Resolving Google DNS problems with hosting *.app from Hover on Azure
/This is a quick blog post - special thanks to Simon Waight who looked into this with me and gave me some nudges towards the right direction. The solution was his suggestion too. That guy, he knows his Azure.
Problem
Okay, checklist of my problems:
Bought flowstudio.app domain name with Hover
Mapped custom domain on Azure
Set CNAME/A record from Hover nameserver to Azure
.app needs secure cert - which was bought through Azure (Go-Daddy)
DNS lookup is good for almost everyone
DNS lookup from Google DNS 8.8.8.8 fails
So anyone that uses Google DNS can’t see flowstudio :-(
Notes
Please understand John is a developer and not an infrastructure guru. But this was pretty interesting.
.app is a secured domain
Google DNS fails, because Google owns .app
While most DNS servers are happy to talk to ns.hover.com to resolve my domain name to Azure, Google wants to verify the DNSSEC
This fails, so Google DNS treats the DNS record as invalid, refusing to resolve FlowStudio.app
This was really confusing, until I finally come across a note on Hover’s FAQ:
https://help.hover.com/hc/en-us/articles/217281647-Understanding-and-managing-DNSSEC
“Please note: Hover does not offer hosted DNSSEC DNS services using ns1/2/3.hover.com. If you require DNSSEC, you’ll need to use a third-party DNS provider that offers DNS that supports DNSSEC fully.”
Solution
The fix is to create a new Azure DNS Zone, and then change the nameserver records on Hover to point to Azure DNS Servers. A/CNAME records are created on Azure DNS. This seems to have resolved the issue for everyone, especially Google DNS.
Please let me know if you have problems accessing https://FlowStudio.app
