Azure Traffic Manager Profile - Add as a CNAME to your Custom Domain(DNS) to reolve correctly to your application DNS requests.

 Problem or Incorrect configuration for your DNS(Custom Domain) in Azure w.r.t. the ATM(Azure Traffic Manager profile):

Let's assume you have a DNS(Custom Domain) in Azure for your Azure CDN endpoint URL

Azure CDN Endpoint URL: tarak-tech-test.azureedge.net

Custom Domain: tarak-tech-test.blogspot.com

The below screenshots illustrate how the Azure CDN endpoint and Custom Domain are mapped.









Requested my administrator to add the following Azure CDN endpoint "tarak-tech-test.azureedge.net" as a CNAME record into the DNS (tarak-tech-test.blogspot.com)

For my requirement, I have Azure Traffic Manager which is distributing the traffic based on the Priority to my 2 endpoints(one is from the Azure CDN endpoint which I already mentioned above and another one is from AWS CloudFront Distribution Endpoint)

My files exist on blob and S3 and those are mapped to the Azure CDN and AWS CF

Let's assume Here is the AWS CF endpoint: fr6758hlhh387.cloudfront.net

Below is the screenshot of the traffic manager profile from Azure






If you see the above screenshot the priority is set to aws-cloudfront and we are expecting to get resources from AWS CF(via its S3 bucket) if I use the below URL which is commonly configured both in Azure and AWS to fetch my files(resources), I always get my files from Azure irrespective of the Traffic manager priority configured because we hardcoded the Azure endpoint CNAME to the DNS

https://techtarak.blogspot.com/assets/test.js

Note: My code deployed to both Azure blob and AWS S3, therefore I will be having same files in both blob and S3 and configured the same Custom domain in both Azure and AWS, that is the reason I will be having the same URL to fetch resources from any of the Azure or AWS endpoints based on the priority.


Fix / Solution:

Add Azure Traffic Manager URL as a CNAME record for the DNS

Let's assume My ATM profile URL is HTTP://tech-tarak-test.trafficmanager.net

Map the following CNAME "tarak-tech-test.trafficmanager.net" to the DNS "tarak-tech-test.blogspot.com"


Now if you request this file https://techtarak.blogspot.com/assets/test.js, it will resolve to aws-cloudfront and fetch the file from S3


You can cross check to which endpoint the DNS is getting resolved based on the priority set for Endpoints in Azure Traffic Manager using the below commands

nslookup tarak-tech-test.blogspot.com

dig tarak-tech-test.blogspot.com

ping tarak-tech-test.blogspot.com


You can cross-check at the ATM profile level as well

nslookup tarak-tech-test.trafficmanager.net

dig tarak-tech-test.trafficmanager.net

ping tarak-tech-test.trafficmanager.net


You can use the following tool also to dig the web interface https://www.digwebinterface.com/


The request flow:

Client(Your application) -> Makes DNS(Custom Domain) request to access your file -> Resolves to Azure Traffic Manager CNAME -> Again resolves to Priority 1 Azure CDN/AWS CF endpoint -> HTTP request initiation to your files/resources.


Note:

DNS CNAME cannot have multiple targets

https://serverfault.com/questions/574072/can-we-have-multiple-cnames-for-a-single-name

https://www.quora.com/Can-I-have-multiple-CNAME-records


--- Happy learning

Tarak

Comments

Post a Comment

Popular posts from this blog

Enable weight-based traffic routing in Azure

Image
 Let’s assume you have the application infrastructure like below User -> Application -> Request Resource(file) with a DNS-> Azure Traffic manager -> Resolves to Azure CDN or AWS Cloud Front endpoint based on priority -> The respective CDN’s mapped to Blob and S3 respectively from Azure and AWS -> The user requested resource(file) present in blob or S3. Go to the Azure Traffic manager profile Click on Configuration for the already created Traffic manager profile Set the routing method to “Weighted” and fill rest of the details Now you must add endpoints so that it will show the option to enter the “Weight” value Questions and Answers: I f a client is being served the resources from Azure and what are the chances the same client will get resources from AWS? In this case, how the caching rules for the endpoint will get switched from Azure to AWS or vice-versa? ANS: The switching of these endpoints would rely on the weight first, architecture second (number of recursive
Read more

FAQs

can we have multiple certificates for a domain? There's no mechanism that would stop you from issuing multiple certificates for the same domain. In fact, that's what you do every time you renew your SSL certificate — you issue a new certificate while the old one is still active. So, at least for a while, you have two certificates for the same domain. What is the use case you will be having 2 SSL certificates for a single domain? If your files are deployed into Azure CDN and AWS CF and want to access the file with a single URL(using a single DNS) then you must request Certificates from Azure CDN and AWS Certificate Manager(ACM) How to enable automatic SSL certificate renewal for your DNS in Azure and AWS? In Azure, you have to enable HTTPS requests for your DNS and enable Azure CDN managed for your Custom Domain In AWS, it will take care of automatically based on the clauses they mentioned here https://docs.aws.amazon.com/acm/latest/userguide/managed-renewal.html
Read more