3

I have an AWS Route53 with a lot of clients, and I would like to build something like a DNS server in Bind9 so I can send allow my clients to use the same DNS on their registars, and then I would manage which goes where within this EC2 with bind.

I would like to know if that's possible or there is another approach for this? Been that I cannot make my clients point to Route53 weird Delegation set. That's is a decision above my pay grade.

Technically speaking:

Registar's today DNS:

  • Master: ns-470.awsdns-58.com
  • Slave 1: ns-1099.awsdns-09.org
  • Slave 2: ns-1804.awsdns-33.co.uk
  • Slave 3: ns-723.awsdns-26.net

I would like to be able to:

  • Master: ns1.myappdomain.com
  • Slave 1: ns2.myappdomain.com
  • Slave 2: ns3.myappdomain.com
  • Slave 3: ns4.myappdomain.com

Then on these would point on Route53 to this EC2 with Bind9, but I don't know how to route the connection to the actual name servers.

Flimzy
  • 2,375
  • 17
  • 26
Webord
  • 161
  • 1
  • 6
  • See AWS documentation on [Configuring White Label Name Servers](http://docs.aws.amazon.com/Route53/latest/DeveloperGuide/white-label-name-servers.html). – Rich C Apr 27 '15 at 22:05

3 Answers3

10

The original form of this answer was a train wreck. Abandon all hope all ye who view edit history. Here's the re-done and more-right answer.

If I understand you correctly, you are using Route 53, but don't want to give your clients the ugly Amazon URLs. You want your clients to point their domains' NS records to your DNS servers that will be given more-attractive-than-Route53-style names. You will manage DNS records in R53, but you will then need to replicate the zones down to your servers so that they are in sync. Your comment confirmed that suspicion:

I need to prove that this concept is not the correct one, because my boss thinks that passing for clients the ugly DNS is bad somehow

First, do not CNAME your name servers to Route53 and then have your clients point their NS records to your CNAMEs. As you have found out, that often isn't even allowed in certain applications.

Your best bet would have been to simply perform a zone transfer from Amazon to your BIND servers. Except, at the time of this post and in the words of an Amazon employee in this thread:

AXFR/IXFR is a feature we will consider adding in the future, but have no firm plans for at this time.

If you require zone transfers for Route 53, the options that I'm aware of are easyRoute53, and http://romana.now.ie/route53d/ (IXFR only).

At the time of this post, the only major public third party integration with Route53 is easyDNS's easyRoute53 which will push easyDNS zones to Route53 as secondaries, but that's not what you're looking to do. That solution would mean easyDNS is your primary nameservers but you want to use your own metal.

So now what? It appears that you will need to write some custom middleware that queries Amazon's name servers for individual records and updates your BIND servers' records. Except that makes no sense for about nine different reasons, but ultimately the biggest problem is that you've scoped your point of failure down to your own servers anyway, so why bother with Amazon at all unless you think Jeff Bezos needs more money.

If you must have pretty name servers either just use your own metal and manage your own DNS service stack or move to a different DNS service that offers you the ability to whitelabel DNS management and use your own vanity name servers. I won't list any services that would do that since they'll go out of date. At this point there is no advantage to using Route53 for what you want to do and there is only disadvantages and downtime in trying to make it work.

Community
  • 1
Wesley
  • 32,320
  • 9
  • 80
  • 116
  • I've tried that, but Registro.br (brazillian registar for .br domains) won't allow CNAME, and there will be a problem, because AWS ugly URLs change all for all clients domains... – Webord Mar 30 '13 at 06:28
  • @Webord So wait, if you put your own servers as some kind of an interface between your clients and the Route 53 cloud, you'll be getting none of the advantages of S3 and all of the disadvantages of running your own DNS servers. So why not just run your own DNS servers and cut Amazon out? – Wesley Mar 30 '13 at 06:55
  • I'm aware, but I need to prove that this concept is not the correct one, because my boss thinks that passing for clients the ugly DNS is bad somehow... – Webord Mar 30 '13 at 07:16
  • 1
    Man, how do I point more then once that your answer is awesome? Thanks a lot! – Webord Mar 31 '13 at 07:13
  • @Webord Always happy to help! And you can't upvote more than once. There's nothing stopping you from looking at my answer history and upvoting just a few other good answers though. =P – Wesley Mar 31 '13 at 07:15
  • Doesn't this overlook the benefits of using R53 though? (Near) Realtime switching of IPs to Elastic IPs… That feature alone is really, really handy… keeping a nice whitelisted IP and swapping it between machines as you change/rebuild/whatever EC2 instances is a lot faster… If only there were a way to use R53 and custom nameservers. Can this be adapted to Route53? http://support.hostgator.com/articles/hosting-guide/lets-get-started/dns-name-servers/private-name-servers-setup ? Seems to be a definitive guide on private nameservers, but a slightly different hosting setup. – rcd Dec 21 '13 at 18:06
2

This is possible, except surprisingly no one has made an article about it, even Amazon has not documented it well enough.

See my answer here: https://serverfault.com/a/649714/56596

Community
  • 1
Neo
  • 359
  • 3
  • 11
1

This is very easy to do:

  • In AWS, create a hosted zone.
  • Get the IPs of each name server (dig ns-1954.awsdns-52.co.uk -> 5.5.5.5)
  • Create/Register your 4 name servers with your registrar
  • Each domain should point to the aws ip (ns1.example.com -> 5.5.5.5)
  • Next change the name server that the domain itself is pointing to. Use your new ones (ns1.example.com and so on)
  • In AWS, edit the NS record set. Delete the 4 aws name servers and put yours (ns1.example.com and so on)
Chris
  • 131
  • 2