Unable to access CDN endpoint via custom subdomain

Question

Hi there, my team and I are currently exploring using Azure static site blobs and CDN endpoint to host several web apps.

We have successfully deployed our static files to the blog storage and our entire test app loads on both the primary (name.abc.web.core.windows.net) and CDN (name.azureedge.net) endpoints. When it comes to mapping a custom subdomain via the “cdnverify” temporary step, however, I am unsuccessful.

I have very carefully followed and quintuple-checked all steps in the support doc "Tutorial: Add a custom domain to your Azure CDN endpoint".

This is my current DNS config (via Namecheap):

- CNAME host: cdnverify.static, Value: cdnverify.[name].azureedge.net.
- CNAME host: v2, Value: [name].azureedge.net.

When I skip the cdnverify step, e.g. assign the azureedge CNAME value directly to a host called “v2”, and add that as a custom domain in my Azure portal CDN blade, the subdomain begins loading the CDN endpoint and can even have a CDN-managed HTTPS cert deployed with no manual verification. A “dig” command to this host (v2.ourdomain.org) finds an expected response:

v2.[ourdomain].org. 1799	IN	CNAME	[name].azureedge.net.
[name].azureedge.net. 1800 IN	CNAME	[name].afd.azureedge.net.
[name].afd.azureedge.net. 300 IN	CNAME	afd.t-0001.t-msedge.net.
afd.t-0001.t-msedge.net. 103	IN	CNAME	t-0001.t-msedge.net.
t-0001.t-msedge.net.	25	IN	CNAME	Edge-Prod-EWR30r3.ctrl.t-0001.t-msedge.net.
Edge-Prod-EWR30r3.ctrl.t-0001.t-msedge.net. 103	IN CNAME standard.t-0001.t-msedge.net.
standard.t-0001.t-msedge.net. 103 IN	A	13.107.246.10

If I assign a CNAME host of “cdnverify.static” to “cdnverify.name.azureedge.net.” and add it as a custom domain in the portal’s CDN blade, however, this secondary subdomain never loads our endpoint, and cannot deploy an HTTPS cert. The Azure portal verified this host when added to the endpoint and a dig command to “cdnverify.static.ourdomain.org” shows this result:

;; ANSWER SECTION:
cdnverify.static.[ourdomain].org.	1799 IN	CNAME cdnverify.[name].azureedge.net.
cdnverify.[name].azureedge.net. 0 IN A	92.242.140.21

A dig command to “static.ourdomain.org” returns no answer and a ping command says “unknown host”. This is expected since I’ve not created such a record yet, and so I am wondering how we’re meant to ensure this subdomain is verified as per the “Verify the custom domain” section in the above-mentioned doc.

It’s very important for us that the cdnverify host works and can be assigned a certificate before we permanently re-locate our domains as these apps are already in production. If possible, I’d love to know what step(s) I am missing, or what can further be done to diagnose the issue.

Many thanks!

Johnny

Answer 1

Greetings,

From the above ask say, If I assign a CNAME host of “cdnverify.static” to “cdnverify.name.azureedge.net.” and add it as a custom domain in the portal’s CDN blade ---> Are you trying to use the cdn verify subdomain here in the custom domain field on the portal blade?

Regards,
Subhash

Answer 2

Hello Subhash,

Thanks for your response. As per the documentation (https://docs.microsoft.com/en-us/azure/cdn/cdn-map-content-to-custom-domain#associate-the-custom-domain-with-your-cdn-endpoint), I added the domain without the cdnverify prefix, as shown:

https://elabhome.blob.core.windows.net/images/cusdomain.png

This is how my domain list appears. Note the subdomain where I omitted the temporary cdnverify prefix is working and has a cert:
https://elabhome.blob.core.windows.net/images/domainlist.png

Please let me know if this helps. Thank you!
- Johnny

Answer 3

Greetings,

Appreciate your patience.

Both an Azure storage account and an Azure CDN endpoint allow you to specify a custom domain for accessing blob content instead of using the default domain name ( .blob.core.windows.net).To configure either service, you must create a new CNAME record with the DNS provider that is hosting you DNS records.

cdnverify is an intermediate domain which is temporary domain while mapping a domain to an Azure CDN endpoint in DNS. Whereas, asverify is for storage.

Once after your DNS records are created and verified you then associate the custom domain with your CDN endpoint or blob storage account.

So, Are you working towards adding a custom domain to access blob data in your Azure storage account, like www.contoso.com?

There are two methods you can use to set up a custom domain,

a. Create a CNAME record with your DNS provider that points from your domain (like www.contoso.com) to suvasarastore.blob.core.windows.net or suvasarastore.z19.web.core.windows.net then enter you domain below. This method is simpler, but results in a brief downtime while Azure verifies the domain registration.

b. Create a CNAME record with your DNS provider that points from the "asverify" subdomain (like asverify.www.contoso.com) to asverify.suvasarastore.blob.core.windows.net or asverify.suvasarastore.z19.web.core.windows.net. After this step completes, enter your domain below (exclude the 'asverify' subdomain). This method does not incur any downtime.

Here is a doc for your reference.

If you think your question has been answered, click "Mark as Answer" if just helped click "Vote as helpful". This can be beneficial to other community members reading this forum thread.

---

Best regards
Subhash

Answer 4

Hello,

Thank you again for your help. The documentation you're referring to is about mapping a domain to a blob endpoint, not a CDN endpoint, but I tried it anyway and still have issues.

I made a CNAME of "asverify.test" pointing to the blob url hosting my static website (asverify.[account].z13.web.core.windows.net). But when I go under Custom domain and try to add "test.[mydomain].org" and click Save, I receive the error: 

Failed to update storage account '[account]'. Error: The custom domain name could not be verified. CNAME mapping from test.[mydomain].org to any of [account].blob.core.windows.net,[account].z13.web.core.windows.net does not exist.

I waited 24 hours and again tried to add the domain; same error. Also, as per my original post, I am still unable to resolve any cdnverify subdomains to my CDN endpoint.

Thank you!

Answer 5

Just in case it helps somebody else, I was able to get clarification on this issue by posting on StackOverflow: https://stackoverflow.com/questions/60954314/unable-to-access-cdn-endpoint-via-custom-subdomain/60963330. It would seem the official docs from MS for this feature are out-of-date, incorrect, or both.