SaaS Custom Hostnames for A Records

This week, we’ve rolled out some exciting updates to the Qloaked service, including SaaS custom hostnames support for naked (A) records and a faster provisioning experience… Read on to find out more.

Since launching Qloaked to provide secure vanity URL services two years ago, one of the most common requests from prospective and current SaaS customers has been “do you support naked domains?”

What’s a naked domain?

Naked domains aren’t as exciting as they sound, but they are an important part of the internet. Also known as apex or (A) record domains, they’re essentially the unmodified URL, and normally the address that’s looked up if the user doesn’t type ‘www’ or ‘blog’ or whatever other value you might have put before your domain.

As an example: < The ‘naked’ apex or ‘A’ record domain < the most commonly-used subdomain

Now, most browsers are smart enough to automatically append a www to an apex domain if it’s entered without one, but there are an increasing number of people who don’t want to set up their sites with a ‘www’ – this is 2020, dammit!

Technical aside: For various reasons, if you run a SaaS app and want to support custom hostnames (vanity domains) which are A records instead of a subdomain CNAME record, it’s a tricky job – a lot of services just don’t support it. This is normally because A records require an IP address rather than a text based address (which can be easily redirected elsewhere). Since IP addresses are static on the internet, this causes problems with a lot of global infrastructure, since most hosts are virtual and are constantly and undetectably moving app servers from one physical server box to another.

However, with some smart engineering, Qloaked can now offer SaaS companies the ability to create custom hostnames based on naked/apex/A records, as well as the more traditional CNAME domains! Your customers will be able to point either type of domain at Qloaked and be instantly routed to a secure version, with zero fuss.

We’ve already seen a huge amount of interest in this service, since being able to allow users to map apex domains to app servers securely isn’t commonplace online.

As with traditional subdomains, setting up a naked domain with Qloaked requires zero configuration on your side – no messing around with host names or SSL certificates. As soon as Qloaked recognises that there’s insecure traffic from a custom hostname being pointed at your Qloaked end-point, it will secure the connection, with no manual action required. For your customers, it’s a completely seamless process – no support tickets in sight!

How can I get started with A record SaaS custom hostnames?

To make it work, there are some slightly different setup steps you’ll need to go through (getting a Qloaked account is step number one, obviously!).

As we discussed earlier, SaaS custom hostnames using apex domains require an IP address, and when setting up an apex domain you’ll want to point it domain at our Anycast IP address, which can smartly route traffic to the closest Qloaked global node to the visitor’s location.

Technical Aside 2: Using our Anycast IP provides significant structural advantages over a static server IP – it cuts waiting time for the user measurably, since we’re redirecting traffic to the fastest server depending on the location of the requesting user (e.g. if you’re in Europe, your request will be served from our cluster in Belgium, but if you’re in North America, you’ll be served from our cluster in Virginia, United States).

You’ll find the IP address to point to in our help documentation here:

The next step is to add a DNS TXT record to the apex domain too – when it detects traffic coming from an Apex domain, Qloaked will immediately check for this text record to identify which Qloaked client the inbound traffic should be mapped to (and hence, where the traffic should be routed to once secured).

This two-step process is a little more work than mapping a regular subdomain via CNAME, but it’s a hugely powerful enhancement – allowing the same zero-server-config setup for SaaS companies and other business who need to offer secure custom hostnames/vanity domains to their clients.

Faster and Faster….

The second huge enhancement we’ve shipped in the last week provides your clients with connection security faster than ever.

Provisioning speed is important – customers get frustrated if they’re waiting around for an SSL connection to be secured, and they’re more likely to raise support tickets or churn if they feel that something is taking too long. Since fiddling with DNS config also feels deeply technical to most users, uncertainty in this phase of a customer’s onboarding needs to be avoided as much as possible!

Our previous setup was already faster than most solutions on the market (and crucially, didn’t require API calls such as the SSL for SaaS solution provided by Cloudflare). However, it could still take a minute or two for the certificate to be created, issued, checked and applied.

As of our infrastructure today, newly-detected insecure custom hostname domains passing into Qloaked are provisioned in under five seconds, a transformative move for the many SaaS companies who provision custom hostnames using our service.

After your users have completed their DNS configuration to point their domains at Qloaked, we’ll now be able to have them secured in a timeframe which they’re unlikely to notice – the first they see will be that they’re accessing your app over a secured connection, generated in seconds.

We’re really proud of these enhancements to the Qloaked service – and the feedback we’ve had from our customers around the world is that Qloaked is playing a huge part in simplifying their infrastructure and improving their customer experience. Thank you for your feedback, and please keep it coming!

If you haven’t tried Qloaked for your SSL provisioning requirements yet, why not give it a shot? Find out more here.

Comments are closed.