MUSICat Guides

Logo

Guides for building a local music collection using the open-source MUSICat platform.

DNS Setup

Rabble supports three types of domains for MUSICat collections: musicat.co domains, custom domains, and library-integrated domains (more on each of these types below).

Rabble manages all SSL certificates for MUSICat sites using Let’s Encrypt. Certs are automatically renewed and installed every two months, and require no action from libraries.

To automate certificate renewal and installation, we ask that libraries with custom and library-integrated domains set up NS records in their domains. More information on NS records below.

For collection.musicat.co type URLs:

example: https://atxlibrary.musicat.co - Electric Ladybird, Austin Public Library’s collection

Rabble can set this up for you as soon as the final collection name is determined.

For collection.org type dedicated apex URLs:

example: https://capitalcityrecords.ca - Edmonton Public Library’s collection

Rabble supports all Name Service and SSL functions automatically if you register a new apex domain for your collection, and add NS records to that domain delegating collection.org to ns1.dnsimple.com and a second NS record delegating collection.org to ns2.dnsimple.com

This delegation leaves you in full control of your domain, our manageability strictly applies within collection.org and it is revocable by you at any time. Basically, it lets us offer full management for free, but does not give us any authority.

For collection.librarydomain.org type URLs:

example: https://stacks.carnegielibrary.org - Carnegie Library of Pittsburgh’s collection

Rabble supports all Name Service and SSL functions automatically if you create an NS record delegating to ns1.dnsimple.com and a second NS record delegating to ns2.dnsimple.com

This delegation leaves you in full control of your domain, and does not give Rabble any ability to create certificates or do anything with DNS outside of the subdomain. Our manageability strictly applies within and it is revocable by you at any time. Basically, it lets us offer full management for free, but does not give us any authority.

Additional information on NS records:

Delegating a subdomain to Rabble’s nameservice provider allows us to include management of the namespaces of the primary site and all the APIs and services that power it, such that all exposed names remain fully in the Library controlled domain, and all name resolution and direction to actual server infrastructure are automated by Rabble, including certificate renewals via Let’s Encrypt. This is the standard configuration for MUSICat sites that live at library subdomains.

Rabble MUSICat does not need or require exclusive control of the subdomain our tools manage, and we can invite Library technologists via email to shared management of the subdomain zone file on our nameservice provider (currently DNSimple.com). With this access, library technologists can establish additional records for purposes such as proof of identity or email record management, add other service names within the subdomain for related projects, etc. Rabble MUSICat infrastructure will preserve any records it doesn’t manage in its backups, and will only edit the records related to delivery of MUSICat collection website, API, and SSL renewal functions.

Many organizations are used to handling subdomains with A records or CNAMES. A customer managed subdomain can have equivalent records, but Rabble cannot then automate management of installation, management, SSL certificate validation, and any other service requiring DNS record changes. DNS changes and updates at the level of SSL certificate validation and A and CNAME resolution records for the server node are a regular part of normal mode operation of MUSICat instances, not a change managed occasional process.

Rabble can maintain a non-authoritative subdomain. In such cases the records in it must be maintained on customer DNS to ensure stable function. This may lead to some delays in certificate authentication, server availability during hardware or software reconfigurations, and similar issues.

It’s important to note that NS records do not give Rabble authority to act outside of your MUSICat subdomain, and that you can revoke Rabble’s ability to act on your MUSICat subdomain at any time without sacrificing availability or manageability prior to such a revocation.

An example NS record delegated zone file:

$ORIGIN flipside.apl.org.
$TTL 1h
flipside.apl.org. 3600 IN SOA ns1.dnsimple.com. admin.dnsimple.com. 1533139132 86400 7200 604800 300
flipside.apl.org. 3600 IN NS ns1.dnsimple.com.
flipside.apl.org. 3600 IN NS ns2.dnsimple.com.
flipside.apl.org. 3600 IN NS ns3.dnsimple.com.
flipside.apl.org. 3600 IN NS ns4.dnsimple.com.
flipside.apl.org. 300 IN A 66.228.32.216
www.flipside.apl.org. 60 IN CNAME afs-musicat-201808011057.nodes.musicat.co.
api.flipside.apl.org. 60 IN CNAME afs-musicat-201808011057.nodes.musicat.co.
jsfs.flipside.apl.org. 60 IN CNAME afs-musicat-201808011057.nodes.musicat.co.
mtc.flipside.apl.org. 60 IN CNAME afs-musicat-201808011057.nodes.musicat.co.
mtccache.flipside.apl.org. 60 IN CNAME afs-musicat-201808011057.nodes.musicat.co.
log.flipside.apl.org. 60 IN CNAME afs-musicat-201808011057.nodes.musicat.co.
_acme-challenge.www.flipside.apl.org. 1 IN TXT "WWshrHwDaZPhJxJ8EVNS_HrbS6zRCDxzpnmfTCSo47Q"
_acme-challenge.flipside.apl.org. 1 IN TXT "ucvpr9ZcuMOvHnKvNJ2fT6elUJDr9v6QN-nJmsZvFhc"
_acme-challenge.api.flipside.apl.org. 1 IN TXT "XsbuNHuilHZjzu8vzvUnXfVyqs1LSuCi5ozjeTw3AII"
_acme-challenge.jsfs.flipside.apl.org. 1 IN TXT "SPfTY-yMRyvthMzdBH1DEWDtPXNvAUlWm9kN3_F_M_4"
_acme-challenge.mtc.flipside.apl.org. 1 IN TXT "rjRn8AqcSkfjhDQ8WRsQcNGsxIuT0hGrhYmhQfCDV6s"
_acme-challenge.mtccache.flipside.apl.org. 1 IN TXT "AYAIvbVettGtfhTXiph9eBoBbxk6PUP-Wv9JqEc_61U"
_acme-challenge.log.flipside.apl.org. 1 IN TXT "TI7z3yYO9fFZ9pg2TaYyy5Yer8nTcvaWdOY-VUxEV-Y"

back