I'm building a solution that will be provided to several companies. Any company will have to point their domains (or just a sub-domain) to my server and then I'll handle pages to their customers.
I'm testing it with the following config:
CustomerABC.com pointing to one hosted zone into Route 53
CustomerDEF.com pointing to another hosted zone into Route 53
Both hosted zones have an A record pointing to the same EC2 server instance
That said, every customer that wants to use my service will have to change its domain's DNS to his own hosted zone in my Route53. My server will handle many domains.
I'd like not having to create a new hosted zone for every new customer. Is there any way to achieve the same result?
Put Elactic Load Balancer in front of your application instance (even if you will use only one instance at the beginning).
Using your domain (the zone does not have to be hosted on Route53), create one CNAME (or ALIAS) record (for example myapp.example.com) and point it to your load balancer's domain name.
Simply tell your customers to CNAME their subdomain to your app dns name
If a business I was looking to do business with told me I needed to create a new zone on my DNS to access an application, I would very quickly move my business elsewhere! Especially if they wanted control of that zone, there are big security issues in allowing that. You will almost certainly lose business if you make that a requirement.
This is a commonly solved problem for thousands of businesses across the internet, you simply tell them to point their domain to your servers and you figure out which customer is which. Either by using something like the HTTP Servername field, or having some manner of authentication process that differentiates them from the other users.
By far the simplest method is having a CNAME record that you point all of your customers to. Depending on your business model it can be useful to give each customer a custom CNAME, some random unique ID, so if you need to expand and move clients in future you can do them a number at a time.
Look around at your competitors, or just generally around other businesses that have similar web models. Understand how they engineer their infrastructure and emulate that. But taking a whole DNS zone, is a really bad idea.
Related
In my application, I'm giving a subdomain (like user.domain.com) to each account. So, I'm planning to use AWS Route 53 for routing subdomains to my application. Is there any maximum limit of subdomains in Amazon Route 53.
Thanks in advance!
I'm giving a subdomain (like user.domain.com) to each account
You should revise your application design what If you users reached to million? and what if you want to migrate your DNS in future also subdomain maximum limit varies from service provider to service provider.
So generalize solution cloud be like all subdomain will point to a single endpoint (Load balancer) and your core backend will check DNS and then load custom response base on the domain, normally login page for which you can save custom logo etc against domain name and load these resources base on domain.
High-level architecture
So same case for a big cloud service provider, for example, slack, which provides subdomain for each user but do we think that slack manages route53 record for each users?
how-slack-works
Or you can simply do nslookup, for thousand domain you will get the same backend IP.
slacker:~$ nslookup acmeinc.slack.com
Name: acmeinc.slack.com
Address: 13.228.49.204
slacker:~$ nslookup www.slack.com
Name: www.slack.com
Address: 13.228.49.204
The Route53 limits and quotas are listed here.
The limits are not expressed directly in number of subdomains, but rather in number of records and hosted zones, among other things.
Therefore, there is 10,000 records per hosted zone, but it can be increased. Also you can have 500 hosted zones per account.
This might be relevant or not depending on your use case, but if you expect a large number of users and want to assign a custom subdomain per user, then the limit of 10,000 is probably not sufficient for you.
Your other option is to create a CNAME record with a wildcard subdomain, something like *.domain.com, and point the record to your application, this is now supported by AWS Route 53 and will support all possible subdomains.
The drawback is that subdomains that are not registered will also be directed to your application (like random-str.domain.com), so you'll need to do your validation outside of Route 53. Maybe call an API to validate from your frontend app
I have been looking around the internet and I have come across a few different ways to link my AWS EC2 instance to my domain name. It looks like I could do it using Route 53 but I am not entirely sure on that process. The other way is to map it from google. These seem like the best instructions I have found for that: link a Google Domain to Amazon ec2 server
The question that I can not seem to find is what about my email address. I pay google so that I can have some email addresses name#mydomain.com. Now these work fine and I have had them up and running for months. But now I want to have my website (it is a web app) point to it. Because currently when you go to mydomain.com it says This site can’t be reached mydomain.com’s server IP address could not be found.
Some help here on how to do this would be great. I am afraid that I am going to set this up incorrectly and then lose access to my gmail account which I cannot have happen.
Your domain's email is configured via MX DNS records. You would point your domain to your EC2 instance by adding A or CNAME DNS records. The two configurations are completely separate. You will not break your current email setup by adding an A or CNAME record that points to the EC2 instance. You simply need to add that record in your DNS settings, wherever your DNS is currently hosted. You don't need to make any changes in your Gmail account configuration, and you don't really need to use Route53 either (although it does add some nice features). You had to configure the MX records somewhere at some point, to setup your G-Suite account for your domain. You just need to go into that same DNS configuration (most likely still hosted at the company where you initially purchased the domain name) and add an additional record.
I just moved a simple, static website to GCP, and it's working fine. But I want to keep using a separate company as registrar, not the hosting company. So as a shortcut, I just set the www CNAME at the registrar's site to c.storage.googleapis.com, without using Google's DNS - and this works.
But is it good practice? If not, could someone recommend a step-by-step guide to setting up a public zone on GCP? Google's documentation is complicated, getting into private zones, authentication, and service accounts, which I probably don't need.
As long as the company providing your DNS services is reliable and has the DNS features you require, it really does not matter which DNS provider you use.
You bring up the point of good practice. There are lots of opinions, some prefer that the same cloud provider host DNS, others recommend separating these functions.
There are situations where you want the DNS servers in the same cloud. For example AWS supports A-ALIAS records which are a logical fit for AWS load balancers. Take a look at your current DNS server requirements and look forward to what you may need next year, etc. Then pick a DNS provider that meets your requirements.
It is also very easy today to switch both registrars and DNS providers. It can be a pain for a couple of days while DNS switches over, but this just means hosting your records with two companies while the world synchronizes.
I have been asked by a small business to setup some load balancing for them. One server is based in Sydney, the other in London.
I am thinking of using Amazon's Route53 traffic flow offering. The thing is they do not want to delegate the domain to my control. They are happy however for me to create another domain which I would have control of.
Is there any reason why I couldn't setup that new Domains NS records to point to AWS. Then load balance traffic requests coming to that new domain to the appropriate original domain?
I'm guessing any health checks would have to be against the original domain.
There is nothing stopping you from doing that as long as the new domain is a public hosted zone in R53 and you are using R53 for the NS.
In R53 you will need to use a CNAME resource record type to point to the original domain, and the health checks associated will need to be for the original domain as you say.
I'm working on transferring my website from godaddy, to AWS. I completed all the steps with the domain transfer, e.g. unlock domain, approve the transfer on both sides. And then I cancelled my Godaddy hosting. Now I have set up the AWS hosted zones, and I'm stuck on switching DNS services.
One of the steps is to enter the NS values on Route53 into the DNS provider on godaddy, but since I cancelled my hosting service I no longer have any way to access my DNS provider.
I'm wondering what to do in this situation. Is it possible to access the DNS provider directly? I waited for the TTL to expire before posting this because I thought that would fix my issues, but it did not.
If you transferred the domain registration to Route 53, you are following a set of instructions that doesn't match what you are trying to accomplish.
In Route 53...
Under "Hosted Zones," select your domain. Make a note of the 4 name servers assigned.
Then, under "Registered Domains," select your domain.
The name servers shown here need to match the 4 name servers that were assigned to your Hosted Zone.
Click Add/Edit Name Servers to modify them. They are probably still pointing to the Go Daddy (something like "nsxx.domaincontrol.com" if I remember correctly) name servers.
It sounds like what you were reading was instructions for moving your DNS hosting to Route 53, without doing a domain transfer, which is change of the registrar of record. Changing DNS hosting, only, would not have involved unlocking and approving as you described. Registrar and hosting are two completely separate services, but providers often bundle them together, leaving users often unaware of the distinction.