dns don't real

shelby spees's photo
shelby spees
·Sep 20, 2020·

8 min read

Last month I renewed my shelbyspees.com domain on Namecheap, and I opted for the PremiumDNS feature as well. I wasn’t really sure what it was, but it sounded useful. That was the beginning of my downfall.

How it started

It was the Sunday before Labor Day.

I somehow broke SSL on my hugo site

kill me now

— shelby spees is masking indoors 😷 (@shelbyspees) September 6, 2020

I’m pretty sure this is how it played out: I was working on the Notes section↗️ of the old version of my site, and I was getting tired of typing out my full name every time I wanted to check things in prod. Seeing other people’s cute .dev domains made me jealous (I especially like Nikema’s↗️), so I went to Namecheap to check how much it would be to get one for myself.

While I was there, I clicked around my dashboard and noticed that the PremiumDNS service I paid for is switched off:

screengrab of Namecheap domain management setting with PremiumDNS switched off

So obviously I switched it on. Who wouldn’t? I already paid for premium features, I should use them.

This, by my understanding, re-enabled the Advanced DNS records I had set up previously to point to the GitHub Pages version of my site, which no longer exists. Which means that the SSL cert doesn’t exist either. Hence, errors.

I do think that when I originally switched from GitHub Pages to Netlify in June? July? I did actually set up the nameservers correctly in Namecheap:

Namecheap nameserver configuration using Custom DNS and pointing to four nameserver addresses

I remember being impressed by how easy it was. But in re-activating my Advanced DNS records, I messed everything up.

so I flipped on PremiumDNS and it brought up some old DNS records I used to have for https://t.co/fhdvEonFP7, but I didn't realize they were old until just now

I was just like "github pages, okay that looks normal"

— shelby spees is masking indoors 😷 (@shelbyspees) September 6, 2020

Turning on PremiumDNS so casually meant that I didn’t have the context spooled up to properly debug the problem. (Btw: this is one of the arguments for configuration as code and I’m solidly behind it.)

Wow, now that I’m writing this blog post I’m realizing that Koenraad gave me basically the entire answer like, weeks ago when I first broke things:

Then on Netlify, under Site Settings > Domain Management I've added my custom domain.

Once this is set, Netlify will ✨ automagically ✨ request and configure a Let's Encrypt certificate and HTTPS will work. pic.twitter.com/njgVHZSF2A

— Koenraad (@kvrhdn) September 7, 2020

My understanding at the time was that Koenraad’s approach would support neither Namecheap PremiumDNS nor the subdomains I’d just set up for my notes and speaking site.

But since Netlify would handle your DNS in this case, you won't be able to use Namecheap's PremiumDNS. So maybe this isn't what you are looking for...

— Koenraad (@kvrhdn) September 7, 2020

Since I’d just set up those subdomains in Namecheap, I was not ready to sacrifice them. Plus I wanted to get my $4.88 worth of PremiumDNS for the year!

Have I mentioned that this is the most I’d ever thought about DNS up until that point? At least I got to enjoy how bad things would look to someone visiting my site:

idk if I have to do something else to get it to stop trying to use the github cert or if I just need to wait... pic.twitter.com/TqfVB0y73X

— shelby spees is masking indoors 😷 (@shelbyspees) September 6, 2020

I doubt I could get away with arguing that it was intentional, lol.

only if this privacy error doesn't meet requirements

maybe I want people to be weirded out when arriving at my website, ever think about that? pic.twitter.com/i0l0B2Kexf

— shelby spees is masking indoors 😷 (@shelbyspees) September 6, 2020

Yeah, not a good look.

Testing in prod

DNS is one of those things that you can really only test in prod. Most teams get it right early on and then never make changes (sometimes copying existing configs), so if you’re joining a team with an established domain setup then there aren’t many opportunities to play with it. That’s the excuse I’m making for myself, anyway.

Oh, stop! That's okay as long as you're willing to learn 😉 And we're always here to help 🤗

Namecheap.com (@Namecheap) September 17, 2020

I fixed it eventually, that must count for something, right? I only made about 50 random changes along the way 😓 (no, I’m not proud of that).

okay so I've since made a bunch of random config changes and broke things but before that it was still not loading for me and it had been loading for other people

— shelby spees is masking indoors 😷 (@shelbyspees) September 17, 2020

The night before that tweet, I had gotten my site to load on mobile, and a couple other people were able to confirm that it loads. I think it was indeed a caching issue at some point. But more than anything, I broke the config.

By the way, Namecheap support was amazing through all of this. They proactively reached out to me multiple times on Twitter.

Hello! It appears that DNS records for your domain are configured incorrectly, so the site doesn't work at the moment. Please get in touch with our support team at https://t.co/IysSB8AUAf and we'll help you to sort everything out.

Namecheap.com (@Namecheap) September 17, 2020

The support person I messaged the next day had to put up with me being randomly unresponsive because I was trying to talk to them and make changes while also attending meetings on Zoom. They still managed to teach me things! A few different people were managing the Twitter account and all of them were great, but I want to especially appreciate this person:

'nameservers are special' is my favourite one so far 😃😃

Namecheap.com (@Namecheap) September 17, 2020

That made my day.

Learning curve

I’m slow to make sense of things until I understand how all the parts interact as a system.

that means this is probably wrong.

I could have sworn I always used CNAMES before without an issue. I have no idea what I broke.https://t.co/HrnytGMrbX

— shelby spees is masking indoors 😷 (@shelbyspees) September 6, 2020

The Namecheap support person I chatted with on Thursday helped me confirm my understanding of where things needed to happen:

me: namecheap points to netlify's nameservers and then I configure stuff in netlify to handle my subdomain redirects?

support: Yes, that's right, you link the domain to the servers of your provider from our side and then manage all the records on your service provider's side.

— shelby spees is masking indoors 😷 (@shelbyspees) September 17, 2020

I think before I was basically like, “Well why would I need to do any configuration in Netlify? That’s what Namecheap is for.”

But behind the scenes, these are just web services. There’s some database or something that keeps track of what domains map to what. There’s nothing special about Namecheap that means they get to handle domain stuff and Netlify can’t (or if there is, it’s not related to any of what I was trying to do).

With the support person’s encouragement, I finally went into Netlify to try to set up the CNAME records for my notes. and speaking. subdomains there. Results were near-instantaneous.

oh btw this turned out to be super easy, I just literally hadn't thought to set up my subdomain redirects in netlify https://t.co/cgNU6BmVLe

— shelby spees is masking indoors 😷 (@shelbyspees) September 18, 2020

I’ve converted the rest of that thread into a blockquote here (with minor edits):

So if I’m understanding correctly, domain registration is a separate thing from DNS resolution. Namecheap handles the former and Netlify handles the latter.

This whole time I thought the resolution happened on the Namecheap side. I looked at Netlify’s DNS settings page and thought, oh I don’t need this lol. I’m trying to map this to the things I’ve touched in Route53, but there I’m usually just copying the settings from existing stuff. I remember poring over docs about DNS record types like, years ago, and none of it stuck.

And that’s kind of the thing, these lessons don’t click for me until I’m really focused and invested. Meanwhile, I have to work extra hard to make sure my knowledge gaps don’t trigger my imposter syndrome.

but I'm telling the "you should know this already" voice to shut up because everyone has gaps in their knowledge and experience and mental models of how the internet works

— shelby spees is masking indoors 😷 (@shelbyspees) September 18, 2020

opening up those black boxes only to find a bunch of smaller black boxes inside

the internet is a matryoshka

— shelby spees is masking indoors 😷 (@shelbyspees) September 18, 2020

a matryoshkabyss, you could say

— shelby spees is masking indoors 😷 (@shelbyspees) September 18, 2020

(Yes, I’m forever taking credit for that.)

That’s all, folks!

So that’s the story of my recent lessons in some super elementary “wtf do these services even do?” DNS.

Remember: nameservers are special. And it’s always DNS.

Share this