Catch-all CNAME to pages.dev, DNS and Redirects
Hello all!
Problem Description
I'm trying to set up my DNS, redirect rules (and even tried a worker) to be able to do the following in order of priority:
1. If DNS entry exists, immediately go to target (e.g. sub.example.com)
2. If redirect rule for subdomain exists, redirect to appropriate page (e.g. twitter.example.com links to my Twitter account through redirect rules)
3. If no DNS or redirect rule exists redirect to example.pages.dev
What else I've tried
Since the amount of redirect rules is limited, I've also tried making a Worker which handles this but it didn't quite work out cause you can't set a catch-all as a worker route.
What I'm looking for
I'm looking for an elegant solution which allows me to have proxied subdomains through DNS, a bunch of easily configurable redirect rules and have any other subdomain redirect to the main domain.
Current State
As of now any unknown subdomain (e.g. test.example.com) just gives a 522 error. (CNAME * to example.pages.dev). Any other DNS entries work properly and defined redirect rules do work as well.
18 Replies
Since the amount of redirect rules is limited, I've also tried making a Worker which handles this but it didn't quite work out cause you can't set a catch-all as a worker route.You absolutely can, just a simple wildcard route with a corresponding dns record. The rest gets tricky though, as Worker Routes will run on everything even things with dns records existing (you'd have to create sub.example.com/* service none routes to bypass on all the subdomains you want to not get workered), and Redirect Rules take priority over dns records and routes and yea you can't wildcard to your pages.dev, it needs each hostname added to its Custom Domains tab
Ah I've tried so much I forgor, then it was the issue of creating an infinite loop because it would keep going back into the worker.
(you'd have to create sub.example.com/* service none routes to bypass on all the subdomains you want to not get workered)Could you elaborate on this? You mean there is a way of blocking workers from running on certain routes?
yea, from your workers routes page in your website, you just add routes with service of none
Ah I've tried so much I forgor, then it was the issue of creating an infinite loop because it would keep going back into the worker.You should be fetching the pages.dev itself from inside the worker
Rather than redirecting to it?
yes
async fetch(request, env) {
var url = new URL(request.url);
url.hostname = "example.pages.dev";
return fetch(url, request);
}
Wouldn't this also work with a worker route going to None with
denni.cat/* as Route?
Rather than fetching
If you want to do a redirect rather then proxy the content, sure, just need to exclude your root hostname yea
And probably no way to do this dynamically? E.g. fetch all DNS entries and automatically create None worker routes from this and update as a new DNS entry gets added?
no and to be completely frank I understand why you would want to do what you're trying to do but it's the vast majority of the time a waste of time and causes other issues, there's a reason why no big website does it/bothers with that sort of setup
wildcard records are messy and it can be confusing to services and people to have every hostname exist
but if you want to go on that approach, just have to remember to make a new route on each subdomain you add
Luckily I don't have too many subdomains and managing redirects through a worker rather than redirect rules seems more easily extendable to me as well
There is a per website cap of routes on 1,000, and each one you add does ever so slightly slow down all request routing because they all need to be eval'd
I'm not anywhere near that luckily :p
the only bit it looks like you're missing right now is just a wildcard record like
AAAA * 100:: Proxied so it all hits your workerWas just about to ask what the best way would be to handle that ahaha
Do I need an A record to 192.0.2.1 as well?
Not too familiar with DNS
When you have Proxy on, Cloudflare responds to DNS Requests with its own Proxy IPs, which are both protocols/types eitherway
I don't need an A record for ipv4 compatibility?
Alright that's great! Thanks for the help 💛