none
Second Level Subdomains | wildcard domains on Azure don't work as expected

    Question

  • Hi,

    We're having issues with the Custom Domain functionality of Azure Websites.

    In short, a wildcard CNAME record has been set up to point to the Azure Website instance:

    *.mydomain.com -> mydomain.azurewebsites.com

    In Azure portal, in the custom domains section, the wildcard is also set up with a valid entry

    e.g. *.mydomain.com (record in custom domains section).

    Problem:

    visiting www.level2.mydomain.com results in a 404 error from Azure 'Error 404 - Web Site not found!' etc.

    Every other single-level subdomain gets through fine e.g. level1.mydomain.com is fine.

    Question:

    Are we doing something unsupported here?

    Thanks in advance,

    H





    • Edited by gifteds Wednesday, January 28, 2015 10:01 PM
    Wednesday, January 28, 2015 11:57 AM

Answers

  • Yes, I'm sorry I misled you to think that it was related to the certificates only. The double wildcard custom domains are also not supported today = your assessment is correct.

    Feel free to provide the feedback on http://feedback.azure.com/forums/169385-websites - we might prioritize it if the demand for this feature is high.

    Thanks,
    Petr

    • Marked as answer by gifteds Thursday, January 29, 2015 6:34 PM
    Thursday, January 29, 2015 6:18 PM
    Moderator

All replies

  • primary-level wildcards work just fine i.e. www.mydomain.com resolved fine by *.mydomain.com entry.

    The issue appears with secondary-level subdomains, e.g. www.secondary.mydomain.com

    The secondary subdomains return a 404.



    • Edited by gifteds Wednesday, January 28, 2015 2:44 PM
    Wednesday, January 28, 2015 12:32 PM
  • Does anyone from Microsoft know whether second-level subdomains are supported or not on Azure websites?

    Thanks!

    H

    The documentation suggests that a wildcard should work for all subdomains:

    http://azure.microsoft.com/en-us/documentation/articles/web-sites-custom-domain-name/ 


    • Edited by gifteds Wednesday, January 28, 2015 9:48 PM
    Wednesday, January 28, 2015 9:41 PM
  • To have a second-level wildcard domain mapping according to RFC 2818 (http://www.ietf.org/rfc/rfc2818.txt) you would need to have a double wildcard certificate ("Names may contain the wildcard character * which is considered to match any single domain name component or component fragment. E.g., *.a.com matches foo.a.com but not bar.foo.a.com."). This topic is also discussed e.g. here: http://serverfault.com/questions/104160/wildcard-ssl-certificate-for-second-level-subdomain

    Today there is no support for double wildcard certificates with Azure Websites.

    Thanks,
    Petr

    Thursday, January 29, 2015 12:26 AM
    Moderator
  • Hi Petr,

    Many thanks for your response!

    With the knowledge that double wildcard certificates are not supported with Azure Websites, I set up a simple test to see if second-level subdomains would work on Azure Websites without SSL.

    Test:

    - a template MVC5 app, no SSL endpoint binding and a single custom domain *.mydomain.com.

    - Home controller index action with a simple redirect to another site

    - published to a Shared Azure Website instance

    - DNS entry from *.mydomain.com to <azurewebsitename>.azurewebsites.net

    - wait for everything to propogate

    Result:

    - 'Error 404 - Web Site not found!' on Azure when navigating to www.secondlevel.mydomain.com

    - Successful redirect when navigating to random.mydomain.com (where random is not an explicitly mapped subdomain in the DNS service: therefore, wildcard catchall is working as expected for single-level wildcard subdomains)

    Assessment:

    The non-support of second-level subdomains is not restricted to the fact that Azure Websites don't support double wildcard certificates? The issue extends to Azure Website's non-support of double wildcard Custom Domains?

    Thanks,

    H

    Thursday, January 29, 2015 8:47 AM
  • Yes, I'm sorry I misled you to think that it was related to the certificates only. The double wildcard custom domains are also not supported today = your assessment is correct.

    Feel free to provide the feedback on http://feedback.azure.com/forums/169385-websites - we might prioritize it if the demand for this feature is high.

    Thanks,
    Petr

    • Marked as answer by gifteds Thursday, January 29, 2015 6:34 PM
    Thursday, January 29, 2015 6:18 PM
    Moderator
  • Ah ok, thanks for confirming Petr.

    I wish it wasn't so as it's a use case we need for our multi-tenant application. That and raising the Custom Domains limit from 250 to effectively unlimited...

    I'll add these requests to the feedback group now. Thanks for clarifying!

    Thanks,

    H

     
    Thursday, January 29, 2015 6:34 PM
  • If others want this feature added, please vote on the issue here:

    http://feedback.azure.com/forums/169385-websites/suggestions/7026845-support-double-wildcard-custom-domains

    Thursday, January 29, 2015 6:44 PM