Azure Web App and Cloudfare DNS

I maintain the website for the Glasgow Azure User Group and for the last 18 months the WordPress site has been hosted at 123 Reg. I've been thinking about changing the hosting of the website for a while and recently had some spare time so put together a website using Grav and as part of the project I wanted to host the website on Azure, for obvious reasons.

The GAUG website is fronted by Cloudflare, so that we can take advantage of their Content Delivery Network (CDN) and SSL certificate services. The DNS records for the GAUG domain are also handled by Cloudflare. And here lies the issue that this blog post hopes to address.

When you spin up an Azure Web App, you have the ability to add custom domains rather than use the .azurewebsites.net that you get by default. In order to add a custom domain you need to validate that you own the domain. A full tutorial on this process is available here

The Problem

The problem I encountered with the Cloudflare DNS that caused some issues validating my custom domain is as follows;

I was instructed by Azure to add a CNAME record to validate www.gaug.co.uk, and I duly did so with the Cloudflare DNS portal. If you've ever used Cloudflare DNS you will know it is fairly instantaneous, however in this case 24 hours later the CNAME record was still not being found by Azure or MXToolbox's DNS checker.

The Solution

hands up I wasn't entirely sure what was wrong or why this wasn't working, so I tried the old let's press this and see what happens method. With your DNS records within Cloudflare you have the option to run them through Cloudflare to make your site faster, safer and smarter or you can opt not to run the DNS through Cloudflare.

My www CNAME record that I had created in order to validate the website with Azure was running through Cloudflare's DNS, I clicked on the orange cloud icon
and set it so that the CNAME record wouldn't go through Cloudflare's DNS. Low and behold the CNAME was now being found via MXToolbox's CNAME lookup, pretty much instantaneously.

I went back into the Azure portal and added in the custom domain and Azure was able to find the CNAME record and validate the domain.

Now that my domain was validated I went back into the Cloudflare DNS portal, clicked on the grey cloud icon next to my CNAME record so the traffic would be making use of Cloudflare's features and within a few minutes my website had it's SSL certificate assigned and was building up a CDN cache.

Overview

Cloudflare obfuscate the DNS records when you using their proxy and CDN network so that's why Azure and MXToolbox couldn't find the CNAME record that I had set. A sneaky one but one to be aware of if you using Cloudflare and Azure Web Apps together.

As always if you’d like to reach out and speak to me about any of the above please get in touch via Twitter @TechieLass