Marfeel Docs

# How to validate the DNS Registration of Marfeel IP Addresses

The registration is different for APEX and non-APEX domains.

# Apex domains

Websites that use their APEX domain (no www.) must configure their DNS records with 4 A records pointing to 4 different Fastly IP addresses.

You can check this from anywhere in the console with the dig command, filtering for A records:

 












 
 
 
 






$ dig -t A example.com
; <<>> DiG 9.10.6 <<>> example.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 2886
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;example.com.			IN	A

;; ANSWER SECTION:
example.com.		150	IN	A	151.101.194.207
example.com.		150	IN	A	151.101.2.207
example.com.		150	IN	A	151.101.66.207
example.com.		150	IN	A	151.101.130.207

;; Query time: 9 msec
;; SERVER: 212.231.6.7#53(212.231.6.7)
;; WHEN: Mon May 04 17:10:58 CEST 2020
;; MSG SIZE  rcvd: 103

If the 4 A records are not present, the tenant must add them to go forward with MarfeelCDN activation.

# Non Apex domains

The DNS configuration of non Apex domains (with www.) must contain a CNAME record, pointing to the Marfeel ssl domain.

From anywhere in the console, use the dig command to see the configuration. This is the expected result:

 












 
 
 






$ dig www.example.com
; <<>> DiG 9.10.6 <<>> www.example.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 24026
;; flags: qr rd ra; QUERY: 1, ANSWER: 3, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;www.example.com.	IN	A

;; ANSWER SECTION:
www.example.com. 300	IN	CNAME	ssl.marfeelcdn.com.
ssl.marfeelcdn.com.	27541	IN	CNAME	marfeel.map.fastly.net.
marfeel.map.fastly.net.	654	IN	A	151.101.134.207

;; Query time: 45 msec
;; SERVER: 212.231.6.7#53(212.231.6.7)
;; WHEN: Thu May 07 14:19:33 CEST 2020
;; MSG SIZE  rcvd: 134

If the CNAME record is not present, the tenant must add it to go forward with MarfeelCDN activation.

# Apex AND Non Apex

Tenants that use both Apex and Non-Apex domains handle the redirection between the domains themselves since there can be only one origin.

This redirection can cause the MarfeelCDN activation wizard to fail during the Pre-flight Check.

Ask the tenant to follow both the instructions for Non Apex and Apex for Marfeel to handle the redirection.

Use the curl command with the -I option in both apex and non-apex domains to validate the configuration is correct.

curl -I https://example.com
curl -I https://wwww.example.com
See this example of correct non-apex configuration:

```bash{1,14-17}
$ curl -I https://example.com
HTTP/1.1 301 Moved Permanently
; Server: Varnish
;; Retry-After: 0
;; Location: https://www.example.com/
;; Content-Length: 0
;; Accept-Ranges: bytes
;; Date: Mon, 15 Jun 2020 16:30:52 GMT
;; Via: 1.1 varnish
;; Connection: close

curl -I https://www.example.com
HTTP/1.1 200 OK
; Connection: keep-alive
;; Content-Length: 33131
;; Server: Apache
;; X-Powered-By: PHP/7.1.28
;; Expires: Thu, 19 Nov 1981 08:52:00 GMT
;; Cache-Control: no-store, no-cache, must-revalidate, max-age=0, no-cache, s-maxage=10
;; Pragma: no-cache

Notice the apex domain responded with a 301 redirection to the non-apex, and the non-apex domain responded with a 200 OK message.

On an apex configuration, the non-apex domain response is a 301 redirection code, whereas the apex response is a 200 OK.