I have a domain (ex: example.com) which is configured and working fine with AWS Route 53 as below configuration
I have A record point to a AWS ELB for 2 EC2 instances (such as A and B which have tomcat 7 installed and configured).
Now I want to setup a subdomain like java.example.com which is pointing to another EC instance such as C but so far is not luck
What I have tried so far is
Try 1. Create another hosted zone such as java.example.com and then create A record which point to the IP of C ==> not working
Try 2. Create A record under hosted zone example.com with name as java.example.com and value is IP of C => not working
Please advice what I'm missing.
What you can do is create a CNAME record named java.example.com and point that to the EC2 instance.
If you want to use A record then create a Load Balancer, put your EC2 behind the load balancer and then use the DNSName of the load balancer as the value for your A record
Check here for more details https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resource-record-sets-choosing-alias-non-alias.html
Extract from above page is as follows
When Route 53 receives a DNS query for an alias record, Route 53 responds with the applicable value for that resource:
An Amazon API Gateway custom regional API or edge-optimized API –
Route 53 responds with one or more IP addresses for your API.
An Amazon VPC interface endpoint – Route 53 responds with one or more IP addresses for your interface endpoint.
A CloudFront distribution – Route 53 responds with one or more IP addresses for CloudFront edge servers that can serve your content.
An Elastic Beanstalk environment – Route 53 responds with one or more IP addresses for the environment.
An ELB load balancer – Route 53 responds with one or more IP addresses for the load balancer.
An Amazon S3 bucket that is configured as a static website – Route 53 responds with one IP address for the Amazon S3 bucket.
Another Route 53 record in the same hosted zone – Route 53 responds as if the query is for the record that is referenced by the alias record.
Related
I have a domain that's hosted by a hosting provider. I'd like to configure a subdomain of it to use an AWS elastic IP address I have that's used by an EC2 instance. Here's what I've done so far, but it still doesn't work.
Created an A record for the subdomain on the hosting provider's server
Created a Route 53 public hosted zone
Added an A record for the subdomain to the Route 53 zone
All routing policies in the zone are set to "Simple"
Created 4 NS records on the domain registrar for the subdomain that point to the Name Servers the Route 53 zone uses
When I ping it I get "cannot resolve sub.domain.com: Unknown host"
Am I missing something?
So there is my load balancer with allocated dns name and group policy - the question how my customer could link it with his hosted zone's record?
and how I could open inbound connection for that domain name?
For now as a workaround I've created hosted zone record in my acc linked to this load balancer ... and created hosted zone record in his route53 to ip (which atm points to my record) ... BUT I think it doesn't actually point to load balancer, but only to it's node ... and I have this problem since obviously ssl certs don't match
NET::ERR_CERT_COMMON_NAME_INVALID
Could somebody point to right solution of this problem ... ?
Your customer provisions a Route 53 Alias record in the normal way, but instead of selecting the balancer from the list of targets (since it isn't shown), your customer will need to paste the DNS Name of the balancer in the box.
If you used different accounts to create your Route 53 hosted zone and your load balancer – Enter the value that you got in the procedure Getting the DNS Name for an ELB Load Balancer.
https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resource-record-sets-values-alias.html
Is it possible for a single domain name to be associated with multiple AWS ELB on different domains?
Eg. I want example.com to point to my first ELB, and api.example.com to point to my second ELB (which is from a different AWS account).
I tried creating an A record for example.com with the first ELB as alias target, and another A record for api.example.com with the second ELB as alias target, but only example.com is working.
For both of the ELB, I use the same domain name for the AWS cert manager to register for SSL cert, not sure if that affects anything.
The problem was that I forgot to allow all incoming traffic on the security group of the ELB...
Yes, you can use multiple load balancers for the same domain or different domains. For the AWS managed SSL certificate, you will need all domain names in the same certificate or you can use a different SSL certificate for each domain name. I would just create one certificate with "example.com" and "*.example.com".
Your issue is that you are using an SSL certificate for api.example.com that has the name example.com. The SSL certificate must include the name that matches the domain name.
If you do not have an SSL certificate installed on the EC2 instance, then setup SSL termination at the load balancer. This means creating a listener for port 443 that forwards to port 80.
To configure Route53 with an ELB in a different account:
For ELB load balancers, do one of the following:
If you used the same account to create your Amazon Route 53 hosted zone and your load balancer – Choose Alias Target and choose a load
balancer from the list. If you have a lot of load balancers, you can
type the first few characters of the DNS name to filter the list.
If you used different accounts to create your Amazon Route 53 hosted zone and your load balancer – Enter the value that you got
in the procedure Getting the DNS Name for an ELB Load Balancer.
If you used one AWS account to create the current hosted zone and a different account to create a load balancer, the load balancer will
not appear in the Alias Targets list.
If you used one account to create the current hosted zone and one or more different accounts to create all of your load balancers,
the Alias Targets list shows No Targets Available under Elastic
Load Balancers.
In either case, the console prepends dualstack. to the DNS name. When
a client, such as a web browser, requests the IP address for your
domain name (example.com) or subdomain name (www.example.com), the
client can request an IPv4 address (an A record), an IPv6 address (a
AAAA record), or both IPv4 and IPv6 addresses (in separate requests).
The dualstack. designation allows Amazon Route 53 to respond with the
appropriate IP address for your load balancer based on which IP
address format the client requested.
Values for Alias Resource Record Sets
I have a domain for instance example.com.
The domain is hosted by a third party service (Digital Ocean).
I would like to give control of a subdomain to AWS.
So I would like to point aws.example.com to AWS.
Once the root subdomain is pointed to AWS. I would like to use Route 53 to setup the following functionality:
aws.example.com => alias to eb my-production-eb
dev.aws.example.com => alias to eb my-dev-eb
stage.aws.example.com => alias to eb my-stage-eb
Is this possible? Do I have to point my domains directly via cname record to the AWS load balancer?
Update 1:
I feel like I need to set the following in Digital Ocean:
aws.example.com => revoke control to AWS Route 53 somehow
*.aws.example.com => revoke control to AWS Route 53 somehow
Update 2:
The AWS documentation for Creating a Subdomain That Uses Amazon Route 53 as the DNS Service without Migrating the Parent Domain does not work for Digital Ocean.
Do not add a start of authority (SOA) record to the zone file for the parent domain. Because the subdomain will use Amazon Route 53, the DNS service for the parent domain is not the authority for the subdomain.
If your DNS service automatically added an SOA record for the subdomain, delete the record for the subdomain. However, do not delete the SOA record for the parent domain.
The question on Digital ocean regarding changing the SOA address titled "How can I change the SOA address in DNS settings?" states the following in one of the comments.
Unfortunately it is not possible to edit the SOA address right now
There is the ability to vote for this feature in Digital Ocean Configurable SOA record in DNS.
So my idea is that because you can't remove the SOA on Digital Ocean Amazon can't communicate to the domain correctly.
You need to delegate the DNS subdomain aws.example.com to Route 53.
See Creating a Subdomain That Uses Amazon Route 53 as the DNS Service without Migrating the Parent Domain
You can create a subdomain that uses Amazon Route 53 as the DNS
service without migrating the parent domain from another DNS service.
The basic steps are:
Create an Amazon Route 53 hosted zone for the subdomain.
Add resource record sets for the new subdomain to your Amazon Route 53 hosted
Update the DNS service for the parent domain by adding name server records for the subdomain provided in Step 1.
Assuming the current TLD example.com is hosted at Digital Ocean, then you need to create NS resource records there for the aws subdomain, using the name servers Route 53 provides you when create the hosted zone for aws.example.com.
Then you can control all hosts *.aws.example.com, including CNAMES for ELBs etc. from Route 53.
Yes, you can have any number of subdomains whether they are A or CNAME records, just point them to the target (public) IP.
I am hosting content on AWS and want to configure my DNS settings so that both my # record and www record point at my Elastic Load Balancer.
example.com (# record)
www.example.com (www record)
AWS recommends setting up domains using CNAMEs as the IP addresses can change.
All the documentation I have seen on the CNAME is that they deal with subdomains but not the primary domain itself (http://example.com
). The primary domain requires an A record and therefore must require an IP address.
I do not want to use an A Record to point the traffic to my Elastic Load Balancer as the IP address may change.
Any idea how I can get around this issue?
I am using Linode to manage my DNS.
You can use a special record type in Route 53 called "Alias".
Q. Can I point my zone apex (example.com versus www.example.com) at my
Elastic Load Balancer?
Yes. Amazon Route 53 offers a special type of record called an ‘Alias’
record that lets you map your zone apex (example.com) DNS name to your
ELB DNS name (i.e. elb1234.elb.amazonaws.com). IP addresses associated
with Amazon Elastic Load Balancers can change at any time due to
scaling up, scaling down, or software updates. Route 53 responds to
each request for an Alias record with one or more IP addresses for the
load balancer. Queries to Alias records that are mapped to ELB load
balancers are free. These queries are listed as
“Intra-AWS-DNS-Queries” on the Amazon Route 53 usage report.
Source: https://aws.amazon.com/route53/faqs/
Just set the Alias to Yes and you will be able to choose your load balancer from the dropdown menu: