DNS don’t real
Last month I renewed my
shelbyspees.com domain on Namecheap, and I opted for the PremiumDNS feature as well. I wasn’t really sure what it was, but it sounded useful. That was the beginning of my downfall.
How it started
It was the Sunday before Labor Day.
I somehow broke SSL on my hugo site— shelby reliability engineer (@shelbyspees) September 6, 2020
kill me now
I’m pretty sure this is how it played out: I was working on the
Notes section↗️ of the old version of my site, and I was getting tired of typing out my full name every time I wanted to check things in prod. Seeing other people’s cute
.dev domains made me jealous (I especially like Nikema’s↗️), so I went to Namecheap to check how much it would be to get one for myself.
While I was there, I clicked around my dashboard and noticed that the PremiumDNS service I paid for is switched off:
So obviously I switched it on. Who wouldn’t? I already paid for premium features, I should use them.
This, by my understanding, re-enabled the Advanced DNS records I had set up previously to point to the GitHub Pages version of my site, which no longer exists. Which means that the SSL cert doesn’t exist either. Hence, errors.
I do think that when I originally switched from GitHub Pages to Netlify in June? July? I did actually set up the nameservers correctly in Namecheap:
I remember being impressed by how easy it was. But in re-activating my Advanced DNS records, I messed everything up.
so I flipped on PremiumDNS and it brought up some old DNS records I used to have for https://t.co/fhdvEonFP7, but I didn't realize they were old until just now— shelby reliability engineer (@shelbyspees) September 6, 2020
I was just like "github pages, okay that looks normal"
Turning on PremiumDNS so casually meant that I didn’t have the context spooled up to properly debug the problem. (Btw: this is one of the arguments for configuration as code and I’m solidly behind it.)
Wow, now that I’m writing this blog post I’m realizing that Koenraad gave me basically the entire answer like, weeks ago when I first broke things:
Then on Netlify, under Site Settings > Domain Management I've added my custom domain.— Koenraad (@kvrhdn) September 7, 2020
Once this is set, Netlify will ✨ automagically ✨ request and configure a Let's Encrypt certificate and HTTPS will work. pic.twitter.com/njgVHZSF2A
My understanding at the time was that Koenraad’s approach would support neither Namecheap PremiumDNS nor the subdomains I’d just set up for my notes and speaking site.
But since Netlify would handle your DNS in this case, you won't be able to use Namecheap's PremiumDNS. So maybe this isn't what you are looking for...— Koenraad (@kvrhdn) September 7, 2020
Since I’d just set up those subdomains in Namecheap, I was not ready to sacrifice them. Plus I wanted to get my $4.88 worth of PremiumDNS for the year!
Have I mentioned that this is the most I’d ever thought about DNS up until that point? At least I got to enjoy how bad things would look to someone visiting my site:
idk if I have to do something else to get it to stop trying to use the github cert or if I just need to wait... pic.twitter.com/TqfVB0y73X— shelby reliability engineer (@shelbyspees) September 6, 2020
I doubt I could get away with arguing that it was intentional, lol.
only if this privacy error doesn't meet requirements— shelby reliability engineer (@shelbyspees) September 6, 2020
maybe I want people to be weirded out when arriving at my website, ever think about that? pic.twitter.com/i0l0B2Kexf
Yeah, not a good look.
Testing in prod
DNS is one of those things that you can really only test in prod. Most teams get it right early on and then never make changes (sometimes copying existing configs), so if you’re joining a team with an established domain setup then there aren’t many opportunities to play with it. That’s the excuse I’m making for myself, anyway.
Oh, stop! That's okay as long as you're willing to learn 😉 And we're always here to help 🤗— Namecheap.com (@Namecheap) September 17, 2020
I fixed it eventually, that must count for something, right? I only made about 50 random changes along the way 😓 (no, I’m not proud of that).
okay so I've since made a bunch of random config changes and broke things but before that it was still not loading for me and it had been loading for other people— shelby reliability engineer (@shelbyspees) September 17, 2020
The night before that tweet, I had gotten my site to load on mobile, and a couple other people were able to confirm that it loads. I think it was indeed a caching issue at some point. But more than anything, I broke the config.
By the way, Namecheap support was amazing through all of this. They proactively reached out to me multiple times on Twitter.
Hello! It appears that DNS records for your domain are configured incorrectly, so the site doesn't work at the moment. Please get in touch with our support team at https://t.co/IysSB8AUAf and we'll help you to sort everything out.— Namecheap.com (@Namecheap) September 17, 2020
The support person I messaged the next day had to put up with me being randomly unresponsive because I was trying to talk to them and make changes while also attending meetings on Zoom. They still managed to teach me things! A few different people were managing the Twitter account and all of them were great, but I want to especially appreciate this person:
'nameservers are special' is my favourite one so far 😃😃— Namecheap.com (@Namecheap) September 17, 2020
That made my day.
I’m slow to make sense of things until I understand how all the parts interact as a system.
that means this is probably wrong.— shelby reliability engineer (@shelbyspees) September 6, 2020
I could have sworn I always used CNAMES before without an issue. I have no idea what I broke.https://t.co/HrnytGMrbX
The Namecheap support person I chatted with on Thursday helped me confirm my understanding of where things needed to happen:
me: namecheap points to netlify's nameservers and then I configure stuff in netlify to handle my subdomain redirects?— shelby reliability engineer (@shelbyspees) September 17, 2020
support: Yes, that's right, you link the domain to the servers of your provider from our side and then manage all the records on your service provider's side.
I think before I was basically like, “Well why would I need to do any configuration in Netlify? That’s what Namecheap is for.”
But behind the scenes, these are just web services. There’s some database or something that keeps track of what domains map to what. There’s nothing special about Namecheap that means they get to handle domain stuff and Netlify can’t (or if there is, it’s not related to any of what I was trying to do).
With the support person’s encouragement, I finally went into Netlify to try to set up the CNAME records for my
speaking. subdomains there. Results were near-instantaneous.
oh btw this turned out to be super easy, I just literally hadn't thought to set up my subdomain redirects in netlify https://t.co/cgNU6BmVLe— shelby reliability engineer (@shelbyspees) September 18, 2020
I’ve converted the rest of that thread into a blockquote here (with minor edits):
So if I’m understanding correctly, domain registration is a separate thing from DNS resolution. Namecheap handles the former and Netlify handles the latter.
This whole time I thought the resolution happened on the Namecheap side. I looked at Netlify’s DNS settings page and thought, oh I don’t need this lol. I’m trying to map this to the things I’ve touched in Route53, but there I’m usually just copying the settings from existing stuff. I remember poring over docs about DNS record types like, years ago, and none of it stuck.
And that’s kind of the thing, these lessons don’t click for me until I’m really focused and invested. Meanwhile, I have to work extra hard to make sure my knowledge gaps don’t trigger my imposter syndrome.
but I'm telling the "you should know this already" voice to shut up because everyone has gaps in their knowledge and experience and mental models of how the internet works— shelby reliability engineer (@shelbyspees) September 18, 2020
opening up those black boxes only to find a bunch of smaller black boxes inside— shelby reliability engineer (@shelbyspees) September 18, 2020
the internet is a matryoshka
a matryoshkabyss, you could say— shelby reliability engineer (@shelbyspees) September 18, 2020
(Yes, I’m forever taking credit for that.)
That’s all, folks!
So that’s the story of my recent lessons in some super elementary “wtf do these services even do?” DNS.
Remember: nameservers are special. And it’s always DNS.
2020-09-20 21:18 (Last updated: 2020-09-21 03:24)