On Fri, Jul 6, 2012 at 10:14 AM, johnP <j...@thinkwave.com> wrote: > We are using a CName aliased to ghs.google.com
just to be clear, ghs.google.com is not the VIP CNAME - it is the shared CNAME which only supports SNI. VIP CNAMEs are of the form: ghs-svc-https-cXXXX.ghs-ssl.googlehosted.com. the two services have different network architectures. > The expiration time on the record is 15 minutes. > > The naked-domain was an error introduced in my wording of the question. The > user (from two locations, from school and from home, in West Virginia) is > properly using the www subdomain in the request. In any case, we forward the > naked domains at a DNS level. > > We initiated SSL on Monday night/Tuesday morning. There was a flurry of > users from that same area in West Virginia having this issue. We have no > reports of other users having the issue. So I was thinking there might be > an ISP that has not refreshed the DNS cache. Is it possible that your users are using web browsers which do not support SNI? (for example MSIE on Windows XP). If you're paying for a VIP, you will have better compatibility if you use your personal ghs-svc-https-cXXXX.ghs-ssl.googlehosted.com CNAME shown in the CPanel. --Iain > johnP > > > > On Thursday, July 5, 2012 4:58:42 PM UTC-7, Cayden Meyer wrote: >> >> Hi John, >> >> >> On 6 July 2012 05:33, johnP <j...@thinkwave.com> wrote: >>> >>> Question: >>> >>> a. Am I correct in understanding that httpS://foo.com will always >>> resolve to one IP Address? >> >> >> When you have a VIP it will often resolve to the one IP Address however at >> this point we do not guarantee the IP address will remain unchanged. As such >> we strongly recommend using the CNAME we provide. >> >> I would recommend using the naked domain redirection provide by Google >> Apps if you wish to use naked domains. >> >>> >>> b. Does that mean that http://foo.com will also resolve to that same IP >>> Address? >> >> >> Both HTTPS and HTTP will resolve to the same DNS record, in short yes. >> >>> >>> c. Is it possible that customers may have IP_orig DNS cached, and the >>> cache has not updated recently (due to power outages on the East Coast, for >>> example), so httpS is trying to resolve to the old IP and failing? >> >> >> Our infrastructure is designed so that traffic will be routed through the >> nearest possible data center to where your application is serving. Your >> application will fail over to a different data center if there are any >> issues with the data center you are currently serving out of. What this >> means is that the situation you are talking about should not happen if you >> are using the CNAME we provide nor should a power outage in one of our data >> centers cause your application to be unreachable. >> >> If you use an A record instead and the IP changes for some reason then >> this would be an issue, this is why we strongly recommend you do not use an >> A record. >> >> Cheers, >> >> Cayden Meyer >> Product Manager, Google App Engine >> > -- > You received this message because you are subscribed to the Google Groups > "Google App Engine" group. > To view this discussion on the web visit > https://groups.google.com/d/msg/google-appengine/-/tbl2XTSkvyUJ. > > To post to this group, send email to google-appengine@googlegroups.com. > To unsubscribe from this group, send email to > google-appengine+unsubscr...@googlegroups.com. > For more options, visit this group at > http://groups.google.com/group/google-appengine?hl=en. -- You received this message because you are subscribed to the Google Groups "Google App Engine" group. To post to this group, send email to google-appengine@googlegroups.com. To unsubscribe from this group, send email to google-appengine+unsubscr...@googlegroups.com. For more options, visit this group at http://groups.google.com/group/google-appengine?hl=en.
