.example.com)
apex domain (example.com)
custom subdomain (blog.example.com)
If you want your GitHub pages site to redirect to your domain (or someone else's) it doesn't look like there's anything stopping you from putting just a simple javascript redirect in your GitHub page to redirect to that page.

How should I configure my DNS records to direct all traffic from one domain to another?

I have a doman, mydomain.com as well as mydomain.biz and would like the the latter to be a synonym for the former: whenever a user enters www.mydomain.biz they are taken to www.mydomain.com.
I have everything working for mydomain.com and thought, from my limited understanding that a CNAME record would accomplish what I'm trying to do, so I have
NS mydomain.biz. = (nameservers that work fine)
SOA mydomain.biz. = (values that work fine)
CNAME *.mydomain.biz. = mydomain.com.
and when I host mydomain.biz I get
www.mydomain.biz is an alias for mydomain.com.
followed by other information that exactly matches what I get with host mydomain.com. Yet, any attempt to navigate to www.mydomain.biz fails.
I'm also perplexed by what I see when I look at propagation of my NS records. Checking for mydomain.biz gives the nameservers specified above, but checking for for www.mydomain.biz gives the values specified (elsewhere) for mydomain.com
Am I not going about this the right way? How should I configure my DNS records to direct all traffic from one domain to another.
DNS cannot redirect a request. Lets take an example on what CNAME does to clarify:
CNAME: domainA ==> domainB
What that would do is send requests for domainA to the same IP as domainB. However the URL will remain domainA (so it's not a redirect, a redirect would actually change the URL).
If you are okay with having the site load under two different domains, then a CNAME record will do the job. However you need to make sure that your server is configured to handle requests from both domainA and domainB. The way you do that is very different depending on your server environment. For example if you are using apache, your virtualhosts determine what domains are handled (you could set it up so any domain is accepted). If you are on shared hosting however, you will likely be restricted to the domain you signed up with. Adding more depends on your web host so you'd have to take it up with them.
If on the other hand you want the visitor to be redirected to domainB, you'd have to point domainA to a server that would return an HTTP redirect. It could be the same server, you just need to configure it to return the HTTP redirect if the request is for domainA.

domain redirect to another domain with dns

My domain with hosting plan: testing.com
Other domains, but without hosting plan: test.com and test2.com
All of them buyed on same company, so NS records same.
Maybe DNS type A would help in this situation ?
In short, if someone try to use test.com or test2.com all users would be redirected to testing.com
I assume you talking about web-hosting. If your hosting plan is name-based virtualhosting (and that is what you probably have), The answer is: DNS is not enough.
You have two options:
Add multiple domain names to your hosting (most hostings will allow this either for free up to N domains, or for some additional fee or as part of more expensive plan).
Use URL forwarding (aka URL redirection) service, like this one (there are plenty other providers as well).
With both methods, you need appropriate DNS records in your domains, it can probably be handled by either - hosting for option 1, or URL forwarding provider for option 2. Basically you will need A records pointing either to your hosting, or URL forwarding webserver.