I've got an application that is hosted on aws, but mail is sent via google. I'm using Route 53 for my DNS. I'm trying to figure out what to use for an SPF record within Route 53 to enhance the deliverability of my emails.
Within the SPF record, I understand that I need to specify the mail server in either domain, ip4, or ip6 format.
Within the SPF record, would I use the ip address of my load balancer on aws or would I specify my domain name? Alternatively, should I indicate a domain name or IP address that represents GSUITE's servers?
I'm very confused. Thanks for your help!!
You need to follow this guide which gives you the SPF record to use for your Google email service. Since your load balancer and AWS servers are not involved in your email service, they would not be included in the SPF record.
Related
I am new to AWS Route53 and trying to brush up some of the basics. I have a question that might sound silly.
Lets say i have a public load balancer created with its DNS (AWS auto generated). Now i went ahead and got my corporate company to create a CName for the actual ELB A record, so say that CNAME is www.my-website.com.
Now when users start browsing www.my-website.com, their router DNS directly know where this public www.my-website.com is hosted and then once the DNS resolution happens, the request is directly forwarded to my ELB that has that CName to it.
Now all this is good but i would also like to play with Route53 here, so i go ahead and use Route53 to create a hosted zone and add my domain www.my-website.com under it and then create a record set with alias pointing to my actual ELB followed by rest of the configuration.
Now when someone hits www.my-website.com on their browser will the request directly go to the ELB or go to Route53 that will then route it to that ELB?
A summary of what these services provides is below:
Route 53 is a DNS Provider provided as a service by AWS. The functionality you're describing using is to store your DNS records within it for resolution.
An ELB is an appliance to distribute traffic across multiple nodes.
With your records in Route 53 the below journey takes place:
When a client in the browser attempts to go to www.example.com it will first check in its internal cache for any previously stored values for the domain, if theres a value it will be evaluated against a TTL to see if it has been expired.
If no value or expired the client will connect to the root domain, then the top level domain continuing until it finds the DNS provider for your domain (. -> .com. -> example.com..
Once it finds this DNS provider it will query for your domain, if it matches it will return the resolution value and the TTL.
If the value is that of a CNAME (such as an ELB) this process will begin again to resolves the IP address(es) for your hostname. This IP address will be cached by your local client.
If you're using Route 53 and an ELB one advantage would be to use Alias records they actually set your domain record to the IP address which improves the speed of DNS resolution.
So in summary Route 53 is only contacted if the client does not know the resolution value for your domain.
I'm moving DNS records for an existing website from Amazon Route53 to Cloudflare, and introducing an AWS load balancer into the mix.
Current Architecture
Route53 DNS --> EC2 Instance
New Architecture
Cloudflare DNS --> AWS Load Balancer --> EC2 Instance
In some of the DNS records, there are references to the Elastic IP assigned to the AWS Instance (this is shown as 11.22.33.44 below). I didn't set up the records previously.
TXT record #1
v=spf1 mx include:_SPF.google.com a:ec2-11-22-33-44.eu-west-1.compute.amazonaws.com include:servers.mcsv.net ~all
TXT record #2
include:spf.protection.outlook.com include:spf.mandrillapp.com ip4:11.22.33.44
I have a couple of questions here:
Does the Cloudflare proxy or the load balancer affect the existing IP in the TXT records? I should leave this as it is, right?
Do these need to be two separate TXT records? Can I combine them, and if so, does the order of the statements matter?
Does the Cloudflare proxy or the load balancer affect the existing IP in the TXT records? I should leave this as it is, right?
Correct. Those do not affect the IP of the server.
Do these need to be two separate TXT records? Can I combine them, and if so, does the order of the statements matter?
Having more than one SPF record violates the RFC.
Duplicate SPF TXT records. Another commonly violated aspect of SPF is that a domain may only have a single SPF record. That means you can only have a single DNS TXT record that begins with “v=spf1”.
See https://www.socketlabs.com/blog/best-practices-sender-policy-framework-spf/
Background:
Those are SPF mail domain validation records, as you may know. They should always reflect the IP addresses or domains of any mail server that would be sending email on behalf of the given domain.
I would point out that since you now have a load balancer in the mix, that the instance IP number could change over time if it's replaced, assuming you have some Auto scaling group controlling instances. Every time that the instance restarts its IP address could change, depending on your setup. this would invalidate your SPF record and we need to be updated to maintain proper mail delivery.
For this reason I would suggest you consider using AWS SES for outbound email which will always be correct regardless of your instance IP chnages. The service provides fixed MX server names that you can use in your SPF records.
Here's my scenario:
I bought a domain from goddady
I set up email on godaddy as an addon
I hosted a web application on AWS
In order to secure my API calls I needed to transfer my domain from godaddy to AWS (I should have bought the domain on AWS to begin with but I didn't know I could do that)
I have successfully transferred my domain
Now my email (obviously) doesn't work anymore.
My question is: do I have to transfer email over to AWS as well, or is there just some setting that I will have to change on godaddy to point to AWS now? Is there a similar service on AWS (hosted email) that I can use?
As you have moved the domain into AWS, you need to move/create the MX(Mail exchange) records in route 53 too. Just create an MX record type entry in route 53 with name as your domain name and values with the list of mail servers that you can grab from godaddy. Here is the link to find how you can get the mail records form godaddy
https://au.godaddy.com/help/checking-and-managing-my-mx-records-7590
For more information about how to add MX records. follow this link
https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/ResourceRecordTypes.html#MXFormat
I have a web service running on EC2 behind an elastic balancer. I would like to allow my clients to point their A record to my web service so they could have their domain on my server. Similar to shopify or github pages.
However, I don't want to give them the IP of the web service, I'd like the request to go though the load balancer. How can I achieve this? Should I create a small server to forward requests? How does that work?
Many thanks!
If you are running your service behind an Elastic Load Balancer, you usually do not want to use ELB DNS name (which is something like your-service-ELB-1122334455.us-east-1.elb.amazonaws.com). Instead you will configure (probably using Route53, but any DNS service will do) CNAME or ALIAS record with some friendly name, like yourservice.yourdomain.example (this way, name will be easier to remember, and you have the freedom to change load balancer if needed).
All your customers have to do is to create CNAME DNS record pointing their name to your friendly service DNS name, like:
foo-service.theirdomain.example CNAME yourservice.yourdomain.example.
You also need to be aware that HTTP requests will have Host: header containing name entered by user (in case your server/service relies on that info)
You need to consider using Route53 as your clients's DNS service provider might not be supporting this feature beacuse of DNS rule.
See s3.6.2 of RFC 1034
Amazon created a new aliasing system for Route 53. You can now map the apex of a hosted zone to an Elastic Load Balancer using an Alias record. When Route 53 encounters an Alias record, it looks up the A records associated with the target DNS name in the Alias, and returns the IP addresses from that name.
In order to allow all of our customers to benefit from this new feature, there is no charge for queries to alias records when the target is an Elastic Load Balancer.
Associating Your Custom Domain Name with Your Load Balancer Name.
You can also create a Subdomain That Uses Amazon Route 53 as the DNS Service without Migrating the Parent Domain.
I have my domain name in godaddy's account. And I want to host that site on aws.
So for that I have created the EC2 instance and it is working fine with the public address they have given
http://ec2-23-20-10-132.compute-1.amazonaws.com/
I want to open the same thing with my domain name. How can I do that.
Need more context on this. Does Route 53 already have control of your domain name?
If your domain is in Route 53 and the NS (nameserver) values are using AWS name servers, then the process of routing your EC2 enviornment to your domain is quite easy.
In that case, all youll do is a create an A-level record set with the alias target of your raw EC2 url. Normally you set your A-level record set to be DOMAINNAME.com ...
After that, for posterity and canonical redirect purposes--you'd create a CNAME record for www.DOMAINNAME.com...this could point to your A-level record set of DOMAINNAME.com...
Hopes this helps!
Make sure your web server responds on domain.com
Point your DNS record (root records and/or www record) to the web server I.P