detour signs

In this article, we’ll set up a typical DNS record for a website hosted outside his domain name registrar. As I always advocate, you should use as your main domain if you are a blogger or small business owner. As a good practice, we’ll use DNS redirect to properly redirect all non-www traffic to the www subdomain. Namecheap will be the registrar in our example.

1. Our Setup

1.1 The Network Architecture

The approach could be different for a different architecture. In our discussion, we assume the architecture is like the following.

  1. You registered a domain name from one of the registrars, such as Namecheap;
  2. You will install an SSL certificate on your host, but your host is not with the registrar. For example, it could be an EC2 instance on AWS or your own desktop in your school lab.
Our network architecture
The Network Architecture

1.2 Limit Configuration only within Registrar Portal

Since the redirection can happen from anywhere along the path, we’ll limit our discussion to using the DNS entry in the Registrar’s Portal only. We do not use server-side redirection by Nginx or Apache. I’ll write another article about that.

For the rest of this article, I’ll use as an example. The registrar is Namecheap. wwwinsights’ content is hosted on, which is the public IP address of the EC2 VPS (Virtual Private Server) on AWS.

2. Configuration Process

2.1 Add A Record to your Host IP

An ‘A record‘ is THE first DNS entry you need to add. It bridges a domain name with an IP address which is the host of the content for the domain name. There are various ways to configure this A record. But our goal is (1) to use as the main domain; (2) to push the redirection burden to Namecheap. so we configure an ‘A record’ for www, not the root domain.

step to configure a record

Follow the step shown in the above diagram to find the place to add a DNS record. Then add the A record to have your www domain name pointing to the EC2’s IP address.

Wait for a while (usually a few minutes) then open any command line and try to ping

If your EC2 does not respond to ICMP, you won’t be able to successfully ping it. But you should be able to see the ping resolves to the correct IP address shown in the following diagram.


Open your favorite web browser, and type in the address bar, you should be able to see the index.html in the root directory of the site, although the web browser is very likely to warn you that you are visiting an unsecured website. A small tip you can use is to modify the index.html to be site-specific, so you know for sure you are seeing this particular file.

At this point, you can also type and in the web browser, none of them shall work. Because besides the exact match of, no one knows how to route other domain names.

2.2 Install SSL Certificate on your EC2 Host

I’ll write another detailed article on how to install SSL Certificate.

After successful installation, the Certbot blocks HTTP port 80 for, and responds with a 301 permanent redirection for any HTTP traffic to the corresponding HTTPS. At this time, if you type in in your web browser’s address bar, your web browser follows the redirect command and visits

With Chrome, ‘https://www.’ is hidden. While Edge or Firefox shows the entire address. All of them have a lock showing it is HTTPS.

Chrome address bar
Chrome Address Bar
edge address bar
Edge Address Bar
firefox address bar
Firefox Address Bar

2.3 Redirect the Root Domain to WWW

Then continue to add the following DNS record.

redirect root domain
Redirect @

Host @ means the root domain itself. For the traffic to, redirect to our main domain. The ‘301 permanent’ tells the web browser it is changed to the main domain permanently.

At this point, if you ping, you will get the ICMP response.


Who is responding? It’s not your host. It’s someone else. Its IP info tells us it belongs to Namecheap. Yes, it’s Namecheap’s DNS server that is responding to the ping on behalf of you, as they know a redirect for this domain name.

Here comes the interesting part. If you type directly in the browser, it’ll be successfully redirected. However, if you type, it won’t be redirected. The browser will give you an unreachable message.


Why can it not redirect the root domain with https in front of it? Because the URL Redirect Record is for HTTP, not HTTPS. When you type the root domain without anything in front, the browser treats it as HTTP. So the above DNS record is able to redirect it.

There is a trick you can make this work by adding the following A record.

This A record will tell the host of the root domain. The web browser can use this information to do HTTPS negotiation. Along with the URL redirect, in the web browser can successfully to redirected to

As a side note, you won’t be able to use CNAME to redirect the root domain, as CNAME per definition does not work for the root domain.

2.4 Redirect any other subdomain to WWW

Similarly, make use of the following DNS record to redirect any other subdomain to www subdomain.

redirect all other subdomains
DNS record to redirect all undefined subdomains

Host * stands for all undefined subdomains. With this record, or will be successfully redirected to Also for the same reason, won’t be redirected anywhere.

2.5 What is still not redirected?

So far, we got almost everything working besides redirection for You have to step back and ask yourself, do you really need that redirection? It’s very rare that users type https:// in the address bar.

Let’s check or Both of them simply cannot be reached, and no redirection is implemented.

So it’s really okay that we stop here, and leave them as they are. But what if you really would like them to work for some reason? There are two ways. (1)perform HTTPS redirection on the host side; (2) Move your SSL certificate to Namecheap and buy DNS service so that Namecheap can properly redirect HTTPS traffic.

3. Why Push Redirection to the DNS Sever?

It’s always to reflect on why we want to push redirection mostly on Namecheap. The main reason is the potential extension. You may always purchase the DNS service to block DNS attacks, and let Namecheap be your first line of defense. Otherwise, you’ll need to deploy your defense on your host.

4. Conclusion

This is a long exercise. We need to know it’s only one of the many ways to configure your website. Your IT administrators might have better suggestions for your particular use case.

For further understanding of DNS redirect, I recommend this old blog post by Simone Carletti. You can also learn more from our blogs about Network. If you have any suggestions, please leave your comment below, and we can continue our discussion there.

Leave a Reply

Your email address will not be published. Required fields are marked *