Installing over DigitalOcean and Namecheap?


(M A) #1

Hey, this is my first time working with this and I tried to follow the 30min installation guide as much as I could but I am having issues with the DNS records since the website isn’t loading, they are most likely not correctly setup.

I got the following domain:
guidekeeper.com

Which points to the following NS:
ns1.digitalocean.com
ns2.digitalocean.com
ns3.digitalocean.com

I got the following domains on DigitalOcean:
guidekeeper.com
discourse.guidekeeper.com

and the following DNS records for both of the domains:

You are most likely not supposed to have 2 domains but to create correct DNS records which I am not familiar with.

Also, would it be possible to install Discourse on the main domain instead of subdomain, without messing up the email part? I feel like the guide is forcing you to install it over a subdomain or else the email part wont work and you will apparently “HAVE A BROKEN SITE!”, which is really confusing.


Discourse not coming up on DigitalOcean
(Jeff Atwood) #2

You need a DNS A record for discourse.guidekeeper.com pointing to the IP address of your server.

Nameservers are generally provided by the company that you purchased the domain name from, not Digital Ocean. So you likely want to change it using the DNS control panel at the place you purchased the domain name from.

In the event that you are using Digital Ocean’s nameservers (but why?) then you would need to change it using the DNS control panel at Digital Ocean.


(Jay Pfaffman) #3

I use Digital Ocean’s name servers for most of my sites, and my install script creates DNS records on Digital Ocean’s servers when it does an install (it doesn’t hurt anything and keeps someone else from snagging their domain). It’s convenient. And some stat I saw someone showed that they had very fast resolution times.

That said. It’s often confusing figuring out where to go to change your DNS records. Many hosting services want to be in charge of all DNS records (I think SquareSpace is among them), which means you have to go there to figure out how to update stuff.


(Jeff Atwood) #4

You shouldn’t do this – it’s far more common for DNS controls to be at the place where people originally purchased their domain name.

I suppose CloudFlare becoming more dominant has made this less common over time, but Digital Ocean ain’t exactly offering the service that CloudFlare is, either.


(Stephen) #5

I’m scratching my head on this one, moving DNS only makes sense if it gives you something extra. DigitalOcean really doesn’t.

That’s a meaningless metric. Once cached, DNS performance is down to your local instance, only expiring when the TTL demands, it and that’s really the key factor here, particularly when deploying a new instance or moving a site for the purpose of DR.

The default TTL at DO is 3600 seconds - a whole hour. You can set it to less, but most users won’t. That’s pretty horrible even compared to the likes of NameCheap (1800 seconds) and GoDaddy (600 seconds).

As Jeff mentioned, CloudFlare has disrupted the space significantly, their default TTL of 300 (5 minutes) makes a massive difference when deploying or troubleshooting DNS - it’s night and day. They offer an API too.


(Jay Pfaffman) #6

Yes. I’ve rarely recommended that folks change their name servers, but a few have anyway. Adding the records to Digital Ocean’s name servers doesn’t hurt (since nothing will be looking there) and it does keep anyone else from using Digital Ocean’s name servers for their domain.

My biggest concern is that they’ll switch to Digital Ocean and not move their other records and hose the rest of their domain.

As I’m sure you remember, I’m often confronted with people who have delegated their DNS to some third party hosting service and can’t figure out how to change anything. The worst was a company that I had to email to get them to modify the DNS manually.

I think that’s true, but I saw one article (which I won’t try to find) that indicated that the resolution times for Digital Ocean were really good.

Reducing TTL seems to be a big win only if you expect DNS to be changing often. . .


(James) #7

@M_A, I’m a newbie with this and I also registered my domain with Namecheap and hosted it on Digital Ocean. All of my DNS work was done on the Namecheap side and I haven’t had any problems since it has been set up. I’d recommend doing all this on Namecheap like the smarter people above me have said.


(Stephen) #8

You’re talking about a single record which will be orders of magnitide lower than the TTFB. There’s really no reason this should influence who hosts DNS with modern infrastructure.

I’m sorry, what? At first I wondered if you meant it doesn’t keep anyone else from using DO nameservers for their domain, but re-reading it’s not what you said…

That suggests a fundamental lack of understanding of TTL - it might be easier to think about it as caching. After an update, clients which haven’t requested it since the last TTL window server will resolve it immediately. In the case of DO and their 3600 second TTL, a DNS server which requested the record 60 seconds prior would be 59 minutes behind on the change. To users that’s ~an hour of downtime.

Compare that to the default TTL at Cloudflare, where the maximum blip due to DNS propagation is going to be five whole minutes.

It’s not a question of changing DNS frequently, it’s about adding a huge unnecessary delay that impacts service. You’ll encounter it in any migration whether they’re planned or otherwise.

On the note of Cloudflare I did compare their DNS performance to DO briefly and consult DNSPerf, they’re a good third quicker in most cases- but as I said it’s a meaningless metric.


(Jay Pfaffman) #9

Digital Ocean allows only one account to be in control of a given domain. If you own a domain, creating a record keeps anyone else from trying to create records for your domain. I doubt that hijacking a domain by creating records in Digital Ocean and then re-directing the registrar to use DO’s name servers is a thing, but if it were, this would help.

Right, but if you’re not going to change the address for years, there’s no advantage of having a TTL of 60 seconds. And it makes things slower for the user every time the TTL expires. Of course, if you have an unplanned need for a migration then, yeah a shorter TTL is what you want. And only if you have a short TTL does the speed of Digital Ocean or CloudFlare make any difference. For the bulk of my customers, if there is need for an unplanned migration, the TTL of their domain is very likely the very least of their worries.


(Stephen) #10

Wow, so you did mean that. No, that’s not even a remote possibility. The NS records for the domain in question would have to point at DO before their nameservers would respond to requests for your domain. There’s no means to hijack a domain in this way.

In the case of Cloudflare it’s an 8 millisecond request every five minutes, in the case of DO it’s ~14 milliseconds every 60 minutes. I’m impressed if you’re saying you can tell the difference.

None of the above is a case to move from the likes of registrars such as GoDaddy or Namecheap over to DO. From what you’ve admitted the decision appears to have been led by a fundamental misunderstanding of DNS.

In the above comparisons we didn’t touch on the other differentiators that CloudFlare offers, features such as inbound rules, apps and their reverse proxy.

I do hope you revisit this because you’re doing your customers a great disservice even suggesting migrating DNS to DO. As you’ve already mentioned there’s the risk that they may move a domain without preserving records (unlike cloudflare they don’t appear to grab DNS records prior to transfer), there’s zero meaningful performance benefit, and a much greater chance of downtime during any migration.


(Jeff Atwood) #11

Migrating DNS to digital ocean is a bad idea, full stop @pfaffman.


(Jay Pfaffman) #12

So noted. I’ve not encouraged anyone to switch, but it’s worked well for me for a couple years.