Resolving Google DNS problems with hosting *.app from Hover on Azure

This is a quick blog post - special thanks to Simon Waight who looked into this with me and gave me some nudges towards the right direction. The solution was his suggestion too. That guy, he knows his Azure.

Problem

Okay, checklist of my problems:

  • Bought flowstudio.app domain name with Hover

  • Mapped custom domain on Azure

  • Set CNAME/A record from Hover nameserver to Azure

  • .app needs secure cert - which was bought through Azure (Go-Daddy)

  • DNS lookup is good for almost everyone

  • DNS lookup from Google DNS 8.8.8.8 fails

  • So anyone that uses Google DNS can’t see flowstudio :-(

Notes

Please understand John is a developer and not an infrastructure guru. But this was pretty interesting.

  1. .app is a secured domain

  2. Google DNS fails, because Google owns .app

  3. While most DNS servers are happy to talk to ns.hover.com to resolve my domain name to Azure, Google wants to verify the DNSSEC

  4. This fails, so Google DNS treats the DNS record as invalid, refusing to resolve FlowStudio.app

  5. This was really confusing, until I finally come across a note on Hover’s FAQ:
    https://help.hover.com/hc/en-us/articles/217281647-Understanding-and-managing-DNSSEC

Please note: Hover does not offer hosted DNSSEC DNS services using ns1/2/3.hover.com. If you require DNSSEC, you’ll need to use a third-party DNS provider that offers DNS that supports DNSSEC fully.

Solution

The fix is to create a new Azure DNS Zone, and then change the nameserver records on Hover to point to Azure DNS Servers. A/CNAME records are created on Azure DNS. This seems to have resolved the issue for everyone, especially Google DNS.

Please let me know if you have problems accessing https://FlowStudio.app