4

The project I'm working on requires that we mask AWS EC2 host names with our own subdomains.


For example:

ec2-176-34-163-40.eu-west-1.compute.amazonaws.com would map to gf53ef.domain.com

and

ec2-123-31-124-60.eu-west-1.compute.amazonaws.com would map to sdfrh5.domain.com


There will always be list available that stores the relationship between the domains.

This list changes ALL THE TIME. Meaning in one minute we could have 100+ new ec2 instances started, and the next all could terminate.

I'm wondering how to set up our Ubuntu server to handle this case.

Thanks

2 Answers2

3

I am dong something similar on an openstack cloud for instance DNS name updates (probably not as dynamically as your requirement ;-), basically we have a bind named instance that accept dynamic updates.

I used webmin to configure the remote control using RNDC, and the basic bind configuration.

enter image description here

and then generate a key for remote access, and distribute it to your control node;

dnssec-keygen -a hmac-md5 -b 128 -n HOST remote-key  

the zone-file ends up like this;

zone "mydomain.com" {
  type master;
  file "master/mydomain.com";
  allow-update { key "remote-key"; };
};

allow-update provides the permission to update the master zone, allow-notify is the slave zone equivalent.

and then you can do something like this (nsupdate from bind-utils) to update the records from a client, I've not tested a CNAME update, but it should look something like this;

cat <<EOF | nsupdate -d -k "$KEY"
server ns1.mynameserver.com
zone domain.com
update delete gf53ef.domain.com.
update add gf53ef.domain.com.   IN  CNAME   ec2-176-34-163-40.eu-west-1.compute.amazonaws.com.
send
EOF

(you might have to double check the format for the CNAME example...)

This seems to be the configuration reference docs for named;
http://www.zytrax.com/books/dns/ch7/xfer.html

Examples can be obtained from these tutorials;

http://www.centos.org/docs/5/html/Deployment_Guide-en-US/s1-bind-rndc.html
http://dag.wieers.com/howto/bits/bind-ddns.php
http://linux.yyz.us/nsupdate/
http://www.semicomplete.com/articles/dynamic-dns-with-dhcp/

Tom
  • 10,886
  • 5
  • 39
  • 62
  • I am using ubuntu and your line didn't not work for me, but this nsupdate command did "add cname.domain.com. 3600 hostname_with_a_record.domain.com". The following is logged in syslog "....named.....updating zone 'domain.com/IN': adding an RR at 'cnameHost.comain.com' CNAME". When "I grep CNAME /var/cache/bind/db.domain.com" the output is "CnameHost CNAME hostname_with_a_record". – Keith Reynolds Jul 01 '15 at 02:19
1

Thanks @CS3

Our solution is Route53 for now.

Here's how we set it up (PHP). We used this library: http://www.orderingdisorder.com/aws/route-53/

private function getDomain() {
    $sub = "e-".substr(md5($this->instance->dnsName), 2, 4);
    $domain = $sub.".domain.com";

    $dnsRecords = $this->route53->listResourceRecordSets('/hostedzone/123');

    $exists = false;
    foreach($dnsRecords["ResourceRecordSets"] as $dnsRecord) {
        if($dnsRecord["Name"] == $domain."." 
            AND $dnsRecord["Type"] == "CNAME") {
                $exists = true;
                break;
            }
    }

    if(!$exists) {
        $change = $this->route53->prepareChange('CREATE', $domain.".", 'CNAME', 300, $this->instance->dnsName);
        $this->route53->changeResourceRecordSets('/hostedzone/123', $change);
    }

    return $domain;
}

private function removeDomain() {
    $change = $this->route53->prepareChange('DELETE', $this->domain.".", 'CNAME', 300, $this->instance->dnsName);
    $this->route53->changeResourceRecordSets('/hostedzone/123', $change);
    $this->domain = null;
}