Search domain dns config and error 1003

I have a domain/service that I want to use personally as a “search domain” in my computer/network dns settings. However, when I attempt to use it, the requests are going to the ip address for the server directly instead of the web service I have setup for this domain (reachable fine when going directly to it in browser). This was happening when I had my nameserver setup for this domain on the same web server on Linode. I have since switched to using Cloudflare Nameservers. The same thing is happening and I get Cloudflare’s Error 1003 (Direct IP access not allowed).

If I switch the search domain in my dns settings to another such as wikipedia.org and then just use “en” in the browser url bar, I do get pointed to en.wikipedia.org as expected.
So, I assume I need to make some changes on my server (NGINX) or is there something else I need to know (limitation on cloudflare etc)?

Thanks for assistance.

Could you please check the value under the column “IP address” for your A record of your domain at Cloudflare dashboard?
Is it pointing to the right one?

Can you use a hostname?

Regarding Nginx, do you use some custom port?

Hello,
I have 2 A records. One is to the root domain and one is to a subdomain. Both are pointed to the same IP address as both are setup via NGINX as virtual servers. I have SSL cert generated by CF and installed on server and working… covering both domain and subdomain and just using standard port 443. Cloudflare SSL is set to full/strict and I have cache off via dev mode.

I have never used “search domain” before except in a work VPM environment. First time trying to use it on my personal computer using my personal cloud server. Maybe my understanding of how it is supposed to work is wrong or my home setup is interfering. But I just expect:

legit url:
foo.example.com/bar

search domain:
example.com

host link in browser address bar:
foo/bar

redirect to:
foo.example.com/bar

Thanks for assistance.

I think you are mixing up different tiers in the TCP/IP stack.

What is actually happening is that your browser does a DNS lookup, and gets back an IP address. The browser then sends a request to that IP address, and says “give me www”. Use your browsers dev tools to look at the request. When I configure mine as you have the request from the browser looks like this: curl 'http://www/bar' -H 'Host: www'

There is nothing in the HTTP request from the browser that tells Cloudflare which of the 60m+ hosts called www on their network you are looking for!

This is never going to work if the hostname in Cloudflare is :orange:. It will work for :grey: hostnames in your Nginx if the server happens to be set as the default_server or you list the hostname as a server_name, but only for HTTP, and not for HTTPS.

I cannot replicate what you describe for Wikipedia. I get a HTTP 400 error, provided I first bypass the certificate error page that comes up.

1 Like

Thanks for the reply.
Yeah I was just looking back into how I had used golinks in the past.
I must need to re-configure my server then. I had tried a few things in the NGINX conf earlier but I’ll adjust and figure it out.

If using Linux, try with this at your /etc/resolv.conf:

options rotate
options timeout:3
nameserver 1.1.1.1
nameserver 1.0.0.1
nameserver 2606:4700:4700::1111
nameserver 2606:4700:4700::1001
search cloudflare.com

Instead “cloudflare.com” use your own domain in that case? Or you go with a different approach/method due to an OS or app?

Hope you have added your hostname and IP address(es) at hosts file too?

Or, when using browser like FireFox, you can create your own “OpenSearchDescription” XML file, upload it to your host for your domain, call it via <link> HTML element inside <head>...</head> and when you visit your domain, there will be an option to add your domain as a “search” (just like Google, Facebook, Wikipedia, etc.)?

Or this is another thing what I am writing about …

Thank you for the feedback,

My server is linux but I am on mac os.
I could edit hosts file but I felt that would be my last recourse.
I’m more trying to understand this than get it working any way possible :slight_smile:

That Firefox feature is very interesting. Did not know about it. I am a Safari and occasional Chrome user. I should consider Firefox (been a long time).

1 Like

Here is another info page regarding golinks.

Maybe I will do a variation of:

server {
listen      80;
server_name go;
rewrite     ^ https://go.corp.example.com$request_uri?;
}

In case you want that approach, also using some keyphrasee check here (upper reply with racunalo - uses WordPress and has got the .xml file setup to anything you enter at FireFox - if set to search either just it or using a keyphrase like @racunalo would search only this site):

Wow, I am going to dive into that approach just because it is so interesting and I had not known about all that. Thanks! Still curious on the dns stuff. Guess I need to get a better understanding and took it for granted in the past.

Due to the above cite and to consider the below one:

You do redirect at your origin, but you have a sub-domain on Nginx listening only on port 80 using a Cloudflare Full/Strict? (which should not even connect to 80 - HTTP), rather than only 443 (HTTPS) at the origin.

Can you make the Nginx to listen on both 80 and 443 for your sub-domain at your host/origin?

Could be this an issue?

I disabled dns proxy to bypass.
I removed ssl certs and disabled ssl and am now testing just port 80.
I added my root domain in “search domains” list (mac os advanced dns settings)
My servers nginx server_name and rewrite rule was changed to reflect the aforementioned example.

I can now go to foo/bar in url address and get redirected to foo.example.com/bar which in my case is a custom redirect+search script.

Great! Got my own variation of a golink happening now. Just need to test with ssl turned back on preferably.

This topic was automatically closed 5 days after the last reply. New replies are no longer allowed.