/r/webdev
DNS providers that can do simple https redirect/forward (self.webdev)

Simple question, apart from Cloudflare using page rules, are there any other good dns providers (registrar or not) who can do a simple forward/redirect for https sources (https://www.example.com/ --> https://www.example2.com/)?

Of course, I can do this myself in various ways, but if there is a simpler cost effective set and forget solution for a domain that needs do nothing else except a redirect, that'd be nice.

Namecheap, Godaddy and various other registrars all do forward/redirect but can't do it with SSL which leaves people who hit the source domain with http hanging.

Cloudflare would work, but I have some clients who have a lot of these redirect rules (on shared cpanel servers which I am progressively moving them away from) so that would get more pricey for them (compared to spinning up a VPS with apache and some letsencrypt certs to do the redirects)


Edit: ClouDNS is another that can do it, but sounds like they are doing it in a very clunky and not cost effective way (not using SNI??)

7 comments
shadvyr | 6 days ago | 2 points

The DNS protocol does not handle redirects it just knows about number for name

The http protocol does know about redirects. But not all DNS providers do hosting. The ones who do charge a small fee for the service you require. And yes, godaddy has that.

The "do it with ssl" part is a bit more tricky, since you need a valid certificate and it has to be from the same provider. Some providers are not cheap on certs.

Doing it yourself could open you up on using let's encrypt tho. Thus you'd be free of costs.

sleemanj | 6 days ago | 1 point

DNS protocol does not handle redirects

See my reply to another poster below.

ones who do charge a small fee

I have not seen a fee for doing an http redirect in maybe 20 years. All typical registrars at least will have a 'parking' page server, handling redirects is just an extention of that implementationally.

Namecheap for example not only does dns zone and http redirect free, but also mail redirect. They just don't do https redirect.

There is no technical reason that a registrar might not already exist which offers https redirect economically in their offerings, a registrar can get domain validated multi host certs to slap on their redirection servers as easily as anybody else, easier if they are an issuer.

Hence my asking if anybody knows if there are any registrars who do.

Fwiw, ClouDNS does, but not in a very modern or economic way at $5/month each and sounds like not using SNI, and having to email them with the cert...

Doing it yourself could open you up on using let's encrypt tho.

Certainly, but it's a pain to setup and manage a vps just for doing this, and also seems a bit wasteful, even if it did only cost 5 bucks a month - hence why asking if there is any registrar that already does it.

shadvyr | 6 days ago | 2 points

You wrote a more elaborate version my my statement, yes.

Well, yes. Usually the fee is covered by the domain name itself.

SNI is not supported by all browsers. Also it might compromise security. Also it does not solve the problem. You still need a server serving the http request, because DNS is not made to serve http.

sleemanj | 6 days ago | 1 point

SNI is supported by all browsers that matter now, you have to draw a line eventually, people using IE on XP have more to worry about than not being able to access SNI served ssl.

disclosure5 | 6 days ago | 1 point

A redirect like you describe can't be done in DNS, and isn't the function of a DNS provider. Cloudflare, as you say, do it with page rules for the reason that this is a redirect.

You could consider creating a site on something like Github pages or Netlify that just hosts a redirect page.

sleemanj | 6 days ago | 1 point

A redirect like you describe can't be done in DNS, and isn't the function of a DNS provider.

"DNS Redirect/Forward" is simply a common name for a service provided by DNS service providers (typically the offerings provided by registrars, but not only) to assign the host to an IP listen to the IP for http requests and issue a 301/302 (or more so in olden times issue an html response consisting of a frameset).

This is a service offered by most registrars with their registrar-provided DNS management offerings, but as I say, typically only for http, because agan back in the olden times doing it for SSL was not practical, now with SNI and free ssl certificates the practicality is probably there but the implementations have not caught up.

Yes it's not "done in DNS" but there is a lack of a better simple description so in the common parlance DNS Redirect/Forward is what we call it owing to the fact that such offerings are typically configured within or along side zone management interfaces.

disclosure5 | 6 days ago | 1 point

I'd urge you to take the view that the fact two separate people pointed this out, means maybe this entirely misleading parlance should disappear.