How To Set Up and Test DNS Subdomains with DigitalOcean's DNS Panel
DigitalOcean's DNS panel allows you to easily setup multiple subdomains (e.g. foo.bar.myserver.com).
Three important guidelines:
When entering a subdomain part (e.g just foo of the foo.myserver.com), DO NOT enter a dot at the end.
When entering a fully-qualified domain name (e.g. foo.myserver.com), DO add a dot at the end.
DNS information takes time to propagate (from minutes to hours at times) - wait several minutes before testing changes. If your changes have not propagated, try again later.
This tutorial assumes you've followed the Basic DNS Setup Tutorial and have the following:
- A registered domain name (e.g. myserver.com) using a domain registrar.
- An active droplet, with a public IP address (e.g 188.8.131.52).
- A configured domain name in the Digital Ocean DNS control panel
- A configured Wild-Card CNAME record in the Digital Ocean DNS control panel (optional).
To test the above setup you should be able to ping your server:
$ ping myserver.com PING myserver.com (184.108.40.206) 56(84) bytes of data. 64 bytes from myserver.com (220.127.116.11): icmp_seq=1 ttl=64 time=0.168 ms ...
If you've configured a Wild-Card CNAME record, using any subdomain of myserver.com should also work:
$ ping FOO.myserver.com PING myserver.com (18.104.22.168) 56(84) bytes of data. 64 bytes from myserver.com (22.214.171.124): icmp_seq=1 ttl=64 time=0.168 ms ...
You have multiple droplets, each with a different IP:
- WebDropLet on 126.96.36.199
- ApiDropLet on 188.8.131.52
Each droplet serves a different purpose:
- WebDroplet is a small droplet of 512MB/1CPU, serving simple, static webpages.
- ApiDroplet is a medium droplet of 4GB/2CPUs, serving API requests (or doing other intensive operations).
The following domain naming is desired:
- myserver.com points to WebDroplet (184.108.40.206)
- www.myserver.com points to WebDroplet (220.127.116.11)
- *.myserver.com points to WebDroplet (18.104.22.168) (i.e. any other subdomain, including user typos)
Except "api.myserver.com" points to ApiDroplet (22.214.171.124) & "*.api.myserver.com points to ApiDroplet (126.96.36.199)" (i.e. any sub-sub domain under api.myserver.com).
In the DigitalOcean Control Panel, Click Networking. If you click on the PTR records section, the following information will be shown (your IP addresses, Domain name and Droplets will be different):
If you click back to the Domains, you should see an entry for your domain name again:
Click on the domain name to view the domain records:
Add new A record
Select the A record type, enter "api" (or your desired sub-domain name) in the HOSTNAME field and the IP address of your droplet (188.8.131.52 in the example below) in the WILL DIRECT TO field:
NOTE: There is no dot after the name api
Click the Create Record button to add the new DNS record. Your records will look like so:
Add new CNAME record
Next, select the CNAME record type, enter ".api" (or your desired sub-domain name) in the *HOSTNAME** field and the fully-qualified name of your droplet (api.myserver.com. in the example below) in the IS AN ALIAS OF field:
NOTE: The is no dot after the ".api`" -- there *is a dot after the fully-qualified domain name (api.myserver.com.)
Click the Create Record button to add the new DNS record.
After adding the A and CNAME record, your DNS settings should look like so (with different names and IPs):
Testing the new configuration
NOTE: Even after your changes appear in the control panel, it might take several more hours until the changes are propagated to other domain servers around the internet. Be patient!
Test directly with DigitalOcean's nameservers
Use the linux host command to query DigitalOcean's name-servers directly.
The reason to test their servers directly is that your new records might not have been propagated yet to other name-servers.
The second parameter to "host" is
ns1.digitalocean.com - tells "host" to query a specific name-server instead of the default server (the default server could be your ISP's name-server).
The original domain name (without the new subdomain) should work:
$ host myserver.com ns1.digitalocean.com Using domain server: Name: ns1.digitalocean.com Address: 184.108.40.206#53 Aliases: myserver.com has address 220.127.116.11
Subdomains should work as well (due to the wildcard
$ host foo.myserver.com ns1.digitalocean.com Using domain server: Name: ns1.digitalocean.com Address: 18.104.22.168#53 Aliases: foo.myserver.com is an alias for myserver.com.
api subdomain should point to the new IP address:
$ host api.myserver.com ns1.digitalocean.com Using domain server: Name: ns1.digitalocean.com Address: 22.214.171.124#53 Aliases: myserver.com has address 126.96.36.199
NOTE: If you still get 188.8.131.52 for the new api subdomain, continue waiting and then test again. If it still doesn't show the new IP, check your configuration.
The new sub-sub-domains (e.g. foo.api.myserver.com) should show the new alias:
$ host foo.api.myserver.com ns1.digitalocean.com Using domain server: Name: ns1.digitalocean.com Address: 184.108.40.206#53 Aliases: foo.api.myserver.com is an alias for api.myserver.com.
Test your ISP's name-servers
After verifying your DNS records on DigitalOcean's servers, test the propagation to other name-servers on the internet.
Running "host" with just one parameter (the queried host name) uses your default name-servers:
$ host myserver.com myserver.com has address 220.127.116.11 $ host foo.myserver.com foo.myserver.com is an alias for myserver.com. myserver.com has address 18.104.22.168
Test the new "api" sub-domain:
$ host api.myserver.com myserver.com has address 22.214.171.124 $ host foo.api.myserver.com foo.api.myserver.com is an alias for api.myserver.com. api.myserver.com has address 126.96.36.199
NOTE 1: If you get the correct (new) IP when querying DigitalOcean's name-servers, but not when using your default name-server - it means the new records have not yet propagated to the rest of the name-servers (which sometimes employ caching to reduce network traffic). This depends on a variety of factors and you may have to wait some time before it is available on your default name server.
NOTE 2: Your ISP might use multiple name-servers for load-balancing, and some of them might get updated sooner than others. This could lead to a frustrating situation where the same query return different results, e.g.:
# Updated name-servers return updated result $ host api.myserver.com api.myserver.com has address 188.8.131.52 # running host again, might use different name-servers, # which return old,stale result $ host api.myserver.com api.myserver.com has address 184.108.40.206 $ host api.myserver.com api.myserver.com has address 220.127.116.11 $ host api.myserver.com api.myserver.com has address 18.104.22.168
If this happens, wait a few minutes for all the name-servers to get up to date.
Reach out to the new server
NOTE: "ping", "ssh", and web-access will only work after your default name-servers have been updated. Always test using "host" before testing with "ping" (see above section).
Pinging the new sub-domain should reach the new droplet:
$ ping api.myserver.com PING api.myserver.com (22.214.171.124) 56(84) bytes of data. 64 bytes from 126.96.36.199: icmp_seq=1 ttl=48 time=157 ms ...
Connect to the new server (if SSH is enabled):
$ ssh email@example.com The authenticity of host 'api.myserver.com (188.8.131.52)' can't be established. key fingerprint is fb:32:7c:81:7e:6a:33:17:ac:4c:2d:a5:3c:75:07:95. Are you sure you want to continue connecting (yes/no)? yes Warning: Permanently added 'api.myserver.com' to the list of known hosts. Are you sure you want to continue connecting (yes/no)? yes firstname.lastname@example.org's password:
Test the webserver on the new droplet (if a Webserver is enabled):
$ wget api.myserver.com --2013-11-06 20:42:42-- http://api.myserver.com/ Resolving api.myserver.com (api.myserver.com)... 184.108.40.206 Connecting to api.myserver.com (api.myserver.com)|220.127.116.11|:80... connected. HTTP request sent, awaiting response... 200 OK Length: 13 [text/html] Saving to: 'index.html' 100%[======================================================>] 13 --.-K/s in 0s 2013-11-06 20:42:43 (702 KB/s) - 'index.html' saved [13/13]
After the name-server is configured, you'll need to configure your web-servers to respond to the new host names. The wildcard CNAME record allows multiple hostnames (e.g. api.myserver.com, foo.api.myserver.com, www.api.myserver.com) to reach the same server (all resolve to IP address 18.104.22.168).
In web-server parlance, handling multiple server names is called Virtual Hosts.
See the following tutorials on configuring VirtualHosts:
- To learn more about the "dot" issue, see here: http://www.dns-sd.org/TrailingDotsInDomainNames.html
- Thanks to user "Pablo of vDevices" for pointing me in the right direction.
- This tutorial was written by Assaf Gordon ( email@example.com )