The Request a DNS Change for Offsite Hosting page instructs users to request that their live site URL be created as a CNAME for live-EXAMPLE.pantheonsite.io. Sometimes Hostmaster will reply saying that a CNAME is not possible because the DNS for EXAMPLE.berkeley.edu is the top-level record for a DNS zone. This means that subdomains like SUBDOMAIN.EXAMPLE.COM exist. Another common blocker to using a CNAME is if the hostname contains MX (mail exchanger) records for sending email.
Enable HTTPS on Pantheon
It is now Free for Personal level Pantheon sites to use HTTPS. on October 24, 2017 the Chrome browser will update to version 62. This version of Chrome will display a "Not Secure" warning when users type data into HTTP sites. This would apply to entering data into a search box on the site. Given these developments there is no reason not to configure your Pantheon site to use HTTPS.
Provide UC Berkeley Hostmaster with A record information
If your site can use a CNAME, that solution is always preferred. Only request an A record if you know you cannot use a CNAME.
When you connect a domain to your site you will see the new domain will appear on the Domains / HTTPS tab with the status message "Upgrade to CDN." Click the Details button to the right of the domain and you should see "Type: CNAME live-EXAMPLE.pantheonsite.io." (In place of EXAMPLE you will see the name of your site.) Copy this value and so that you can run the following terminal command:
Send a message like this one to firstname.lastname@example.org
Obviously MYHOST, should be changed to reflect the production URL hostname you will use with the site. E.g. web.berkeley.edu.
For the AAAA record it is safe to use either of the IPv6 addresses you get from the 'host' command.
When A record is active
Browsing to the hostname associated with your A record should take you to your site.
If you visit the Domains/HTTPS tab on your dashboard, your domain should be highlighted green indicating that it is working. However you may see a message like this:
and next to your A records it may say "remove this detected record." Pantheon assures us that it is safe to ignore these messages. You can depend on your new domain working in perpetuity.
Differences from the previous solution documented here
One of our previously-documented solutions involved configuring both MYHOST.berkely.edu and www.MYHOST.berkeley.edu and then creating a 301 redirect from the first hostname to the second. This was done to minimize the possibility of DNS breaking if the IP address of our legacy load balancer were to change. This solution is no longer necessary. The IP addresses for Pantheon's Global CDN will not change and it is safe to use them as A record targets.