DEV Community

loading...
Cover image for What Wait Why: Heroku Doesn’t Want You to be Naked

What Wait Why: Heroku Doesn’t Want You to be Naked

Evan
I'm a generalist software engineer
・4 min read

www. is a subdomain. It took me forever to realize that.

When reddit switched to their new UX, they created an old.reddit.com that you could use to go back if you really wanted a sane usable experience the crusty old thing.

For the longest time, I thought it was broken. I’d go up to my address bar and in between the www and the reddit.com, I’d put .old so you’d wind up with:

https://www.old.reddit.com
Enter fullscreen mode Exit fullscreen mode

That would cause my browser to panic and hit me with an SSL error:

ssl error

My mental picture of www was not as a subdomain like old. or blog., but as “part of that junk in the beginning.”

Every site has www right? It's just like https:// or whatnot right?

Some Sites are Naked 😱

If a domain doesn't have a subdomain (ex: dev.to) we say it's a naked domain.

A lot of sites choose to live in their birthday suit for the same reason that I couldn't figure out how to go to better old Reddit: www is weird.

Most users don't understand how www works or why it's there. Browsers autocomplete and even hide the www nowadays. Many sites that use www will redirect their naked domains to their www version anywhoo, so most folks forget it exists.

From the perspective of the user, www feels like some Web 1.0 jazz, complete with fire gifs and hit counters.

web1.0

We need more than just "A" record

If you've read my last post, you know that domains are managed with Resource Records.

When we're setting up a site, there's two common ones that we could choose to use: A records and CNAME records.

With an A record, we specify a hard-coded IP for the "Apex" or root of domain. For example, dev.to (as of this writing) has the A records that look like this:

dev.to.         299 IN  A   151.101.2.217
dev.to.         299 IN  A   151.101.194.217
dev.to.         299 IN  A   151.101.66.217
dev.to.         299 IN  A   151.101.130.217
Enter fullscreen mode Exit fullscreen mode

Big Sites need Big Clusters

Behind the scenes of your favorite cat-picture-providing websites, a miracle is happening. A rotating centrifuge of computers is picking up your interweb searches. Computers blink in and out of existence for pennies on the dollar. Beeps boop. The world spins.

Most "big" sites run on multiple computers that operate independently of each other. If a site suddenly gets a tremendous amount of traffic all at once (like Segment does during Cricket games), new computers get spun up automatically to handle the load.

Those computers need their own IP addresses so we can start sharing traffic. Many managed cloud providers like Heroku, will do this all for you.

You give them the code, they monitor your traffic and then 3D print a preconnected macbook with a Heroku sticker to handle your spikes. Or something like that; I dunno, I'm not an expert.

A Becomes Cname

You can add a whole bunch of A records to your domain to support a bunch of different servers but ultimately, an A record cannot support dynamic ips.

You can't just add a new IP and expect it to work. DNS can take up to 24 hours to fully propagate!

By the time your site can tell the world about your new machines, your spike is over.

Instead, what we could do is use a CNAME record here. CNAMEs are special because they don't need to point to an IP address, they can point to another domain:

app.segment.com.    252 IN  CNAME   segment.com.
Enter fullscreen mode Exit fullscreen mode

That lets us shove the problem of new IPs onto our host provider (like Heroku). In fact, this is exactly what Heroku tells you to do in its docs.

CNAME is a prude

According to the DNS spec, you can't use a CNAME on a naked domain.

So we're gonna need to bust out our ✨subdomains.✨ What's the most common subdomain for this problem?

www yaaaa

Woah, woah, woah, but DEV is naked

I know, it's terrifying. It's probably not that big of a concern though. Dev is mainly shipping static content and it's doing it over a CDN.

That 151.101.x.x ips we saw before? Those are Fastly IPs. If I had to guess, each of the four IPs are Anycast IPs. This is a bit of a workaround some CDN services like Fastly offer, but according to the Fastly docs, it's more expensive and less performant than just using a CNAME for www.

So wait, should dev change?

Probably not. There's likely a whole host of issues that could be caused by changing the domain at this point. Plus, Dev probably should be concerned about url usability.

Computers get faster over time, but usability, usability never changes.

But when you're setting up your site, you should carefully consider the www. It may lead to headaches in the future.

Discussion (11)

Collapse
nickjj profile image
Nick Janetakis

If you really want to have your mind blown, your domain name is actually a sub-domain that you purchase from a TLD such as com or org.

Domains are read from right to left.

Collapse
alexjackhughes_34 profile image
Alexander Hughes

You've literally broken the internet for me.

Collapse
enzzc profile image
Enzo Calamia

Sure, but the real question is to know if the domain (or "subdomain") has its own SOA record or not.

Collapse
prnthh profile image
Pranith Hengavalli • Edited

Another awesome feature of DNS is the ability to specify a wildcard (*) as the subdomain.

I use this configured with nginx running as a reverse proxy on my server, so it can direct a request depending on the subdomain the request was sent to. This allows me to dynamically generate new subdomains and I don't have to constantly update the domain records.

For example:
xyz.dragdrop.site goes to files served from the /var/www/static/xyz folder
abc.dragdrop.site goes to files served from the /var/www/static/abc folder
dragdrop.site goes to the NodeJS app running on port 8080
but all of these are guided by the same wildcard CNAME rule.

It's useful to have sites on separate subdomains because they have their own root address space for file references.

Collapse
krushndayshmookh profile image
Krushn Dayshmookh

Can you please point me to resource on how to do it?

Collapse
flaque profile image
Evan Author

That is wicked cool.

Collapse
jpluscplusm profile image
JCM • Edited

This problem is one which, as someone more on the sysadmin side than dev, I've known about for a while - and it always annoyed me I had to solve it for each new vanity project/domain I bought!

So .. I solved it for myself with a redirect-as-a-service, and you can use it too :-)

Tadaaaaaa: wwwubalizer.com

This is a service which has a static IP at which you can point an A record at your domain apex, and get an HTTP redirect to your www subdomain.

Please read the site's (1 page!) docs before using it, as you'll be giving my service the ability to retrieve a TLS cert (from Lets Encrypt) for your domain apex. (If you don't want that to happen, don't use the service! )

Collapse
alberts profile image
Albert Strasheim

Nice writeup. You might also enjoy this cool little feature that Cloudflare built many years ago: blog.cloudflare.com/introducing-cn...

Collapse
flaque profile image
Evan Author

That is super super cool!

Collapse
maestromac profile image
Mac Siri

What a great post and love those images!