Varnish Logo
SignupLogin
Varnish Logo

Routing Traffic

Connect your domain to Varnish CDN using CNAME or A/AAAA records and manage DNS-based verification and TLS issuance.

Varnish CDN works by generating a unique human readable domain name for each service created. This domain is then pointed to using CNAME DNS record from your own domain.

You can create multiple services with different generated domains that you can point your domains to. This is done by creating multiple CNAME records pointing to the different Varnish CDN service domains. You can also add multiple hostnames to a single service in the Varnish CDN dashboard, that all points to the same service.

For example, if you have two services, service-a and service-b, you can create the following CNAME records:

www.example.com CNAME service-a.varnish-cdn.com
api.example.com CNAME service-b.varnish-cdn.com

In this example, requests to www.example.com will be routed to service-a, while requests to api.example.com will be routed to service-b. These services can have different backends, caching rules, and configurations.

Make sure to configure the appropriate hostnames in the Varnish CDN dashboard for each service to ensure that requests are properly routed.

Redirect From Root Domain

If you want to redirect traffic from the root domain (also known as apex domain) to a subdomain, such as redirecting example.com to www.example.com, you will need to set up (A/AAAA) DNS records at your DNS provider. This is because CNAME records cannot be created for root domains.

The apex domain example.com needs to be configured with IPv4/IPv6 addresses to Varnish CDN that will handle the redirect. You can do this by creating A and AAAA records pointing to the Varnish CDN redirect IP addresses.

Which IP addresses and DNS records is shown in the Varnish CDN dashboard when you add a new domain to your service and select the option to redirect from the root domain. Navigate to the service and click "DNS Records" for your domain to see the required records.

How Traffic is Routed

When a request is made to your domain www.example.com the following steps occur:

  1. The clients DNS resolver looks up the CNAME record for www.example.com and finds that it points to service-a.varnish-cdn.com.
  2. The clients DNS resolver then looks up the A record for service-a.varnish-cdn.com and retrieves one or more IP addresses of the most appropriate Varnish CDN edge server(s) for the client.
  3. The client request is sent to the Varnish CDN edge server at the retrieved IP address.
  4. Varnish CDN inspects the Host header of the incoming request to determine which service should handle the request. In this case, it sees that the Host header is www.example.com and routes the request to service-a.

It is also possible to go directly towards service-a.varnish-cdn.com, in which case Varnish CDN will route the request to service-a based on the hostname in the URL.

If the request is made to example.com and you have set up the redirect from root domain, Varnish CDN will respond with a HTTP 302 redirect to www.example.com. Which then will follow the steps above to route the request to service-a.

TXT Records for Verification

Varnish CDN uses TXT records to verify domain ownership, the TXT record value is provided in the Varnish CDN dashboard when you add a new domain to your service. You will need to add this TXT record to your DNS provider to complete the verification process.

If you add subdomains on the same main domain (apex domain), you only need to add the TXT record once for the main domain. For example, if you are adding www.example.com and api.example.com, you only need to add the TXT record for www.example.com or example.com. As soon as the main domain is verified, all subdomains will be considered verified as well.

Example DNS TXT record:

TXT "_varnish-cdn-verify=uEkuI8LAOkItznITlLDc4m"

Once the TXT record has been added to your DNS provider, Varnish CDN will periodically check for the presence of the record to verify domain ownership. Once verified, you can start using the domain with your Varnish CDN service.

ACME Challenge for TLS

Varnish CDN uses the ACME protocol to automatically issue and renew TLS certificates for your domains. To be able to issue the certificates, an ACME challenge must be completed. This challenge will require to follow a CNAME DNS record pointing to Varnish CDN so that Varnish CDN can be allowed to issue certificates for the provided domain.

When you add a new domain to your service, Varnish CDN will provide the necessary DNS record value in the dashboard. You will need to add this record to your DNS provider to complete the ACME challenge.

This DNS record will look like this:

_acme-challenge IN CNAME _acme-challenge.varnish-cdn.com

Troubleshooting

If you are experiencing issues with routing traffic to your Varnish CDN service, here are some steps you can take to troubleshoot the problem:

  1. Check DNS Propagation: Ensure that the CNAME records have propagated correctly. You can use online DNS lookup tools to verify that the CNAME records point to the correct Varnish CDN service domain or using a command such as dig. (Red cross in the dashboard for "CDN traffic routed" indicates DNS not propagated) Example command: 
    dig CNAME www.example.com
    Expected output should show: 
    www.example.com.  IN CNAME service-a.varnish-cdn.com.
  2. Verify Domain Ownership: Make sure that the TXT record for domain verification has been added correctly to your DNS provider and that Varnish CDN has verified the domain ownership. (Red cross in the dashboard for "Domain ownership verified" indicates unverified domain) Example command: 
    dig TXT www.example.com
    Expected output should show the correct verification value: 
    www.example.com.  IN TXT "_varnish-cdn-verify=uEkuI8LAOkItznITlLDc4m"
  3. Check ACME Challenge: If you are using Managed TLS, ensure that the ACME challenge CNAME record has been added correctly to your DNS provider. (Red cross in the dashboard for "Let's encrypt" indicates ACME challenge not completed) Example command: 
    dig CNAME _acme-challenge.www.example.com
    Expected output should show: 
    _acme-challenge.www.example.com.  IN CNAME _acme-challenge.varnish-cdn.com.
  4. Root Domain Configured: If you are trying to redirect from the root domain, ensure that the A and AAAA records are correctly configured to point to the Varnish CDN redirect IP addresses. (Red cross in the dashboard for "Root domain configured" indicates missing or incorrect records) Example command: 
    dig A example.com
dig AAAA example.com
    Expected output should show the correct Varnish CDN redirect IP addresses.
  5. Review Varnish CDN Dashboard: Check the Varnish CDN dashboard for any error messages or warnings related to your service or domain configuration.
  6. DNS Propagation Time: Remember that DNS changes can take time to propagate. Depending on your DNS provider's TTL settings, it may take several minutes to hours for changes to take effect globally. You can verify directly towards your own DNS provider to see that the record exists: 
    dig CNAME www.example.com @ns1.yourdnsprovider.com
    If that works, then it's just a matter of waiting for global propagation. You can verify this towards for example a public DNS resolver such as Cloudflare or Google: 
    dig CNAME www.example.com @8.8.8.8
dig CNAME www.example.com @1.1.1.1
  7. Contact Support: If you have followed all the steps above and are still experiencing issues, consider reaching out to Varnish CDN support for further assistance.

What is a Service?

Learn more about what we can do for you!

Securing your content

Read about how you can secure your content using Varnish CDN