Issues setting up custom domain registered through Squarespace

Steve_Brownlie · March 23, 2022, 9:09am

Hello

I’m having a small issue setting up a custom domain name registered through Squarespace.

My Netlify domain name is: https://leadout-capital-production.netlify.app/

The custom domain name I’m trying to set up is https://leadoutcapital.com/

I’ve added the following custom records to my Squarespace DNS, as recommended within my Netlify domains dashboard:
www CNAME leadout-capital-production.netlify.app.
leadoutcapital.com A 75.2.60.5

The website appears to be working on the www. version of the custom domain name: https://www.leadoutcapital.com/

The Non-www. version, I am still getting “Check DNS Configuration” >24 hours after making the changes

Having checked the DNS Propogation Checker, I’m getting red crosses across the board, seems like I might have done something wrong?

Thank you

coelmay · March 23, 2022, 9:43am

Hey @Steve_Brownlie

You still have Squarespace DNS set up

Name Server: dns1.p01.nsone.net
Name Server: dns2.p01.nsone.net
Name Server: dns3.p01.nsone.net
Name Server: dns4.p01.nsone.net
Name Server: ns01.squarespacedns.com
Name Server: ns02.squarespacedns.com
Name Server: ns03.squarespacedns.com
Name Server: ns04.squarespacedns.com

You need to remove all the ns**.squarespacedns.com entries.

Steve_Brownlie · March 23, 2022, 10:54am

Hi

Thanks for your response. I’ve currently got some MX records pointing to Google for our emails. Will removing the nameservers have any impact on that?

Thanks

coelmay · March 23, 2022, 10:56am

Yes. But…

Have a read through the following guide about setting up Netlify DNS so email is not affected.

Steve_Brownlie · March 23, 2022, 11:02am

I’m not trying to migrate my DNS to Netlify though, I’m trying to keep it with Squarespace and just update the relevant CNAME and A records to point to Netlify. Is there no way to do that without changing the nameservers?

There is no mention of updating the nameservers here: Configure external DNS for a custom domain | Netlify Docs

coelmay · March 23, 2022, 11:16am

If you are not using (or wanting to use) Netlify DNS, then you need to remove the Netlify nameservers

Name Server: dns1.p01.nsone.net
Name Server: dns2.p01.nsone.net
Name Server: dns3.p01.nsone.net
Name Server: dns4.p01.nsone.net

Steve_Brownlie · March 23, 2022, 1:22pm

These nameservers are also squarespace’s nameservers (see here: [Support Guide] What you can do about this error message: "A DNS zone for this domain already exists on NS1").

Given that this is the case, would that have an impact on my setup?

Steve_Brownlie · March 23, 2022, 6:16pm

I’m still struggling with this. It would be great if someone could advise further.

coelmay · March 23, 2022, 8:32pm

Quite likely.

Are you still going to use Squarespace for a website? If not, have you confirmed that Squarespace allows using their DNS while not hosting a site with them (I know Netlify doensn’t.)

If you are no longer using (or planning to use) Squarespace as a service, you may need to look at transferring the domain to another registrar. This way you could remove the DNS zone from NS1 and configure the domain to use Netlify.

Steve_Brownlie · March 23, 2022, 9:43pm

This page seems to suggest it shouldn’t be an issue: Pointing a Squarespace domain – Squarespace Help Center

“You can use your Squarespace domain’s DNS records panel to point your domain to a different site.”

It also gives the same instructions as on Netlify’s documents so I cannot see why it wouldn’t work!

luke · March 24, 2022, 7:48am

Hi, @Steve_Brownlie. Yes, the external DNS instructions do work with any DNS service.

I’m showing the www DNS record working:

www.leadoutcapital.com.	14400	IN	CNAME	leadout-capital-production.netlify.app.

However, the A record for the apex domain is not working:

$ dig leadoutcapital.com

; <<>> DiG 9.10.6 <<>> leadoutcapital.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 4332
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;leadoutcapital.com.		IN	A

;; AUTHORITY SECTION:
leadoutcapital.com.	1800	IN	SOA	dns1.p01.nsone.net. hostmaster.nsone.net. 1647886787 43200 7200 1209600 3600

;; Query time: 64 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Thu Mar 24 00:46:16 PDT 2022
;; MSG SIZE  rcvd: 112

This shows the SOA (start of authority) record returned. This is the default behavior for DNS resolvers when the requested DNS record do not exist. For example:

$ dig not-a-real-subdomain.leadoutcapital.com

; <<>> DiG 9.10.6 <<>> not-a-real-subdomain.leadoutcapital.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 55509
;; flags: qr rd ra; QUERY: 1, ANSWER: 0, AUTHORITY: 1, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 512
;; QUESTION SECTION:
;not-a-real-subdomain.leadoutcapital.com. IN A

;; AUTHORITY SECTION:
leadoutcapital.com.	1800	IN	SOA	dns1.p01.nsone.net. hostmaster.nsone.net. 1647886787 43200 7200 1209600 3600

;; Query time: 51 msec
;; SERVER: 8.8.8.8#53(8.8.8.8)
;; WHEN: Thu Mar 24 00:47:27 PDT 2022
;; MSG SIZE  rcvd: 133

So, the A record isn’t working. That is something you will need to contact the current DNS service to troubleshoot (meaning Squarespace).

If there are other questions, please let us know.

Steve_Brownlie · March 24, 2022, 8:19am

Hi Luke

Thanks so much for this. After you mentioned this, I checked and I actually noticed a slight difference in the way I’d configured Squarespace to how their instructions advise.

The Netlify instructions state that the A record should be:
leadoutcapital.com A 75.2.60.5

The Squarespace instructions actually state that the A record needs to be
@ A 75.2.60.5

I’ve changed it to Squarespace’s recommended configuration, and it now seems to work (warning message gone from Netlify dashboard), but I’m getting the following error in Chrome when trying to access the non-www. page:

"Attackers might be trying to steal your information from leadoutcapital.com (for example, passwords, messages or credit cards)

NET::ERR_CERT_COMMON_NAME_INVALID

This server could not prove that it is leadoutcapital.com; its security certificate is from .netlify.app. This may be caused by a misconfiguration or an attacker intercepting your connection."

Any idea how this new error can be fixed?

Steve_Brownlie · March 24, 2022, 8:26am

Ignore the above, I’ve re-provisioned the SSL certificate and this issue is now fixed!

Thanks again

luke · March 24, 2022, 8:38am

Hi, @Steve_Brownlie. Thanks for the follow-up to let us know it is working!