Automation from Bare Metal to the Cloud!

Worklog - 2023-02-01: Configure Domain for Github Pages

Part 3/3 of Overhaul of the Github Pages Website

Goal: “Point” yoinkbird.com to yoinkbird.github.io

Update DNS

Subdomain

Initial approach: Just update CNAME and then verify ownership, as per https://docs.github.com/en/pages/configuring-a-custom-domain-for-your-github-pages-site/managing-a-custom-domain-for-your-github-pages-site#configuring-a-subdomain

$ dig www.yoinkbird.com +nostats +nocomments +nocmd
;www.yoinkbird.com.		IN	A
www.yoinkbird.com.	355	IN	CNAME	yoinkbird.github.io.
yoinkbird.github.io.	355	IN	A	185.199.108.153
yoinkbird.github.io.	355	IN	A	185.199.109.153
yoinkbird.github.io.	355	IN	A	185.199.111.153
yoinkbird.github.io.	355	IN	A	185.199.110.153
github.io.		355	IN	NS	dns4.p05.nsone.net.
github.io.		355	IN	NS	dns3.p05.nsone.net.
github.io.		355	IN	NS	dns2.p05.nsone.net.
github.io.		355	IN	NS	ns-1622.awsdns-10.co.uk.
github.io.		355	IN	NS	ns-393.awsdns-49.com.
github.io.		355	IN	NS	dns1.p05.nsone.net.
github.io.		355	IN	NS	ns-1339.awsdns-39.org.
github.io.		355	IN	NS	ns-692.awsdns-22.net.
dns2.p05.nsone.net.	355	IN	A	198.51.45.5
dns3.p05.nsone.net.	355	IN	A	198.51.44.69
dns2.p05.nsone.net.	355	IN	AAAA	2a00:edc0:6259:7:5::2
ns-1622.awsdns-10.co.uk. 355	IN	A	205.251.198.86
ns-1339.awsdns-39.org.	355	IN	A	205.251.197.59
ns-393.awsdns-49.com.	355	IN	A	205.251.193.137
dns3.p05.nsone.net.	355	IN	AAAA	2620:4d:4000:6259:7:5:0:3
ns-1622.awsdns-10.co.uk. 355	IN	AAAA	2600:9000:5306:5600::1
ns-692.awsdns-22.net.	355	IN	A	205.251.194.180
dns1.p05.nsone.net.	355	IN	A	198.51.44.5
dns1.p05.nsone.net.	355	IN	AAAA	2620:4d:4000:6259:7:5:0:1
ns-393.awsdns-49.com.	355	IN	AAAA	2600:9000:5301:8900::1
dns4.p05.nsone.net.	355	IN	A	198.51.45.69
ns-692.awsdns-22.net.	355	IN	AAAA	2600:9000:5302:b400::1
ns-1339.awsdns-39.org.	355	IN	AAAA	2600:9000:5305:3b00::1
dns4.p05.nsone.net.	355	IN	AAAA	2a00:edc0:6259:7:5::4

Then update GH: https://github.com/YoinkBird/yoinkbird.github.io/settings/pages

Issue

This simple “Configuring a subdomain” step will, as it says on the tin, not configure the apex domain.

I.e. visits directly to yoinkbird.com will not be redirected to the yoinkbird.github.io page.

This is, however, desirable, so it becomes necessary to configure the registrar’s A-records accordingly.

Configuring an apex domain

Allow yoinkbird.com to go directly to yoinkbird.github.io as well (in addtion to www.yoinkbird.com).

Instructions: Both https://docs.github.com/en/pages/configuring-a-custom-domain-for-your-github-pages-site/managing-a-custom-domain-for-your-github-pages-site#configuring-an-apex-domain and https://docs.github.com/en/pages/configuring-a-custom-domain-for-your-github-pages-site/managing-a-custom-domain-for-your-github-pages-site#configuring-an-apex-domain-and-the-www-subdomain-variant

Caveat: The github pages docs mention a “github pages DNS records”; this is most likely a roundabout way of referring to DNS records created based on the CNAME file present in the repo, and not an actual user-facing DNS record interface.

Caveat: building directly off of the “Configuring a subdomain” step, i.e. leaving GH Pages config with the www subdomain, in order to manage the apex domain entirely via the registrar.

Verify:

Verify DNS for apex domain:

$ dig yoinkbird.com +nocmd +nostats
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 36603
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 2, ADDITIONAL: 3

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;yoinkbird.com.			IN	A

;; ANSWER SECTION:
yoinkbird.com.		872	IN	A	185.199.111.153
yoinkbird.com.		872	IN	A	185.199.109.153
yoinkbird.com.		872	IN	A	185.199.108.153
yoinkbird.com.		872	IN	A	185.199.110.153

;; AUTHORITY SECTION:
yoinkbird.com.		872	IN	NS	ns2.hover.com.
yoinkbird.com.		872	IN	NS	ns1.hover.com.

;; ADDITIONAL SECTION:
ns2.hover.com.		872	IN	A	64.98.148.13
ns1.hover.com.		872	IN	A	216.40.47.26

Observations:

Verify DNS for sub-domain:

$ dig www.yoinkbird.com +nocmd +nostats
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 49542
;; flags: qr rd ra; QUERY: 1, ANSWER: 5, AUTHORITY: 5, ADDITIONAL: 9

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 65494
;; QUESTION SECTION:
;www.yoinkbird.com.		IN	A

;; ANSWER SECTION:
www.yoinkbird.com.	782	IN	CNAME	yoinkbird.github.io.
yoinkbird.github.io.	782	IN	A	185.199.110.153
yoinkbird.github.io.	782	IN	A	185.199.108.153
yoinkbird.github.io.	782	IN	A	185.199.111.153
yoinkbird.github.io.	782	IN	A	185.199.109.153

;; AUTHORITY SECTION:
github.io.		782	IN	NS	dns2.p05.nsone.net.
github.io.		782	IN	NS	ns-692.awsdns-22.net.
github.io.		782	IN	NS	dns1.p05.nsone.net.
github.io.		782	IN	NS	ns-1622.awsdns-10.co.uk.
github.io.		782	IN	NS	dns3.p05.nsone.net.

;; ADDITIONAL SECTION:
dns2.p05.nsone.net.	782	IN	AAAA	2a00:edc0:6259:7:5::2
dns1.p05.nsone.net.	782	IN	AAAA	2620:4d:4000:6259:7:5:0:1
dns3.p05.nsone.net.	782	IN	A	198.51.44.69
dns1.p05.nsone.net.	782	IN	A	198.51.44.5
dns3.p05.nsone.net.	782	IN	AAAA	2620:4d:4000:6259:7:5:0:3
dns2.p05.nsone.net.	782	IN	A	198.51.45.5
ns-692.awsdns-22.net.	782	IN	A	205.251.194.180
ns-1622.awsdns-10.co.uk. 782	IN	A	205.251.198.86

Observations:

Certificate:

$ echo | openssl s_client -showcerts -servername yoinkbird.com -connect yoinkbird.com:443 2>/dev/null | openssl x509 -inform pem -noout -text | grep -A 1 'Subject Alternative Name'
            X509v3 Subject Alternative Name: 
                DNS:www.yoinkbird.com, DNS:yoinkbird.com

A-record (for apex domain):

$ dig yoinkbird.com +noall +answer -t A
yoinkbird.com.		628	IN	A	185.199.108.153
yoinkbird.com.		628	IN	A	185.199.110.153
yoinkbird.com.		628	IN	A	185.199.109.153
yoinkbird.com.		628	IN	A	185.199.111.153

Verify Domain

Following https://github.com/settings/pages_verified_domains/new via https://docs.github.com/en/pages/configuring-a-custom-domain-for-your-github-pages-site/verifying-your-custom-domain-for-github-pages

Add TXT record at registrar

Then click [verify]:

Successfully verified yoinkbird.com 

$ dig _github-pages-challenge-YoinkBird.yoinkbird.com +nostats +nocomments +nocmd TXT
;_github-pages-challenge-YoinkBird.yoinkbird.com. IN TXT
_github-pages-challenge-YoinkBird.yoinkbird.com. 886 IN	TXT "<CHALLENGE>"

Conclusion

All goals met, although the GH pages for domains get a bit confusing and there’s a lot of “automagic” they don’t document.

Best to plan in about a day to let all DNS changes propagate, and remember to always check both the generated certificate and the DNS records when troubleshooting!