I had a recent requirement from one of our clients that took a little bit of tinkering to figure out… we will call our client Contoso LLC. and our project that we host for them we will call the “Cool Widget Project.”

We built a really neat widget of an application for Contoso to use and we are hosting it under a sub-domain of a domain we control. We needed to keep hosting it under this domain. However, our client, Contoso, wanted to hand out a link for their users to the new widget we built using an existing sub-domain from a domain they control. This was of course under their main domain, constosollc.com, and they already had existing users that came to the old version of the widget (built by another vendor) at widget.contosollc.com.

Our company was hosting the new widget app at widgetapp.appworks.net.

To further complicate things… our company appreciates security, likes fast DNS updates, and the app really benefits from using a CDN… so we are using Cloudflare to manage DNS for the appworks.net domain. Better yet, we also like the cloud, and this new widgetapp is actually an Azure Web App.

So there’s the situation…

We essentially need this to happen:

User visits widget.contosollc.com --> widgetapp.appworks.net.

Oh but this is Azure… so actually widgetapp.appworks.net is already a CNAME record and it actually points to widgetapp.azurewebsites.net. So it is this:

User visits widget.contosollc.com --> widgetapp.appworks.net --> widgetapp.azurewebsites.net.

To elaborate the above just a little bit more:

widget.contosollc.com (DNS from random provider) --> widgetapp.appworks.net (Cloudflare DNS, CNAME) --> widgetapp.azurewebsites.net (the DNS name provided by Azure for the application)

Simple right? Just get our client to create a CNAME record that points to widgetapp.appworks.net and move on with life… wrong…
(more…)

Apparently a handful of customers using Cloudflare for DNS, and specifically CNAME records experienced a brief outage of name resolution services on New Year’s. I found the reason why to be rather interesting. Devs at cloudflare assumed time can’t move backwards… An understandable assumption but actually faulty because of leap seconds… Anyhow, if you do programming you might find the root cause analysis for this hiccup to be interesting and informative:

https://blog.cloudflare.com/how-and-why-the-leap-second-affected-cloudflare-dns/

Well worth a quick read. No, unfortunately it didn’t have anything to do with Dark Matter and/or what happens were a black hole and a Delorian traveling at 88 mph suddenly to meet while Superman flies around the planet at light speed. But, it is still curious enough all the same. Happy New Year… Sanitize your outputs…

Currently I am looking into a couple of different cloud platforms for new infrastructure projects. Microsoft Azure is creeping up rather highly on the list.

A few years ago the concepts of “security” and “cloud hosting” were diametrically opposed in many people’s minds. Security is an ironic field of IT in that technology, vulnerabilities and exploits, defense and remediation strategy, etc. all evolve very rapidly (like other areas of IT) but due to being tied in tightly with things like regulatory compliance the ideology and actual implementation of change in this area moves at a snail’s pace.

However IT is largely shifting towards cloud technologies and regulation must shift with it. The major players in the cloud hosting space have recognized a need to address security concerns and have made a concerted effort to do so.
(more…)