On December 18th (Tuesday), Wikihub will be unavailable from 7-9am.
Page tree

Skip to end of metadata
Go to start of metadata


Problem

The Request a DNS Change for Offsite Hosting page instructs users to request that their live site URL be created as a CNAME for live-EXAMPLE.pantheonsite.io.  Sometimes Hostmaster will reply saying that a CNAME is not possible because the DNS for EXAMPLE.berkeley.edu is the top-level record for a DNS zone. This means that subdomains like SUBDOMAIN.EXAMPLE.COM exist.  Another common blocker to using a CNAME is if the hostname contains MX (mail exchanger) records for sending email.

Solution

Enable HTTPS on Pantheon

It is now Free for Personal level Pantheon sites to use HTTPS.  on October 24, 2017 the Chrome browser will update to version 62.  This version of Chrome will display a "Not Secure" warning when users type data into HTTP sites.  This would apply to entering data into a search box on the site. Given these developments there is no reason not to configure your Pantheon site to use HTTPS.

For more detail on launching your UC Berkeley site on Pantheon please see the Upgrade to Paid Plan form and Pantheon's Launch Essentials document.

Provide UC Berkeley Hostmaster with A record information

If your site can use a CNAME, that solution is always preferred. Only request an A record if you know you cannot use a CNAME.


When you connect a domain to your site you will see the new domain will appear on the Domains / HTTPS tab with the status message "Upgrade to CDN."  Click the Details button to the right of the domain and you should see "Type: CNAME live-EXAMPLE.pantheonsite.io." (In place of EXAMPLE you will see the name of your site.)  Copy this value and so that you can run the following terminal command:

$ host live-EXAMPLE.pantheonsite.io
live-EXAMPLE.pantheonsite.io is an alias for fe0.edge.pantheon.io.
fe0.edge.pantheon.io has address 23.nnn.nnn.nnn
fe0.edge.pantheon.io has IPv6 address nnnn:nna:nnn0::n
fe0.edge.pantheon.io has IPv6 address nnnn:nna:nnn1::n


Send a message like this one to hostmaster@berkeley.edu

Subject: Pantheon DNS setup for MYHOST.berkeley.edu

Hi Hostmaster,

Please configure the following DNS records for MYHOST.berkeley.edu:

A record pointing to 23.nnn.nnn.nnn
AAAA record pointing to nnnn:nna:nnn0::n

Obviously MYHOST, should be changed to reflect the production URL hostname you will use with the site. E.g. web.berkeley.edu.

For the AAAA record it is safe to use either of the IPv6 addresses you get from the 'host' command.

When A record is active

Browsing to the hostname associated with your A record should take you to your site.

If you visit the Domains/HTTPS tab on your dashboard, your domain should be highlighted green indicating that it is working. However you may see a message like this:

and next to your A records it may say "remove this detected record."  Pantheon assures us that it is safe to ignore these messages. You can depend on your new domain working in perpetuity. 

Differences from the previous solution documented here

One of our previously-documented solutions involved configuring both MYHOST.berkely.edu and www.MYHOST.berkeley.edu and then creating a 301 redirect from the first hostname to the second. This was done to minimize the possibility of DNS breaking if the IP address of our legacy load balancer were to change. This solution is no longer necessary.  The IP addresses for Pantheon's Global CDN will not change and it is safe to use them as A record targets.