Announcing our new API documentation!
Check it out here
Knowledge Base
/
DNS crash course for redirects

Connecting your first domain: DNS crash course

How DNS points a domain at SiteDetour, apex vs subdomain, propagation, and how to verify from the command line.

On this page:

Overview

Pointing DNS at SiteDetour is the step that makes a configured redirect actually route traffic. This article covers the record types, how SiteDetour verifies them, and how to debug propagation.

Apex vs. subdomain

The record type you add depends on whether you're redirecting an apex (naked) domain or a subdomain.

Apex domains (example.com)

DNS specification doesn't permit CNAME records at the zone apex. For apex redirects, add the A records shown in the View DNS Instructions panel on the redirect editor. Always use the values from the panel — they are authoritative for your account.

Subdomains (go.example.com, docs.example.com)

For any non-apex hostname, add a CNAME pointing at the hostname SiteDetour displays in the DNS instructions panel. A single CNAME is enough — SiteDetour handles edge routing internally.

How SiteDetour verifies control

Before issuing an SSL certificate, SiteDetour checks that the domain currently resolves to its edge. The DNS instructions panel shows two sections:

  • Expected DNS Records — what your domain should resolve to.
  • Currently Resolved DNS Records — what SiteDetour's resolver sees right now.

When Expected equals Currently Resolved, the status indicator at the top of the redirect editor switches from DNS Not Pointed to DNS Pointed.

TTLs and propagation

DNS records have a Time-To-Live (TTL) that tells resolvers how long to cache the answer. If your domain currently has a long TTL (e.g. 1 hour) and you just changed the record, resolvers around the world will still serve the cached value until that TTL expires. Typical propagation windows:

  • Subdomain CNAMEs: under 5 minutes in most cases if TTL was short.
  • Apex A records: up to 24 hours with conservative TTLs.

If you plan to migrate apex DNS ahead of time, drop the TTL to 300 seconds (5 minutes) 24 hours before the switch so you can roll forward or back quickly.

Verifying from the command line

Use dig to check what the authoritative DNS currently says:

dig +short example.com A
dig +short go.example.com CNAME

To bypass your local resolver cache and query an authoritative server directly:

dig @8.8.8.8 example.com A

If the command's output matches the Expected DNS Records in the SiteDetour panel, you're done; if not, re-check the record you added in your DNS provider.

Common pitfalls

  • Proxy on (Cloudflare orange cloud) — proxying can break SiteDetour's verification. Either set the record to DNS-only (grey cloud), or keep proxy on and enable Reverse Proxy Support in the redirect's Advanced Settings.
  • Stale www — if your apex points at SiteDetour but www.example.com still points at an old host, use Include www subdomain on the redirect so both are served.
  • AAAA records — if you have existing AAAA (IPv6) records, delete them or update to the IPv6 records shown in the panel. Otherwise browsers may try IPv6 first and fail.

Next steps

SiteDetour Logo
Join our newsletter to stay updated on features and releases.
By subscribing, you agree to our Privacy Policy and consent to receive updates from our company.
Thank you! Please check your inbox for a confirmation email.
Oops! Something went wrong while submitting the form.
Product
Support
Documentation
Find us
© All rights reserved. Sitedetour.com
Terms of ServicePrivacy Policy