Azure front door custom domain downtime

Question

In the azure tutorial for setting up a custom domain for the azure front door , few areas got me confused

1. A brief period of downtime for the domain can occur.
2. A custom domain and its sub-domain can be associated with only a single Front Door at a time.
3. The custom domain also must have routing rule with a default path ('/*') associated with it

We have a production site running that has multiple subdomains. I need to map one subdomain with one front door. For example, we have https://web.contoso.com , https://api.contoso.com , https://admin.constoso.com . We have created a frontend for APIs services. https://busymonk.azurefd.net .

Now we need to CNAME only api.contoso.com with busymonk.azurefd.net. Is the said domain downtime going to occur for the main domain and other subdomains?

How I should add the routing for the custom domain. Even this example got me confused. Do I need to add routing between custom domain and my backend pool, or do I need to make a backend pool of https://busymonk.azurefd.net and then add routing between api.contoso.com to busymonk.azurefd.net?

Answer 1

When you need only api.contoso.com with your CDN endpoint, only the subdomain api.contoso.com may have downtime.

To avoid interruption of web traffic, you could first map the temporary afdverify sub-domain . With this method, users can access your domain without interruption while the DNS mapping occurs.

Source                      Type    Destination
afdverify.api.contoso.com   CNAME   afdverify.busymonk.azurefd.net

If you have verified that the afdverify subdomain has been successfully mapped to your Front Door. Then you could map the permanent custom domain . After this, you could delete the temporary afdverify subdomain CNAME record.

Once you add the custom domain for api.contoso.com with the front door. It's up to you. You only need to make sure there is a path from the frontend hosts to the backend pools via valid routing rules.

For example, to make the custom domain api.contoso.com work, you need to add a new routing rule or change existing routing rule to point to the domain api.contoso.com as the frontend hosts with a default path /* associated with it and select the existing the backend pool of your backend web app host like app service xxx.azurewebsites.net .

Hope this could help you.

Answer 2

Be aware that if you use the afdverify approach and enable HTTPS using an AFD managed certificate, you'll be waiting an excessive amount of time for Digicert to validate the domain for certificate provisioning (24+ hours). It appears to be a manual process on their end, and if your domain's WHOIS registrant email is not displayed b/c it's private, then you'll need to receive email at X@customdomain where X = admin, administrator, hostmaster, postmaster, or webmaster. You'll be better off opening a ticket with Microsoft support over it, they'll work directly with Digicert to get your certificate provisioned.