# VMID 2400 - DNS CNAME Structure **Last Updated:** 2026-01-31 **Document Version:** 1.0 **Status:** Active Documentation --- **Date**: 2026-01-02 **Domain**: `defi-oracle.io` **Purpose**: Two-level CNAME structure for ThirdWeb RPC endpoint --- ## DNS Structure The DNS configuration uses a two-level CNAME chain for flexibility: ``` rpc.defi-oracle.io ↓ (CNAME) rpc.public-0138.defi-oracle.io ↓ (CNAME) 26138c21-db00-4a02-95db-ec75c07bda5b.cfargotunnel.com ↓ (Cloudflare Tunnel) 192.168.11.240:443 (Nginx) → 127.0.0.1:8545 (Besu RPC) ``` --- ## DNS Records to Create ### Record 1: Tunnel Endpoint ``` Type: CNAME Name: rpc.public-0138 Domain: defi-oracle.io Target: 26138c21-db00-4a02-95db-ec75c07bda5b.cfargotunnel.com Proxy: 🟠 Proxied (orange cloud) TTL: Auto ``` **Full FQDN**: `rpc.public-0138.defi-oracle.io` **Purpose**: Points directly to the Cloudflare tunnel endpoint --- ### Record 2: Short Alias ``` Type: CNAME Name: rpc Domain: defi-oracle.io Target: rpc.public-0138.defi-oracle.io Proxy: 🟠 Proxied (orange cloud) TTL: Auto ``` **Full FQDN**: `rpc.defi-oracle.io` **Purpose**: Provides a shorter, more convenient alias that resolves to the full FQDN --- ## Benefits of Two-Level Structure 1. **Flexibility**: Can change the tunnel endpoint without updating the short alias 2. **Convenience**: `rpc.defi-oracle.io` is easier to remember and use 3. **Backwards Compatibility**: If you need to change the tunnel or endpoint structure, only the first CNAME needs updating 4. **Organization**: The `rpc.public-0138` name clearly indicates it's for ChainID 138 public RPC --- ## Usage Both endpoints will work and resolve to the same tunnel: **Full FQDN**: - `https://rpc.public-0138.defi-oracle.io` **Short Alias**: - `https://rpc.defi-oracle.io` Both URLs will: 1. Resolve through the CNAME chain 2. Connect to Cloudflare tunnel `26138c21-db00-4a02-95db-ec75c07bda5b` 3. Route to VMID 2400 (192.168.11.240) 4. Be handled by Nginx on port 443 5. Proxy to Besu RPC on port 8545 --- ## Cloudflare Dashboard Configuration ### Step 1: Create First CNAME (Tunnel Endpoint) 1. Go to: **DNS** → **Records** 2. Click: **Add record** 3. Configure: - **Type**: CNAME - **Name**: `rpc.public-0138` - **Target**: `26138c21-db00-4a02-95db-ec75c07bda5b.cfargotunnel.com` - **Proxy**: 🟠 Proxied - **TTL**: Auto 4. Click: **Save** ### Step 2: Create Second CNAME (Short Alias) 1. Click: **Add record** again 2. Configure: - **Type**: CNAME - **Name**: `rpc` - **Target**: `rpc.public-0138.defi-oracle.io` - **Proxy**: 🟠 Proxied - **TTL**: Auto 3. Click: **Save** --- ## Verification ### Test DNS Resolution ```bash # Test full FQDN dig rpc.public-0138.defi-oracle.io nslookup rpc.public-0138.defi-oracle.io # Test short alias dig rpc.defi-oracle.io nslookup rpc.defi-oracle.io # Both should resolve to Cloudflare IPs (if proxied) ``` ### Test Endpoints ```bash # Test full FQDN curl -k https://rpc.public-0138.defi-oracle.io/health # Test short alias curl -k https://rpc.defi-oracle.io/health # Both should work identically ``` --- ## Important Notes 1. **Proxy Status**: Both CNAME records should be **Proxied** (🟠 orange cloud) for DDoS protection and SSL termination 2. **CNAME Chain**: Cloudflare supports CNAME chains, so `rpc` → `rpc.public-0138` → `tunnel` works correctly 3. **Tunnel Route**: The tunnel route in Cloudflare should be configured for `rpc.public-0138.defi-oracle.io` (the actual endpoint), but both URLs will work since DNS resolves the short alias first 4. **Nginx Configuration**: Nginx is configured for `rpc.public-0138.defi-oracle.io` as the server_name. If you want to support both, you can add `rpc.defi-oracle.io` to the server_name directive, but it's not required since Cloudflare handles the DNS resolution. --- ## Troubleshooting ### CNAME Chain Not Resolving - Wait 1-2 minutes for DNS propagation - Verify both CNAME records are created correctly - Check that the target of the first CNAME (`rpc.public-0138`) points to the tunnel endpoint - Verify tunnel is healthy in Cloudflare Dashboard ### Only One URL Works - Check that both CNAME records are created - Verify both are set to Proxied (orange cloud) - Test DNS resolution for both: `dig rpc.defi-oracle.io` and `dig rpc.public-0138.defi-oracle.io` --- **Last Updated**: 2026-01-02 **Status**: ✅ **DOCUMENTATION COMPLETE**