Help Center← Back to Dashboard
Getting Started
What is Aithroyz?Quickstart: First EnvironmentCloud CredentialsPlans & Approvals
Environments
OverviewLifecycle PhasesTTL Auto-DestroyExtending TTLDestroying an Environment
Tools Reference
OverviewElastic Stack (SIEM)Wazuh (XDR)MITRE CalderaTheHive & DFIR-IRISVelociraptorOpenCTIGrafana + PrometheusShuffle SOARn8nUptime KumaLLM GatewayOpen WebUIFlowiseOpenClawOllamaQdrantLangfusePortainerGiteaSonarQubeCode ServerMattermostMinIOMetabaseHashiCorp VaultKeycloak SSONetBoxLocalStack
Access & Security
Google SSOTenant IsolationPasskeys & MFATeam Members
API & Integrations
API KeysMCP Tools (Clevername)Terraform ExportWebhooks & Callbacks
Stack Presets
SOC PlatformIR / DFIR LabThreat HuntingQuick Sandbox
Settings
Cloud KeysAPI KeysBillingAudit Log
Troubleshooting
Common IssuesDeployment FailuresDNS & ConnectivityTool Health Checks
Aithroyz Help
Help CenterTroubleshootingDNS & Connectivity

DNS & Connectivity

Tool subdomains are created via GCP Cloud DNS. If you can't reach a tool URL, the issue is usually DNS propagation delay or an NS delegation problem.

How DNS works in Aithroyz

Each environment gets a Cloud DNS zone for <env-name>.ops.aithroyz.com. The foundation module creates:

A record: *.{env}.ops.aithroyz.com
Static external IP of the gateway VM
NS delegation in parent zone
ops-aithroyz-zone → ns-cloud-c1/c2/c3/c4.googledomains.com

Diagnosing DNS issues

# Check if the DNS record resolves
dig elastic.my-env.ops.aithroyz.com

# Check the wildcard A record
dig "*.my-env.ops.aithroyz.com"

# If no answer, check the NS delegation
dig ops.aithroyz.com NS
# Should return: ns-cloud-c1/c2/c3/c4.googledomains.com

# Test connectivity to the gateway IP directly
curl -k https://<gateway-ip>/  # Should return a Caddy or tool response
⚠
The correct NS servers for ops.aithroyz.com are ns-cloud-c1/c2/c3/c4.googledomains.com. If you see a1-a4 or any other servers, the NS delegation is incorrect and needs to be fixed in GoDaddy.

Common DNS problems

⚠NXDOMAIN — domain doesn't exist
The Cloud DNS zone was not created. This happens if the foundation module failed. Check the deployment log for errors in the 'foundation' step. Retry the deployment.
⚠DNS resolves but site is unreachable
The gateway VM may still be starting up, or the firewall rule for port 443 is missing. Check VM status in GCP Console. Firewall rules should allow TCP 443 from 0.0.0.0/0.
⚠SSL certificate error / 'Not Secure'
Caddy auto-provisions Let's Encrypt certs on first access. Give it 1–2 minutes. If it persists, Caddy may have hit the Let's Encrypt rate limit — it automatically falls back to ZeroSSL.
⚠Redirect loop on tool URL
This usually indicates an oauth2-proxy / Caddy configuration issue. Clearing cookies for *.ops.aithroyz.com in your browser resolves most cases.
Related Articles
Tenant IsolationRead article →Google SSORead article →Deployment FailuresRead article →