Domains, DNS and SSL

Adding a custom domain with SSL and optional Direct DNS


Summary

  • Two options for using your own domain (or subdomain)
  • You can use a CNAME pointed to [your subdomain].kintura.io
  • CNAME lookups in tier 3 geos can take 3 seconds alone so we don't recommend them.
  • You can use our Latency-optimized Global DNS by pointing an entire domain to your Kintura instance.
  • You should be able to either edit your DNS or edit your domain's nameservers and have a basic understanding of how DNS works.

Using Kintura Global Latency-optimized DNS

If you demand global < 50ms redirects with a custom domain, you will need to avoid CNAME DNS records. You need to have us connect your custom domain directly into our global network of latency-optimized load balancers. Using our direct DNS requires pointing your root domain to our nameservers so you'll lose the ability to point individual subdomains, etc.

This is now handled via self-service in the Domain Settings. Kintura will give you a list of Amazon Name Servers to use for your domain after completing domain ownership verification.

Domain Ownership Verification

When you first submit your domain name you will be instructed to verify ownership by creating a TXT record on your domain's existing DNS zone. On namecheap, that looks like this:

Select TXT Record for the host '@' with the 'KIN-' value given to you after you add your domain.

Setting your Nameservers

Below is an example of entering these "custom" name servers into the GoDaddy DNS console.

CNAME Record

Domain names are a simple global address book. Names pointing to numbers.

Now imagine if you looked up "Joe" in your address book and it said "see Joe's Dad, Frank." You had to call Joe's Dad in order to get Joe's number. This took extra time.

A CNAME record is the easiest way to point your own domain (or a subdomain) to your Kintura instance. The one drawback is that it's slower because it adds an additional lookup to the initial request. If this is to your campaign tracking link, it can add 10-100ms to your redirect time. If this is okay for you or you're just starting out that's fine -- just point a new CNAME entry to yourinstance.kintura.io and make sure your domain is added under Domains in the Kintura Console.

It's a little different based on where you manage your DNS. Most people these days manage DNS at the registrar itself. Here are some specific instructions:

SSL Certificates

Kintura lets you manage domains and SSL certificates in real-time. When you edit your SSL certificate information in the console, you're updating our global network of load balancers directly.

Before you can use any of the Kintura SSL features, you must have your domain name pointed to Kintura by either a CNAME record or contact support for your own Direct DNS NS servers.

Using Free SSL Certificates
Simply check the "Use Let's Encrypt" box and "Update" button and our servers will attempt to negotiate with the Let's Encrypt API to secure an SSL certificate on your behalf. In doing so, we will manage our own DCV (Domain Control Validation).

Using your own SSL Certificate
In order to use your own SSL Certificate you will need to generate a CSR by entering your information into the CSR form. Please be as accurate as possible as your SSL Certificate Authority may compare this information against your billing information. You can experiment with this if SSL certificate information is a privacy issue for you. This is your business. When you generate the CSR you will have what you need to order your SSL Certificate.

Once your Certificate Authority has your CSR they will provide you with DCV (Domain Control Validation) info. You will usually be given a file with a special filename and told to upload it to your server. Rather than upload the file, you'll be giving Kintura the contents of that file so we can provide it to your Certificate Authority. You can now see why the DNS needs to be correct before you can continue.