I am newly using AWS and I am using first time AWS lightsail. I am in trouble about DNS Server Managing;
I get a static ip but I can't see this static ip in IIS Bindings setting.
I installed DNS Server feature from add roles and features widzard.
I added a Forward Lookup Zone for my site, When I add ns records I can't use public(static ip) so I used private Ip.
I am using many vps providers (Vultr, Google etc.) but I am living first time problem like this.
I reach the site from public(static) ip but I can't reach from domain and I can't reach ns record.
What is I missed about that?
I understood AWS operation type so;
I am using private/internal ip for IIS bindings and DNS records, AWS automatically mask it with public/static ip.
I was living DNS reach problem and I solved the DNS reach problem with opening DNS ports from network security area.
So I missed open the DNS ports from AWS lightsail firewall.
Related
I already have a domain, like exmaple.com and I have a simple app running on an ec2 instance.
I've allocated an elastic IP for this instance, and created a zone on route 53, created A record, and also an alias record.
I have updated the nameservers from route53 NS records in GoDaddy domain settings(and I should mention that I've waited 48 hours for ns to be propagated, and that part is fine).
When I ping example.com on my own computer, the DNS Name resolve to the correct IP address.
When I check the elastic IP, it's working and shows my website, but when I check example.com it does not show my app and shows This site can’t be reached:
this is a screenshot of what it shows
I cannot see where's the problem!
Based on the comments.
The issue was due to using https, rather then http. The http connection works. To setup https the following general procedure needs to be undertaken:
Get a public SSL certificate. Since you are using instance, you can't use AWS ACM for that. In this case a popular choice is https://letsencrypt.org/ where you can register free SSL certificate for your domain and its subdomains.
Setup ssl connectivity on your instance. Often this is done by using nginx as a revers proxy. The nginx will provide HTTPS for your instance using the SSL certificates from step 1.
Open port 443 (HTTPS) in your security group.
The alternative is to front your instance with an application load balancer (ALB). Using it, you can easily get free AWS ACM free certificate and deploy it on the ALB. No actions required on your instance in this case.
I'm new AWS and I have to continue maintaining previous developer service that is hosted on AWS. The ec2 instance that is hosted has map to domain name of https://****c.k**g.g***an.org.au, however I couldn't find this domain name anywhere. I tried looking at route53, but there's no such domain name registered.
Please help, how do I find the domain name that is mapped to the EC2 instance? Where can I get that information. The reason because I want to deploy a new instance but with the same domain name.
Edit: Masking DNS for privacy reasons.
Are you sure your DNS is hosted by Route53? Running dig against k***.g****.org.au has the SOA held by ns1.mooball.net.
The whois for mooball.net returns register.com as the owner, so I would consider reaching out to your internal teams to see who holds that account, then check your DNS delegation settings by logging in to register.com.
Often times the client will control their own DNS, so it would also be worth confirming with your client where their root DNS (garvan.org.au) is hosted - you can then trace the subdomain delegation to see where it is ultimately hosted.
check route53 service in AWS , since the domain is served by https..it could be the domain mapped to a load balancer and the load balancer has the instance...anyway you can know from the route53 there you find all the records
Recently, I started searching about security procedures and came across SSL. Actually, I already knew about SSL, but I found to be too expensive at the time.
Luckily, yesterday I found out that Amazon gives SSL certificates for free!
However, I have spent a whole day trying to set it up but it didn't work.
I have a domain registered at GoDaddy, let's assume its www.mydomain.com. My website is hosted, however, on Amazon Web Services (AWS). I also have access to edit the GoDaddy's DNS records and full access to my AWS account. I have seen LetsEncrypt, but my website runs in ASP.NET (IIS Windows) and currently they only support Linux OS.
Here's what I've tried to do:
Get a SSL Certificate from AWS Certificate Manager
I have chosen to setup via DNS, which means I had to add a CNAME record to GoDaddy domain records.
If you look above carefully on the two images, the CNAME record on AWS is on the center of the page. I've added a record as CNAME containing the values.
Add HTTPS to Load Balancer Listeners:
Allowed HTTPS on Security Groups
NOTE: Both Inbound and Outbund rules are just like above. I have also set the Load Balancer and my Running Instance to use this security group.
Added records to Route 53 Hosted Zones
The A type record points to my instance IP.
The NS record was generated by Amazon (I added GoDaddy's Name servers as well).
The SOA record was generated by Amazon and I didnt touch it.
The CNAME was added by me, It's again the SSL protocol.
I don't know what else to do or if I have a wrong setup.
If I'm not mistaken, you have an EC2 instance behind an ELB (Classic/Application/NLB), requested an ACM certificate which has been issued successfully for *.mydomain.com, created HTTPS listener to use the SSL certificate but getting connection time out on port 443.
The issue is the DNS record of mydomain.com still points to the EC2 instance's IP, which might not be listening on port 443 (and the ELB is not being used at all).
So, to resolve this, you have to use the ELB's DNS name and use it as CNAME in your DNS record (not sure whether in Route 53 or GoDaddy because I don't know which is authoritative NS).
Also, you might consider requesting a new certificate with mydomain.com and *.mydomain.com and update the listener because ACM cert with *.mydomain.com does not protect mydomain.com.
I have a domain registered at godaddy but want to have webhosting at AWS Amazon. As per the instructions, updated the 'A' record with Elastic IP of AWS. But the website is down and not able to connect. Thanks in advance for any help. Am I missing anything on AWS EC2 VPC? I am not using Route 53 since this is not required as per AWS documentation.
please check your application should hosted in port 80. Can you able to access your application IP:80 from browser..?
Please check the port you are running your application on. If your domain name is somexyz.com and your port is other than 80 (standard TCP port for HTTP service) like 5000 for default Flask werkzeug dev server, you will have to type somexyz.com:5000 on the browser to access your website. Otherwise run it on 80. The stackoverflow discussion here- create a domain name pointing to an IP of port different than 80 should help.
(Also, this may be irrelevant now but the TTL field~600secs etc on godaddy reflects avg time for DNS records to get updated when we edit zone info 'A' field to point to Amazon Ec2 Elastic IP. So waiting for upto an hour or so helps.)
We have a domain mydomain.com, which we have registered with a UK registrar. We are using Amazon's Route53, and this domain has been added in Route53 and is using the name servers as follows;
ns-558.awsdns-05.net
ns-1755.awsdns-27.co.uk
ns-466.awsdns-58.com
ns-1343.awsdns-39.org
I've added the relevant A records for www etc to point our elastic IP to this domain.
We are also running MailEnable on this EC2 server (running Windows 2012). The MailEnable server is asking for me to enter DNS addresses (Check and configure DNS settings), I assume it will use when sending email.
My question is what DNS addresses / servers can I use ? Can I use
ns-558.awsdns-05.net
ns-1755.awsdns-27.co.uk
ns-466.awsdns-58.com
ns-1343.awsdns-39.org
You can see the DNS address(es) in the screen shot below.
You can't use those Amazon servers because they're authoritative-only (they'll only tell you about domains they know about, instead of acting as a recursive proxy). You can use Google's public DNS servers at 8.8.8.8 and 8.8.4.4 for that field.
(original answer below)
You need to create an A record that points at the elastic IP assigned to your mail server (for example, mail.yoursite.com points at 1.2.3.4). Then, you'd create an MX record for yoursite.com that points at mail.yoursite.com. Finally, I believe you would give MailEnable mail.yoursite.com, but I'm not 100% sure on that.