Skip to main content

Domains, DNS & Hosting

Single source of truth for "where does each domain live, who's the registrar, who's authoritative for DNS, what's served from each one." Use this when:

  • A domain isn't resolving and you need to know whose console to open
  • Adding a new subdomain
  • Migrating a domain (we did this for ka-26.com on 2026-04-17)
  • Renewing a domain registration

All three domains at a glance

DomainWhat's servedRegistrarDNS authorityHosting
ka26.shopApplication (web + API)GoDaddyGoDaddyGCP Cloud Run + Load Balancer
ka-26.comPublic landing + APK downloadHostingerCloudflare (since 2026-04-17)GitHub Pages
docs.ka-26.comInternal Docusaurus docs portal (THIS site)(subdomain of above)CloudflareCloudflare Workers Static Assets

Tip: when something breaks, the FIRST question is "is the domain resolving?" Run dig <domain> +short from a terminal. If it returns the right IP/CNAME, the issue is downstream.

ka26.shop — the application

Registrar

DNS authority

  • Nameservers: ns23.domaincontrol.com + ns24.domaincontrol.com (GoDaddy's defaults)
  • Records:
TypeNameContentTTLPurpose
A@34.8.146.193defaultApex → GCP Load Balancer
Awww34.8.146.193defaultwww → same LB

Note: NO MX records here. Email for the company is on ka-26.com, not ka26.shop.

Hosting

  • GCP Load Balancer (forwarding rule ka26-marketplace-https-rule) → Cloud Run service ka26-marketplace in us-central1
  • SSL: managed by GCP Load Balancer (Google-managed certificate)
  • (Scheduled change): replace the LB with native Cloud Run domain mapping. Saves ~€18/mo. See MEMORY.md TODO. When done, GoDaddy DNS will be updated to point at Google's IPs directly (4 A records + 1 CNAME for www).

Common ops

# Check the LB is responding
curl -sI https://ka26.shop/api/health

# Check Cloud Run logs
gcloud run services logs read ka26-marketplace --region us-central1 --project school-mgmt-saas --limit 20

# Roll back to a previous Cloud Run revision
gcloud run revisions list --service ka26-marketplace --region us-central1 --project school-mgmt-saas
gcloud run services update-traffic ka26-marketplace --region us-central1 --project school-mgmt-saas \
  --to-revisions ka26-marketplace-00XXX-yyy=100

ka-26.com — the landing page + email

Registrar

  • Provider: Hostinger
  • Account: siddugkattimani@gmail.com
  • Registration expiry: ~yearly renewal at Hostinger
  • ⚠️ Hostinger's DNS panel is now READ-ONLY for this domain (we moved authoritative DNS to Cloudflare on 2026-04-17). Any DNS change must go through Cloudflare, NOT Hostinger.

DNS authority — Cloudflare (since 2026-04-17)

  • Cloudflare account: siddugkattimani@gmail.com (free plan)
  • Nameservers: anahi.ns.cloudflare.com + elmo.ns.cloudflare.com
  • All 11 records set to "DNS only" (gray cloud) — never set to Proxied (orange) for the records below; Cloudflare's proxy breaks GitHub Pages SSL and breaks SMTP/SPF/DKIM/DMARC
TypeNameContentProxyPurpose
A@185.199.108.153DNS onlyLanding → GitHub Pages
A@185.199.109.153DNS onlyLanding → GitHub Pages
A@185.199.110.153DNS onlyLanding → GitHub Pages
A@185.199.111.153DNS onlyLanding → GitHub Pages
CNAMEwwwsidgk.github.ioDNS onlywww → Pages
Worker routedocs(Worker ka26-docs)n/aDocs portal
MX@smtp.google.com (priority 1)n/aGoogle Workspace email
TXT@v=spf1 include:_spf.google.com ~alln/aSPF
TXTgoogle._domainkey(DKIM key)n/aDKIM
TXT_dmarcv=DMARC1; p=quarantine; rua=mailto:siddugkattimani@gmail.com; adkim=s; aspf=sn/aDMARC
TXT@google-site-verification=...n/aGoogle Workspace ownership proof

Hosting (landing + APK download)

  • Provider: GitHub Pages (free tier — requires public repo)
  • Source: sidgk/ka26-website (public repo)
  • Deploy: .github/workflows/deploy.yml — auto-builds on push to main, ~2 min
  • APK URL: https://ka-26.com/downloads/ka26-latest.apk (stable URL, swap binary in /tmp/ka26-website/public/downloads/)

Email (Google Workspace)

docs.ka-26.com — internal docs portal (THIS site)

DNS

  • Subdomain of ka-26.com (managed in Cloudflare)
  • Worker route (NOT a CNAME) — Cloudflare auto-creates this when you attach a custom domain to a Worker

Hosting

  • Provider: Cloudflare Workers Static Assets (the new unified Pages + Workers product)
  • Project name: ka26-docs
  • Source: sidgk/ka26-docs (PRIVATE repo)
  • Framework: Docusaurus 3
  • Build command: npm run build
  • Output directory: build
  • Deploy command: npx wrangler deploy ⚠️ NOT versions upload — see Cloudflare ops doc for the gotcha
  • Default URL: https://ka26-docs.siddu-9fe.workers.dev (still works as a fallback)
  • Custom domain: docs.ka-26.com
  • SSL: Cloudflare Universal SSL (auto-renewing, currently valid through 2026-07-16)

Why we moved off GitHub Pages for docs

GitHub Pages free tier requires public repos. We wanted the docs source private (it documents internal architecture, secret names, incident playbooks). Cloudflare Workers Static Assets supports private repos for free.

Access control

  • Currently the deployed site is publicly readable at https://docs.ka-26.com
  • We considered this acceptable because: source repo is private, docs reference secret NAMES not values, no PII
  • If we want to email-gate later: enable Cloudflare Access (free for ≤50 users), ~10 min setup, see Cloudflare Access Setup

DNS verification commands

Useful for checking what's resolving from where:

# Confirm authoritative nameservers
dig ka26.shop NS +short        # → ns23.domaincontrol.com / ns24.domaincontrol.com (GoDaddy)
dig ka-26.com NS +short        # → anahi.ns.cloudflare.com / elmo.ns.cloudflare.com (Cloudflare)

# Apex resolution
dig ka26.shop +short           # → 34.8.146.193 (GCP LB)
dig ka-26.com +short           # → 4× 185.199.108-111.153 (GitHub Pages)

# Subdomains
dig www.ka26.shop +short       # → 34.8.146.193
dig www.ka-26.com +short       # → sidgk.github.io. + Pages IPs
dig docs.ka-26.com +short      # → Cloudflare edge IPs (104.21.x.x / 172.67.x.x)

# Email routing
dig MX ka-26.com +short        # → 1 smtp.google.com.
dig TXT ka-26.com +short       # → SPF, DKIM, DMARC, Google verify

If any of these return unexpected results, DNS is the issue (not the application).

Disaster recovery — domain edition

If Cloudflare goes down

  • Impact: ka-26.com landing + docs portal + email all unreachable
  • Fix: change nameservers at Hostinger back to Hostinger defaults (ns1.dns-parking.com / ns2.dns-parking.com), then re-create all 11 DNS records in Hostinger using the table above. Email recovers within ~30 min after MX records are re-created.
  • 2FA recovery codes: Cloudflare account is on siddugkattimani@gmail.com — recovery codes should be in 1Password (verify before disaster strikes)

If GoDaddy goes down

  • Impact: ka26.shop unreachable
  • Fix: GoDaddy is mostly stable; rare. If it does happen and persists, can transfer the domain to Cloudflare DNS (60-day ICANN transfer lock) — but that's a multi-day process. Better to wait it out.

If GitHub Pages goes down

  • Impact: ka-26.com landing + APK download fail (but docs.ka-26.com is on Cloudflare, not affected)
  • Fix: build the website locally (cd /tmp/ka26-website && npm run build), serve /out from any static host (Cloudflare Pages, Netlify, even an S3 bucket). DNS at Cloudflare → swap A records to the new host's IPs.

If GCP Cloud Run goes down

  • Impact: ka26.shop returns 503; the entire app is unreachable
  • Fix: roll back to the previous revision (1 command, gcloud run services update-traffic ... --to-revisions=...). If GCP regional outage, no quick fix — wait for Google.

Renewal calendar

ServiceRenewal cadenceCostAuto-renew?
GoDaddy ka26.shopyearly₹1500 (€15)check status in account
Hostinger ka-26.comyearly~₹1500check status in account
Google Workspacemonthly$6/user/moyes (linked to credit card)
Cloudflaren/a (free)$0n/a
GitHubn/a (free)$0n/a
GCPmonthly~€20yes (linked to credit card)

Action item: confirm auto-renew is enabled on both GoDaddy and Hostinger before they expire. Domain expiration → site-down outage with no recovery if it lapses too long.