fix(namecheap): use full app domain for CNAME instead of underscore wildcard #77
Conversation
This file contains hidden or bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
…ildcard
Namecheap's DNS servers don't serve CNAME records pointing to underscore-prefixed
domains (e.g., _.dstack-pha-prod9.phala.network). The record appears in the
Namecheap API but isn't visible in public DNS queries.
This fix detects when DNS_PROVIDER=namecheap and GATEWAY_DOMAIN starts with an
underscore, then substitutes the full app-specific domain instead:
Before: _.dstack-pha-prod9.phala.network
After: {app_id}-{port}.dstack-pha-prod9.phala.network
Both resolve to the same IP, and the TXT records handle app routing, so
functionality is preserved.
Tested with hermes.teleport.computer - custom domain now resolves correctly.
Author
Question: TEE Attestation VerificationOne thing we wanted to confirm: does the attestation verification process check the CNAME value? The Phala dashboard validation shows: With our fix, the CNAME points to Questions:
The fix works for routing and SSL - just want to make sure it doesn't break attestation verification. |
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment
1 participant
Add this suggestion to a batch that can be applied as a single commit.
This suggestion is invalid because no changes were made to the code.
Suggestions cannot be applied while the pull request is closed.
Suggestions cannot be applied while viewing a subset of changes.
Only one suggestion per line can be applied in a batch.
Add this suggestion to a batch that can be applied as a single commit.
Applying suggestions on deleted lines is not supported.
You must change the existing code in this line in order to create a valid suggestion.
Outdated suggestions cannot be applied.
This suggestion has been applied or marked resolved.
Suggestions cannot be applied from pending reviews.
Suggestions cannot be applied on multi-line comments.
Suggestions cannot be applied while the pull request is queued to merge.
Suggestion cannot be applied right now. Please check back later.
Summary
Namecheap's DNS servers don't serve CNAME records pointing to underscore-prefixed domains (e.g.,
_.dstack-pha-prod9.phala.network). The record appears in the Namecheap API but isn't visible in public DNS queries.This fix detects when
DNS_PROVIDER=namecheapandGATEWAY_DOMAINstarts with an underscore, then substitutes the full app-specific domain instead:_.dstack-pha-prod9.phala.network{app_id}-{port}.dstack-pha-prod9.phala.networkBoth resolve to the same IP (
66.220.6.109), and the TXT records handle app routing, so functionality is preserved.The Bug
nslookup, Google DoH) → CNAME not found ✗The issue is specific to CNAME records with underscore-prefixed targets.
Test Plan
Tested with
hermes.teleport.computer:Changes
set_alias_record()inscripts/entrypoint.shGATEWAY_DOMAINstarts with underscoreapp_idfrom dstack socket