question

JesseStewarthehim-4423 avatar image
0 Votes"
JesseStewarthehim-4423 asked JesseStewarthehim-4423 commented

Error mapping temporary afdverify subdomain

I am attempting to transfer an existing domain to Azure Front Door, following the instructions here: https://docs.microsoft.com/en-us/azure/frontdoor/front-door-custom-domain#map-the-temporary-afdverify-subdomain

Per the instructions on mapping a temporary afdverify subdomain, I added a cname entry for the existing domain (xyz.contoso.com) as follows:

 afdverify.xyz.contoso.com -> afdverify.contoso-frontend.azurefd.net

Once that change propagated, again following the instructions, I went to the front door designer to add my custom domain as a frontend host. Here's where I run into trouble. I do not understand step 5:

For Custom hostname, enter your custom domain, including the subdomain, to use as the source domain of your CNAME record. For example, www.contoso.com or cdn.contoso.com. Don't use the afdverify subdomain name.

What subdomain do they mean here, if it's not the afdverify one?

If I enter afdverify.xyz.contoso.com, I get an error that it can't find a CNAME record for that domain that points to my frontdoor (contoso-frontend.azurefd.net).

If I enter xyz.contoso.com, it lets me add the custom domain, but when I try to save I get an error that "Another custom domain with the same host name already exists."

I do not have xyz.contoso.com registered with any other app -- it is pointed to Azure Traffic Manager in the domain record.

If I try to hit afdverify.xyz.contoso.com directly in the browser, I get the "Our services aren't available right now" error -- which implies it's hitting my front door instance, but doesn't help me actually verify that my custom domain is working as expected.

What am I missing here? How am I supposed to verify my temporary subdomain so that I can confirm it's working and move on to migrating the actual domain?

Any advice appreciated. Thanks.

azure-front-door
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

1 Answer

GitaraniSharmaMSFT-4262 avatar image
0 Votes"
GitaraniSharmaMSFT-4262 answered JesseStewarthehim-4423 commented

Hello @JesseStewarthehim-4423 ,

Welcome to Microsoft Q&A Platform. Thank you for reaching out & hope you are doing well.

The tutorial that you are following is correct but the steps should be in the below order:

  1. Map the temporary afdverify subdomain

  2. Map the permanent custom domain

  3. Associate the custom domain with your Front Door

  4. Verify the custom domain

So the actual steps are as follows:

  1. First map your custom domain to your Front Door default frontend host with the Azure afdverify subdomain to create a temporary CNAME mapping (afdverify.www.contoso.com CNAME afdverify.contoso-frontend.azurefd.net). --> This is already done by you.

  2. After you've verified that the afdverify subdomain has been successfully mapped to your Front Door, you can then map the custom domain directly to your default Front Door frontend host. To do that, create a CNAME for your custom domain (<www.contoso.com> CNAME contoso-frontend.azurefd.net) and then delete the previously created a temporary afdverify subdomain CNAME record.

  3. Now, you can go to Azure portal and perform the below:

On the Front Door designer page, select '+' to add a custom domain.
For Frontend host, the frontend host to use as the destination domain of your CNAME record is pre-filled and is derived from your Front Door: <default hostname>.azurefd.net. It cannot be changed.
For Custom hostname, enter your custom domain, including the subdomain, to use as the source domain of your CNAME record. For example, www.contoso.com or cdn.contoso.com. Don't use the afdverify subdomain name.
Select Add.

After you've completed the registration of your custom domain, verify that the custom domain references your default Front Door frontend host.

Kindly let us know if the above helps or you need further assistance on this issue.


Please "Accept the answer" if the information helped you. This will help us and others in the community as well.

· 3
5 |1600 characters needed characters left characters exceeded

Up to 10 attachments (including images) can be used with a maximum of 3.0 MiB each and 30.0 MiB total.

Hi @GitaraniSharmaMSFT-4262,

Thank you for the reply, that does clarify things.

I am still a bit confused about this step:

After you've verified that the afdverify subdomain has been successfully mapped to your Front Door

How am I supposed to verify that the afdverify subdomain has been successfully mapped, if I can't add it as a custom domain in Front Door?

0 Votes 0 ·

Hello @JesseStewarthehim-4423 ,

To avoid interruption of web traffic, it is advised to first map your custom domain to your Front Door default frontend host with the Azure afdverify subdomain to create a temporary CNAME mapping. With this method, users can access your domain without interruption while the DNS mapping occurs. So verification of adverify subdomain means your domain is ready to be added in the custom domain in Front Door. While adding your domain to the FD custom domain, it should allow you to add it without any errors.
Reference : https://sameeraman.wordpress.com/2019/06/07/azure-front-door-custom-domains-and-managed-certificate/

There is a known issue where attempting to add a custom domain to AFD could fail stating "We couldn't find a DNS record for custom domain domainName that points to Front Door." When this happens, you may simply need to wait a bit longer for global DNS propagation to complete.

Thanks,
Gita

1 Vote 1 ·

@GitaraniSharmaMSFT-4262 ,

Thank you for the follow up, and for the link -- after reading through it, I think I understand. Once I have created the afdverify CNAME entries, if I am then able to add my custom domain to the frontend hosts without an error, then I can consider the custom domain verified, and continue the process. That makes sense. Thanks again for your help.

1 Vote 1 ·