I have a domain hosted through Route 53 called foo.com and all is good. I have both NS and SOA records created in Route 53:
foo.com. NS
ns-1609.awsdns-09.co.uk.
ns-431.awsdns-53.com.
ns-1071.awsdns-05.org.
ns-662.awsdns-18.net.
foo.com. SOA
ns-1609.awsdns-09.co.uk. awsdns-hostmaster.amazon.com.
We also segment our platforms by account. So, we have an AWS subaccount that supports our DEV environment (following the AWS document: https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/dns-routing-traffic-for-subdomains.html). So, within our foo.com hosted zone, we also have an entry:
devapi.foo.com. NS
ns-3476.awsdns-09.co.uk.
ns-2341.awsdns-76.com.
ns-3245.awsdns-56.org.
ns-294.awsdns-67.net.
Within our AWS DEV account, we have a devapi.foo.com hosted zone with the exact same NS record:
devapi.foo.com. NS
ns-3476.awsdns-09.co.uk.
ns-2341.awsdns-76.com.
ns-3245.awsdns-56.org.
ns-294.awsdns-67.net.
along with a SOA record and an A record that points at the DEV API Gateway:
devapi.foo.com. A ALIAS f-8wdjr4hvgh.execute-api.us-east-2.amazonaws.com.
where f-8wdjr4hvgh.execute-api.us-east-2.amazonaws.com. is the domain name of the API Gateway.
I have a custom domain mapping for devapi.foo.com
Unfortunately, in all of this, devapi.foo.com is not pingable/routable. If you ping it, it returns an IP address but a Request timeout for icmp_seq* ...
If I use https://www.whatsmydns.net/#A/ for devapi.foo.com, I get green check marks but I believe that all that is telling me is that the domain name is resolvable.
Thoughts on what I am missing?
Followup: The issue was with the Custom Domain Mapping and Base Path.
I ran into a problem where I went to setup a record that mapped my custom sub-domain to my API Gateway. When I went to select the actual endpoint I got a red warning/error message saying "cannot retrieve endpoint suggestions"
The instructions for setting everything up are here:
https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/routing-to-api-gateway.html
Before doing what I was trying to do, the prerequisites (stated on the linked page) were:
An API Gateway API that has a custom domain name, such as api.example.com, that matches the name of the Route 53 record that you want to create.
A registered domain name. You can use Amazon Route 53 as your domain registrar, or you can use a different registrar.
Route 53 as the DNS service for the domain. If you register your domain name by using Route 53, we automatically configure Route 53 as the DNS service for the domain.
I realized I had not done step #1. This needs to be done via the API Gateway interface, not the Route 53 interface. If you haven't done this for the domain yet (not the sub-domain, but the domain) you may need to do some work to setup a certificate for the domain. This involves placing what looks to be a sort of magic key entry in your domain registry (using Route 53 or whatever you used to register your domain) so that Amazon knows you own the domain.
Once this custom domain has been setup (again, in the API Gateway section, not Route 53), then I was able to create a record in Route 53 and my API Gateway endpoint was now detected for selection.
Related
I have existing hosted zone and A record in AWS route 53. The A record is pointing to cloudfront distribution.
lets say the hosted zone name is abcd.ci.example.io. The A record name is same as hosted zone. I can access the web site at abcd.ci.example.io without any issue.
I also have AWS Gateway API with invoke url https://xxxxx.execute-api.us-west-2.amazonaws.com/dev I can access a particular API route from the browser using invoke url https://xxxxx.execute-api.us-west-2.amazonaws.com/dev/v1/healthcheck
I want to assign a custom domain name to invoke url. So I created a new CNAME record in the hosted zone as api.abcd.ci.example.io and set the value to https://xxxxx.execute-api.us-west-2.amazonaws.com/dev
But then when I try to access a route using https://api.abcd.ci.example.io/v1/healthcheck I get error This site can’t be reached
A simple command line ping to api.abcd.ci.example.io also returns error as Ping request could not find host api.abcd.ci.example.io. Please check the name and try again.
Below is list of records in hosted. There are couple of acm validation records as well for both the domains.
Before API Gateway will let you point your custom domain to it, you first have to setup the custom domain in API Gateway, which includes setting up the SSL certificate API Gateway will use for that custom domain.
I am confused on the process of how to point a subdomain of an EC2 instance which is being run behind an ALB. The Target Group has port 80 which will then Redirect traffic to 443 and then a second Target Group which has the SSL certificate for 443. I have read online that I would need to create a hosted zone in Route 53 of the subdomain (e.g. apples.ilovefruits.org) and setup an ALIAS of the ALB. My domain and subdomains are hosted on Bluehost. The error I receive on the website to enter is a "403 Forbidden":
Would appreciate any help on this to get this to work.
UPDATE:
Should I replace the NS records of Route 53 with Bluehosts NS records?
I have read online that I would need to create a hosted zone in Route 53 of the subdomain (e.g. apples.ilovefruits.org) and setup an ALIAS of the ALB.
That's not true. You can delegate a subdomain and create an ALIAS record in Route 53, or you can create a CNAME record within your current dns provider.
An ALIAS record is an A record that will automatically resolve to an IP for the ALB without an intermediate CNAME lookup. This is great, but by no means necessary. An ALIAS record is a Route53-specific integration to other AWS resources.
Delegating a subdomain to route53 - at the cost of $0.50 a month plus a few cents per millions of requests - makes it more convenient to create with AWS dns records within that subdomain. It's especially useful if you're creating a lot of dns records that point to things in AWS. Creating records in your current DNS provider by hand is often an adequate solution until you're creating more than a few.
A route53 subdomain is also convenient if you're going to use ACM, amazon's cert issuing service. These certs are free, secure, and - if you use DNS validation - can renew automatically. If the domain of the certificate is in route53, the aws console for ACM will have a button to automatically add the validation record - convenient, right? But you can create the same record in any DNS provider, so again, until you're doing it a few times a week, the manual approach isn't so bad.
If you were to create a CNAME, do so in your current dns provider. Create a CNAME record whose name is your desired DNS name, and the value value is the ALB's dns name provided in the ALB details in the web console. This functions fine.
If you did want to delegate the domain, start by choosing the subdomain and creating its zone in Route 53. Take note of the 4 nameservers under the NS record there. These servers are ready to respond to requests for the subdomain, but nobody's going to ask them until you add these servers to your current dns provider as NS records for the subdomain. Then, public queries for the subdomain will be referred (or "delegated") to the amazon servers.
UPDATE: Should I replace the NS records of Route 53 with Bluehosts NS records?
No, The NS records for the zone in Route 53 are ready to serve queries for your zone, but that record is not what points any queries to those servers. The record that delegates the subdomain is in the parent zone (eg ilovefruits.org). Changing that NS record essentially does nothing. Above, we're *adding new * NS records for the subdomain, not changing anything that already exists for the parent domain.
If you're curious, the same is true of ilovefruits.org itself. In that case, the domain registrar also provides NS records for ilovefruits within the .org domain. As the domain registrant, you get to choose which servers these are. You could migrate your dns to amazon by changing these settings with your registrar. But strange as it may seem, even then, the NS records for the domain within that zone aren't being consulted for most dns lookups. DNS happens from the top level out, so .org is the domain that points to ilovefruits.org; it cannot, of course, point to itself!
Don't change the NS records of the root of your dns zone unless you're sure you know what you're doing. They aren't part of normal dns lookups and will be set appropriately by the dns provider, even if your domain hasn't delegated any dns queries to them.
The error I receive on the website to enter is a "403 Forbidden":
This has nothing to do with DNS and you should diagnose it separately.
I'm trying to set up a custom domain (say, myapi.com) for my API Gateway but am running into problems. The domain is currently registered on GoDaddy. So far, I've followed this tutorial and done the following:
Obtained a certificate for myapi.com and *.myapi.com from the AWS Certificate Manager.
Mapped the domain myapi.com (not *.myapi.com as I don't need it yet) to an API in the API Gateway.
Added a CNAME entry for the resulting "target domain name" in GoDaddy.
Here are the screenshots:
Now here's the problem: When I do ping myapi.com I get: No address associated with hostname. I'm not sure what's causing this, so would really appreciate some help. And while we're at it, are there any other steps I need to perform before this works as expected?
You cannot use a CNAME record at the apex or domain root with standard DNS services. I suggest you try using a hostname for your endpoint and using the CNAME there eg api.example.com.
Alternatively, you can move your DNS to Route 53. The Route 53 system does support aliases at the root domain level, using the Alias record type.
For more information on Alias records in Route 53 see https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resource-record-sets-choosing-alias-non-alias.html
I have a domain name that I registered with a site called DotEasy. I am building a web app that I am going to host on AWS and I would like to use AWS Route 53 for my DNS. Ideally I'd like to use Route 53 as the registrar as well, but I'm not sure if that's possible and I've also heard it can take ~3 months for domain registrars to switch over.
Either way, I'm trying to set up Route 53 so that when users go to myapp.example.com they get routed to a specific EC2 instance of mine.
So I go into Route 53 and clicked Create Hosted Zone and Route 53 created two DNS records for me:
A NS (Name Server) record that has 4 different values, all of the form ns-<X>.awsdns-<Y>.<TLD>, where <TLD> is .com, .net, .co.uk, etc.; and
A single SOA (Start of Authority) record
I'm pretty green when it comes to DNS setup, I'm hoping I can just log into DotEasy's admin panel and update myapp.example.com's DNS settings to point to one of these records, but I'm not sure which ones I need to use. DotEasy's UI has fields that allow me to enter/change a primary, secondary, third and fourth DNS server hostname.
So I have two issues here:
Configuring Route 53 to route traffic over port 9200 to a specific EC2 instance (ultimately this will be an ECS custer or ELB load-balanced URL but for now its just a single EC2). I assume I need to write my own Zone file or perhaps Route 53 can create one for me?; and
Configuring DotEasy and/or Route 53 so that requests to https://myapp.example.com:9200 get forwarded to whatever resource/mapping was created above in Step 1
Any ideas how I can accomplish this?
DNS and HTTP are different protocols.
After you create an ELB attach your instances and within your DNS provider just create a CNAME pointing to the public address of your ELB, for example:
myapp IN CNAME elb-nme.us-west-2.elb.amazonaws.com
To respond request on port 9200, you need to configure the ELB for doing this, but this has nothing to do with the DNS.
I have created a Route 53 hosted zone which contains a SOA, an NS record and a A record.
The A record points to the web instance I have hosted on AWS.
On the registrar what do I need to use to get the domain to use Amazon Route 53, is it just Nameservers? Or do I need an A record or a CNAME?
Which Nameservers should I use the SO or the NS record?
Thanks
Just name server entries, here is AWS documentation on Migrating DNS Service for an Existing Domain to Amazon Route 53.
Which name servers? Here are steps on how/where to get them and add them in 3rd party server.
Step 5: Update Your Registrar's Name Servers
Step2: In the Amazon Route 53 console, get the name servers for your Amazon
Route 53 hosted zone:
Sign in to the AWS Management Console and open the Amazon Route 53
console at https://console.aws.amazon.com/route53/.
In the navigation pane, click Hosted Zones.
On the Hosted Zones page, choose the radio button (not the name) for
the hosted zone.
In the right pane, make note of the four servers listed for Name
Servers.
Alternatively, you can use the GetHostedZone action. For more
information, see GetHostedZone in the Amazon Route 53 API Reference.
Step3: Using the method provided by the registrar for the domain, replace the
name servers in the registrar's NS records with the four Amazon Route
53 name servers that you got in step 2.
Note Some registrars only allow you to specify name servers using IP
addresses; they don't allow you to specify fully qualified domain
names. If your registrar requires using IP addresses, you can get the
IP addresses for your name servers using the dig utility (for Mac,
Unix, or Linux) or the nslookup utility (for Windows). We rarely
change the IP addresses of name servers; if we need to change IP
addresses, we'll notify you in advance.
You are still using your registrar's Name Server.
Change it to AWS Route53 name server.
Just adding the name servers to the registrar's website, brought my domain up and running.