I'm using Route 53 for most of my website DNS needs but I have a question I couldn't find a clear answer for on Amazon's (usually very good) support docs.
It states everywhere in support not to change or remove the ns records for a hosted zone. But can I add ns records for a subdomain?
I'm migrating a site to Route 53 that requires ns records to point to a 3rd party for email. The current DNS set up is as follows:
When I come to move the parent domain to Route 53 can I add those records into the parent domain hosted zone as below or would I need to create a new hosted zone just for the sub-domain?
You can change the NS record in Route53 to add other DNS servers in the list or remove existing ones, but this is only required in very specific setups.
From your description, it seems you're simply trying to migrate the existing DNS settings from another provider to Route53. If this is the case, then you'll probably be using the AWS provided name servers exclusively for your domain, so the NS value that you have in Route53 is already what it should be and there's no need to change it.
The only reason why you would change the NS value is if you use other DNS servers (secondary DNS servers), separate from the ones Amazon has assigned to your hosted zone (possibly for redundancy, but the ones that Amazon provides already offer enough redundancy).
UPDATE (based on comments below):
If the subdomain user other name servers (it's delegated), then you'll need to create a new NS record in the hosted zone for that subdomain:
email.primary-domain.com. IN NS other-ns.dns-provider.com.
In this case, you'll need to leave the NS record for the root domain unchanged.
Related
We are in the process of taking over a website, and in order to do this, we want to take control of the domain prior to taking ownership. We don't seem to be able to do this by simply updating the Name Servers in the current provider's hosted zone to the ones from our hosted zone in Route53.
We have:
Lowered the TTL of the NS records to 300
Imported all DNS records to our hosted zone from the current owners
The current owners have changed the NS in their hosted zone to our NS
Our NS are showing as the NS for the domain using various checkers such as https://www.whatsmydns.net, but not https://who.is
We haven't changed the SOA in their hosted zone to ours
We haven't changed the NS in registered domains
Changes to these DNS entries or additional DNS entries in our hosted zone are not propagating or being respected.
If the name servers are propagated and showing as ours, do we still need to do 6. above in order for us to be able to control the DNS? Or is the SOA the important thing?
I am confused on the process of how to point a subdomain of an EC2 instance which is being run behind an ALB. The Target Group has port 80 which will then Redirect traffic to 443 and then a second Target Group which has the SSL certificate for 443. I have read online that I would need to create a hosted zone in Route 53 of the subdomain (e.g. apples.ilovefruits.org) and setup an ALIAS of the ALB. My domain and subdomains are hosted on Bluehost. The error I receive on the website to enter is a "403 Forbidden":
Would appreciate any help on this to get this to work.
UPDATE:
Should I replace the NS records of Route 53 with Bluehosts NS records?
I have read online that I would need to create a hosted zone in Route 53 of the subdomain (e.g. apples.ilovefruits.org) and setup an ALIAS of the ALB.
That's not true. You can delegate a subdomain and create an ALIAS record in Route 53, or you can create a CNAME record within your current dns provider.
An ALIAS record is an A record that will automatically resolve to an IP for the ALB without an intermediate CNAME lookup. This is great, but by no means necessary. An ALIAS record is a Route53-specific integration to other AWS resources.
Delegating a subdomain to route53 - at the cost of $0.50 a month plus a few cents per millions of requests - makes it more convenient to create with AWS dns records within that subdomain. It's especially useful if you're creating a lot of dns records that point to things in AWS. Creating records in your current DNS provider by hand is often an adequate solution until you're creating more than a few.
A route53 subdomain is also convenient if you're going to use ACM, amazon's cert issuing service. These certs are free, secure, and - if you use DNS validation - can renew automatically. If the domain of the certificate is in route53, the aws console for ACM will have a button to automatically add the validation record - convenient, right? But you can create the same record in any DNS provider, so again, until you're doing it a few times a week, the manual approach isn't so bad.
If you were to create a CNAME, do so in your current dns provider. Create a CNAME record whose name is your desired DNS name, and the value value is the ALB's dns name provided in the ALB details in the web console. This functions fine.
If you did want to delegate the domain, start by choosing the subdomain and creating its zone in Route 53. Take note of the 4 nameservers under the NS record there. These servers are ready to respond to requests for the subdomain, but nobody's going to ask them until you add these servers to your current dns provider as NS records for the subdomain. Then, public queries for the subdomain will be referred (or "delegated") to the amazon servers.
UPDATE: Should I replace the NS records of Route 53 with Bluehosts NS records?
No, The NS records for the zone in Route 53 are ready to serve queries for your zone, but that record is not what points any queries to those servers. The record that delegates the subdomain is in the parent zone (eg ilovefruits.org). Changing that NS record essentially does nothing. Above, we're *adding new * NS records for the subdomain, not changing anything that already exists for the parent domain.
If you're curious, the same is true of ilovefruits.org itself. In that case, the domain registrar also provides NS records for ilovefruits within the .org domain. As the domain registrant, you get to choose which servers these are. You could migrate your dns to amazon by changing these settings with your registrar. But strange as it may seem, even then, the NS records for the domain within that zone aren't being consulted for most dns lookups. DNS happens from the top level out, so .org is the domain that points to ilovefruits.org; it cannot, of course, point to itself!
Don't change the NS records of the root of your dns zone unless you're sure you know what you're doing. They aren't part of normal dns lookups and will be set appropriately by the dns provider, even if your domain hasn't delegated any dns queries to them.
The error I receive on the website to enter is a "403 Forbidden":
This has nothing to do with DNS and you should diagnose it separately.
I have almost 19 Hosted Zones and they all have almost max 34 records set count. They were in the account mhlabs and I moved them to account evercam.
According to this I need to updated the NS records as well and I..
From mhlabs account's evercam.io hosted zones.. I copied the NS, 4 records and copied them to evercam account's evercam.io and it's been 48Hours.
When I click on the radio button of evercam.io NS records are the old ones, but when I go inside the NS records are the new one Which I added.
How long it will take to change it?
Also written in Route53
The four name servers that route 52 assigned to the hosted zone if you
change the name servers in the NS record for hosted zone, Route53
doesn't change the assigned name server
Although you’re already using Route 53 as the DNS provider for your domain, when you create a new hosted zone, Route 53 randomly assigns four new nameservers to that zone.
In order to use the new hosted zone with your domain you’ll need to update your domains nameservers to use the nameservers provided by the new hosted zone.
You can follow the tutorial here for setting Route 53 as your DNS provider. It is important to note that although this part of the tutorial starts with “To begin using Amazon Route 53 as the DNS service for a domain”, you will follow the same steps to update the name servers when you migrate hosted zones.
When you move into your 2nd account, remember to update your NS record's values.
From 2nd account's Route 53, there are 4 new values from NS type record:
mydomain.com | NS | <4 rows Route53 new values>
From your 3rd party hosting domain services, replace your hosting domain's NS values with Route53 new values above.
At last, use any DNS checking service to check if the change has been made successfully or not.
https://dnschecker.org/
I recently transferred a domain helloorbital.com from GoDaddy to Route 53. However, when I used WhatsMyDNS to check my SOA and NS records, they are still pointing to the old registrar's records, how can I get my records to properly propagate please?
Separate question for knowledge, shouldn't my records on Route 53 take precedence once I migrate, why is it that it hasn't?
As per the AWS documentation here, you have three options for DNS when you transfer your domain to Route 53:
Continue to use the name servers provided by the current registrar or DNS service
Import name servers from a Route 53 hosted zone that has the same name as the domain
Specify new name servers to replace the current registrar's name servers (not recommended)
The implications of changing the DNS are significant and thus default option is to continue to use the name servers provided by the current registrar or DNS service.
To resolve the issue you are facing, you need to get the nameservers for your Route 53 Hosted Zone by following the steps here, and then replace the nameservers for your domain in Route 53 by following the instructions here, replacing the existing name servers (ns1.vodien.com and hostmaster.serveradd.com) with the four name servers provided by the Route 53 Hosted Zone.
DNS propagation can take up to 48 hours, however, in many cases it occurs in a matter of minutes.
I have one domain name registered in an AWS Hosted zone. It comprises of 5 records viz A, SOA, NS (4 ns addresses), MX and CNAME. But now, I want to create a Subdomain : static.domain.com. I have read Creating a Subdomain That Uses Amazon Route 53 as the DNS Service without Migrating the Parent Domain article from AWS doc but clearly that is not my case. My domain name is configured in the Route53 itself.
So if I have to create a hosted zone for the static.domain.com and update the NS records in the parent's hosted zone domain.com then I can just do that but I am confused if that's gonna work or destroy my whole configuration!
So guys, please tell me how to create the subdomain static.domain.com when my parent domain domain.com is also in the Route53?
FYI : I am creating this subdomain to serve static content from an s3 bucket which will be configured as an static website and will be aliased against this subdomain static.domain.com so that all static requests are can be fetched as http://static.domain.com/resources/path/to/dir/image.png etc.
Thanks very much
All you need to do is create a record set in your Hosted Zone, for your desired sub domain.
Go to your Hosted Zone
Click the 'Create Record Set' Button
In the dialog that appears on the right, enter your desired subdomain in the 'name' field. If you want static.domain.com, just enter 'static' in the name field.
Choose the Type of DNS Record you want eg, A, CNAME
Enter a custom TTL if desired, enter value(s) for your record and change the routing policy if also desired.
You have two options:
Create records in the existing hosted zone for the domain
Create an additional (dedicated) hosted zone for the subdomain, and create records in this dedicated hosted zone.
Both are explained below.
Option 1 (without a dedicated hosted zone)
In this case all we possibly can do is to change the list of the DNS records. And I believe primary record types to be configured are:
The A record type. It's like a [domain name to IP address] record.
https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/ResourceRecordTypes.html#AFormat
or the CNAME record type. This one is like a [domain name to another domain name] record
https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/ResourceRecordTypes.html#CNAMEFormat
Note: NS record should not be changed, its value should remain default and is used as a primary link between the name servers and the hosted zone. The hosted zone itself is kinda named AWS container for DNS records (i. e. a thing that can be referenced within AWS ecosystem).
Option 2
Create a hosted zone that has the same name as the subdomain that you want to route traffic for, such as acme.example.com.
Create records in the new hosted zone that define how you want to route traffic for the subdomain (acme.example.com) and its subdomains, such as backend.acme.example.com.
-> You get the name servers that Route 53 assigned to the new hosted zone when you created it.
Create a new NS record in the hosted zone for the domain (example.com), and you specify the four name servers that you got after step #2.
Option 2 pros: having a dedicated hosted zone provides more flexibility for configuration and managing access to this configuration for other AWS users (IAM permissions). "Flexibility" here can be for example having not the same DNS service used for the domain and for the subdomain
Option 2 cons: "small" performance impact to this configuration for the first DNS query from each DNS resolver. The resolver must get information from the root-domain's hosted zone first and then get information from the subdomain's hosted zone. But there is a caching mechanism regulated by TTL (Time to live) value.
Reference: 'Routing traffic for subdomains'
Mon Oct 24 19:59:40 PDT 2022
https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/dns-routing-traffic-for-subdomains.html
See also an option-2-related article: https://aws.amazon.com/premiumsupport/knowledge-center/create-subdomain-route-53/
Hope it helps and is somewhat educational.