proxmox/docs/04-configuration/VMID2400_DNS_STRUCTURE.md

VMID 2400 - DNS CNAME Structure

Date: 2026-01-02
Domain: defi-oracle.io
Purpose: Two-level CNAME structure for ThirdWeb RPC endpoint

---

DNS Structure

The DNS configuration uses a two-level CNAME chain for flexibility:

rpc.defi-oracle.io
    ↓ (CNAME)
rpc.public-0138.defi-oracle.io
    ↓ (CNAME)
26138c21-db00-4a02-95db-ec75c07bda5b.cfargotunnel.com
    ↓ (Cloudflare Tunnel)
192.168.11.240:443 (Nginx) → 127.0.0.1:8545 (Besu RPC)

---

DNS Records to Create

Record 1: Tunnel Endpoint

Type: CNAME
Name: rpc.public-0138
Domain: defi-oracle.io
Target: 26138c21-db00-4a02-95db-ec75c07bda5b.cfargotunnel.com
Proxy: 🟠 Proxied (orange cloud)
TTL: Auto

Full FQDN: rpc.public-0138.defi-oracle.io
Purpose: Points directly to the Cloudflare tunnel endpoint

---

Record 2: Short Alias

Type: CNAME
Name: rpc
Domain: defi-oracle.io
Target: rpc.public-0138.defi-oracle.io
Proxy: 🟠 Proxied (orange cloud)
TTL: Auto

Full FQDN: rpc.defi-oracle.io
Purpose: Provides a shorter, more convenient alias that resolves to the full FQDN

---

Benefits of Two-Level Structure

1. Flexibility: Can change the tunnel endpoint without updating the short alias
2. Convenience: rpc.defi-oracle.io is easier to remember and use
3. Backwards Compatibility: If you need to change the tunnel or endpoint structure, only the first CNAME needs updating
4. Organization: The rpc.public-0138 name clearly indicates it's for ChainID 138 public RPC

---

Usage

Both endpoints will work and resolve to the same tunnel:

Full FQDN:

• https://rpc.public-0138.defi-oracle.io

Short Alias:

• https://rpc.defi-oracle.io

Both URLs will:

1. Resolve through the CNAME chain
2. Connect to Cloudflare tunnel 26138c21-db00-4a02-95db-ec75c07bda5b
3. Route to VMID 2400 (192.168.11.240)
4. Be handled by Nginx on port 443
5. Proxy to Besu RPC on port 8545

---

Cloudflare Dashboard Configuration

Step 1: Create First CNAME (Tunnel Endpoint)

1. Go to: DNS → Records
2. Click: Add record
3. Configure:
   • Type: CNAME
   • Name: rpc.public-0138
   • Target: 26138c21-db00-4a02-95db-ec75c07bda5b.cfargotunnel.com
   • Proxy: 🟠 Proxied
   • TTL: Auto
4. Click: Save

Step 2: Create Second CNAME (Short Alias)

1. Click: Add record again
2. Configure:
   • Type: CNAME
   • Name: rpc
   • Target: rpc.public-0138.defi-oracle.io
   • Proxy: 🟠 Proxied
   • TTL: Auto
3. Click: Save

---

Verification

Test DNS Resolution

# Test full FQDN
dig rpc.public-0138.defi-oracle.io
nslookup rpc.public-0138.defi-oracle.io

# Test short alias
dig rpc.defi-oracle.io
nslookup rpc.defi-oracle.io

# Both should resolve to Cloudflare IPs (if proxied)

Test Endpoints

# Test full FQDN
curl -k https://rpc.public-0138.defi-oracle.io/health

# Test short alias
curl -k https://rpc.defi-oracle.io/health

# Both should work identically

---

Important Notes

1. Proxy Status: Both CNAME records should be Proxied (🟠 orange cloud) for DDoS protection and SSL termination

2. CNAME Chain: Cloudflare supports CNAME chains, so rpc → rpc.public-0138 → tunnel works correctly

3. Tunnel Route: The tunnel route in Cloudflare should be configured for rpc.public-0138.defi-oracle.io (the actual endpoint), but both URLs will work since DNS resolves the short alias first

4. Nginx Configuration: Nginx is configured for rpc.public-0138.defi-oracle.io as the server_name. If you want to support both, you can add rpc.defi-oracle.io to the server_name directive, but it's not required since Cloudflare handles the DNS resolution.

---

Troubleshooting

CNAME Chain Not Resolving

• Wait 1-2 minutes for DNS propagation
• Verify both CNAME records are created correctly
• Check that the target of the first CNAME (rpc.public-0138) points to the tunnel endpoint
• Verify tunnel is healthy in Cloudflare Dashboard

Only One URL Works

• Check that both CNAME records are created
• Verify both are set to Proxied (orange cloud)
• Test DNS resolution for both: dig rpc.defi-oracle.io and dig rpc.public-0138.defi-oracle.io

---

Last Updated: 2026-01-02
Status: ✅ DOCUMENTATION COMPLETE