Naked and www custom domains with Google App Engine

183 views
Skip to first unread message

Richard Cheesmar

unread,
Aug 29, 2015, 3:01:54 AM8/29/15
to Google App Engine

I have added two custom domains to Google Developers Console for a Google App Project.


One, a naked domain with A and AAA records set on the third party DNS manager as specified by Google. Two, a www domain with a Cname record set on the third party DNS manager, as specified by Google.


The www is serving, but the naked domain is not! The A records ip addresses timeout on my local machine but I get results when using http://tools.pingdom.com/ping/

Obviously you can use more than one custom domain but is there something I'm missing here?

Richard Cheesmar

unread,
Aug 29, 2015, 5:17:35 AM8/29/15
to Google App Engine
Ok, seems that it is available everywhere except Turkey, got to look into this

Richard Cheesmar

unread,
Aug 30, 2015, 6:06:46 AM8/30/15
to Google App Engine
Ok, what is apparent is that the following set of ip addresses are being blocked in Turkey:

216.239.36.21
216.239.32.21
216.239.38.21
216.239.34.21

Therefore, no naked custom domains with A records and these addresses are going to work in Turkey

What is the solution: Signing Up to Google Apps and a work account so that I can redirect via the google admin console or do Google have another set of ip addresses for app engine projects that are not likely blocked?

Anyone got any alternatives?



On Saturday, August 29, 2015 at 10:01:54 AM UTC+3, Richard Cheesmar wrote:

Nickolas Daskalou

unread,
Aug 30, 2015, 6:40:15 AM8/30/15
to Google App Engine

Why don't you try using CloudFlare's page rules to redirect all naked domain traffic to the www version?

--
You received this message because you are subscribed to the Google Groups "Google App Engine" group.
To unsubscribe from this group and stop receiving emails from it, send an email to google-appengi...@googlegroups.com.
To post to this group, send email to google-a...@googlegroups.com.
Visit this group at http://groups.google.com/group/google-appengine.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-appengine/25439cf0-06b7-434c-9ad0-23ff152f5423%40googlegroups.com.
For more options, visit https://groups.google.com/d/optout.
Message has been deleted

Nick (Cloud Platform Support)

unread,
Aug 31, 2015, 6:51:02 PM8/31/15
to Google App Engine
Hi Richard,

If you run a whois lookup on those addresses, you'll see they belong to Google. I'm not a lawyer and not an expert on international relations, but it's possible there is a block as you say. This might be caused from within your local network, a proxy or bridge used by an ISP, etc. Could you try to run a traceroute or mtr from your location to see exactly what happens to your packets?

These are my first thoughts on debugging your connection problem.

Best wishes,

Nick

Richard Cheesmar

unread,
Sep 1, 2015, 3:16:54 AM9/1/15
to google-a...@googlegroups.com
Hi, Nick,

Although, I cannot be positive without access to relevant servers, I'm afraid it is a block. I think that your Public DNS servers along with others like OpendDNS  are spoofed by Turk Telecom servers pretending to be yours. Not only that, I think they have put in place IP blacklists on certain blocks of IPs for Google and others, so it doesn't matter if you do not use their DNS IPs. This has been going on sometime.

I have used a Cname record for the www domain and that works just fine, however, the naked domain is on a A name record and this originally had you gae ip addresses in, 4 records in all. I then forwarded naked to www, but it didn't work. I then deleted the A name records and replaced with a non google ip address provided by whois.com. Still doesn't work inside Turkey so I am thinking that maybe they have noted the naked domain and prevent that, but maybe that is me beign paranoid. Either way it works fine outside Turkey, just not inside.

I have performed a traceroute for this and it hops 9 steps to a turktelecom.com server in Ankara and then becomes anonymous. However, if you run a traceroute from an online source it actually gets to the destination. Pining simply return request timeouts here, however, the whois.com support sent me screen shots of it pining successfully for them.

However, interestingly it won't ping from here: http://tools.pingdom.com/ping/?target=emlakair.com&o=2&save=true , not for me anyway, but you can see the forwarding working and perform a traceroute.

The www domain on the Cname record works fine and that is pointing to ghs.googlehosted.com. In the beginning I had the naked domain working within a Cname record also, but had to remove it as it was conflciting with the MX records for the mail server who rely on the naked domain to serve me mail. Cname record is taking priority so the MX records were not fired up.

Anyway, I'm not sure what more I can do about this at the moment. I'm still in Beta so will try to sort out before launching...properly
 

--
You received this message because you are subscribed to a topic in the Google Groups "Google App Engine" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/google-appengine/Me7Svp7kE88/unsubscribe.
To unsubscribe from this group and all its topics, send an email to google-appengi...@googlegroups.com.

To post to this group, send email to google-a...@googlegroups.com.
Visit this group at http://groups.google.com/group/google-appengine.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-appengine/5b54d03d-cdf8-4056-a409-19f26b91f168%40googlegroups.com.

Richard Cheesmar

unread,
Sep 1, 2015, 3:18:20 AM9/1/15
to google-a...@googlegroups.com
Excuse the typos1

Richard Cheesmar

unread,
Sep 1, 2015, 3:23:02 AM9/1/15
to google-a...@googlegroups.com
Forgot to mention, the naked domain doesn't work on a phone under 3g either

Nick (Cloud Platform Support)

unread,
Sep 4, 2015, 4:56:57 PM9/4/15
to Google App Engine
Hey Richard,

Thanks for the detailed report of your network. I'm currently re-reading your post to see if I have anything else to recommend. Not being a lawyer, I can't comment on the legal implications of, for example, using a VPS or virtual IP to circumvent bad routing or blockages. Let me know if you have any specific questions I might be able to help answer.

Regards,

Nick
Excuse the typos1

To unsubscribe from this group and all its topics, send an email to google-appengine+unsubscribe@googlegroups.com.
To post to this group, send email to google-appengine@googlegroups.com.

Richard Cheesmar

unread,
Sep 5, 2015, 3:08:56 AM9/5/15
to google-a...@googlegroups.com
Hi, Nick,

The point is access for the public. People are not going to use VPS etc for access to a real estate website. As I said previously outside of Turkey you can access both naked and www domains, but inside just the www. This isn't a real game changer, it's just a nuisance. I personally hate the www prefix. Anyway, I'm not focusing on this at the moment, bugs to fix...will take another look before properly launching.

By the way any news on the SSL in the developers console yet? It's September already...

Regards

Richard

Regards,

Nick
Excuse the typos1

To unsubscribe from this group and all its topics, send an email to google-appengi...@googlegroups.com.
To post to this group, send email to google-a...@googlegroups.com.

--
You received this message because you are subscribed to a topic in the Google Groups "Google App Engine" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/google-appengine/Me7Svp7kE88/unsubscribe.
To unsubscribe from this group and all its topics, send an email to google-appengi...@googlegroups.com.
To post to this group, send email to google-a...@googlegroups.com.
To view this discussion on the web visit https://groups.google.com/d/msgid/google-appengine/d357e888-e948-4481-91f0-710605bf838d%40googlegroups.com.

Nick (Cloud Platform Support)

unread,
Sep 8, 2015, 7:36:37 PM9/8/15
to Google App Engine
Hey Richard,

I fully understand why it's not preferable to have to set up a proxy, but such is the necessity of living within a network with malicious mis-routing. At any rate, that's what I've read elsewhere on the net is what someone might do if faced with the situation of such actually occurring. Anything you implement would be up to you. I wish you the best of luck, overall.

As to Custom Domain SSL in the Developers Console, I think there's another thread on the front page of the group right now which address this issue, so it would be best to check there.

Thanks for your reply,

Nick
Regards,

Nick
Excuse the typos1

To unsubscribe from this group and all its topics, send an email to google-appengine+unsubscribe@googlegroups.com.
To post to this group, send email to google-appengine@googlegroups.com.

--
You received this message because you are subscribed to a topic in the Google Groups "Google App Engine" group.
To unsubscribe from this topic, visit https://groups.google.com/d/topic/google-appengine/Me7Svp7kE88/unsubscribe.
To unsubscribe from this group and all its topics, send an email to google-appengine+unsubscribe@googlegroups.com.
To post to this group, send email to google-appengine@googlegroups.com.
Reply all
Reply to author
Forward
0 new messages