How surge.sh handle custom domain permission ?

github logo ・1 min read

Today I deployed a static page to a custom domain using http://surge.sh . It works like a charm, but I feel something strange, so I read the guide to add custom domain again and again.

Oh, until now my dumb brain just can't figure out how surge.sh know that the domain is belong to my account! To make sure, I check the guide of Zeit Now, they do have ways to verify by random nameservers or verification code in TXT record.

What magic help surge.sh do that ?

P/S: this comment better clarify my question:

Thanks for your very detail explaination!

But the guide of surge.sh is a static site and it gives the same DNS configuration for everybody! I can complete the DNS configuration without ever logging into surge.sh . All the same:

sub.mydomain.com   3600   IN   CNAME   na-west1.surge.sh

In your case arte-docs.netlify.com is specific to you. Your account obtained that subdomain before.

In my case there's nothing specific to my account. So anyone with an account could literally deploy to my domain like this:

surge . sub.mydomain.com

Disclaimer: I didn't check by another account, just curious!

twitter logo DISCUSS (4)
markdown guide
 

Did you set up a CNAME/ALIAS/A record towards a domain surge gave you?

If so, they made a DNS query to see if the custom domain you set correctly points to their own server.

If you set up your custom domain to point towards the one they gave you in the configuration, they assume it's yours and validate the configuration.

If you want to manually check, tools like drill, or its older alternative dig, can be used to check DNS records of a certain subdomain/domain.

Example:

╰─$ drill artemix.org
;; ->>HEADER<<- opcode: QUERY, rcode: NOERROR, id: 44524
;; flags: qr rd ra ; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;; artemix.org. IN      A

;; ANSWER SECTION:
artemix.org.    3600    IN      A       104.198.14.52

;; AUTHORITY SECTION:

;; ADDITIONAL SECTION:

;; Query time: 94 msec
;; SERVER: 10.0.10.1
;; WHEN: Fri Jul 12 22:02:45 2019
;; MSG SIZE  rcvd: 45
  • The QUESTION SECTION shows the DNS query I made, specifically Give me the A (IPv4) to which artemix.org is pointing.
  • The ANSWER SECTION shows the answer, with domain ttl IN type value, here the value being 104.198.14.52.
  • Below Query time, we can see the SERVER entry, which is the DNS server I'm querying. If you're using Cloudflare's DNS servers, it'll be 1.1.1.1 or 1.0.0.1.
  • In the ANSWER SECTION, I said that 3600 was the "ttl". The "TTL" is the Time-To-Live, which is the duration during which this record is considered valid. It's an expiration time for DNS caches, basically. When you update your DNS zone, propagation time means "the time needed for every DNS server until expiration, so they can get the new value instead of the old, cached, value.

As an additional note, you may notice that every time the target domain was mentioned in the output of drill, it ended with a ..
Odd, huh, as my domain name is artemix.org and not artemix.org..

Well, in fact, it's like the difference between an absolute and a relative path, except it starts from the right.

The . indicates that there is nothing after it, the domain name is displayed in full.

For example, artemix may have a suffix, like .org, .I.love.cats, or anything else DNS-valid.

But artemix. is the full domain name up to its root (remember, the root is on the right, .com is a top-level domain!).

Another note:

You can see that, here, the ANSWER was dead-simple, with just one entry.

In some cases, like CNAME records (which are used to point to another domain and not IP), you'll have multiple rows, basically the DNS query tool will, for every answer pointing to some other DNS, query this new DNS until it gets a final value.

As an example, and I think you won't have trouble reading it now.

╰─$ drill docs.artemix.org

[...]

docs.artemix.org.       3600    IN      CNAME   arte-docs.netlify.com.
arte-docs.netlify.com.  20      IN      A       167.99.137.12

docs.artemix.org points towards arte-docs.netlify.com, which, itself, points towards 167.99.137.12.

 

Thanks for your very detail explaination!

But the guide of surge.sh is a static site and it gives the same DNS configuration for everybody! I can complete the DNS configuration without ever logging into surge.sh . All the same:

sub.mydomain.com   3600   IN   CNAME   na-west1.surge.sh

In your case arte-docs.netlify.com is specific to you. Your account obtained that subdomain before.

In my case there's nothing specific to my account. So anyone with an account could literally deploy to my domain like this:

surge . sub.mydomain.com
 

Netlify allows to point to their IP (which is done on artemix.org.), which is also pooled (the same for a lot of websites).

Doesn't surge require some form of authentication?

No, I can't find any. Look like domains pointed to surge.sh have internal write access by anyone with an account when it should be private write access by only me (at least in first time deploy).

Classic DEV Post from Jun 27

Jack Of All Trades or Master of One?

That age old question: how many pies should one have a thumb in?

Khoa Che profile image
A hacker by definition of the Jargon File | Be able to develop websites, desktop GUIs, libraries that he can imagine.

Do you prefer sans serif over serif?

You can change your font preferences in the "misc" section of your settings. ❤️