AWS Route 53 - Is it possible to route CNAME to a domain used for private nameservers?

2
votes

I'm trying to learn more about DNS and have a real-life scenario that I can't work out how to resolve. I may not actually be asking the correct question in the title because I'm not really sure where the issue may be.

I have successfully setup private nameservers on AWS Route53, and have for a short while been using a number of additional hosted zones using this delegation set, having the domain provider pointing to these whitelabel nameservers. However, there is a site that I want to route to an AWS S3 bucket, and the client wants to manage his own DNS config for a number of valid reasons. Pointing to S3 buckets requires an alias to be used which I can either do via having the domain point to my nameservers and use A records with an alias (not an option for this scenario), have the domain managed by AWS (again, not an option), or place a CNAME record to point to the bucket. Given things may change with where this is pointed (and additional subdomains created for some short-lived campaign landing pages), we'd like to still utilise our nameservers if possible somehow to manage this.

I have tried creating a CNAME record pointing to the domain of the nameservers, and I can see this has now picked up ns1-4.nameserver.com in the NS records of that particular subdomain but does not route to anywhere detailed in the hosted zone I have created for this domain. The hosted zone was created using the reusable delegation set of my whitelabel nameservers, in the same way I've created other hosted zones before.

I'm not really sure if it's just something I've missed, totally flawed logic, or a quirk with Route53, but if somebody is able to provide some advice on things to check, or a better way of doing it I'd really appreciate it. I've tried so hard to research what the issue could be over the last few days and I can't seem to find a matching scenario.

  • clientdomain.com A record pointing to existing website
  • sub.clientdomain.com CNAME pointing to nameserver.com
  • clientdomain.com / sub.clientdomain.com created as hosted zone in AWS Route53 with the reusable delegation set of nameserver.com (not at the same time, I've tried all of this with each of these to see if this affected anything)
  • nameserver.com's NS records picked up and being used by sub.clientdomain.com
  • sub.clientdomain.com A records in AWS Route53 hosted zone pointing to IP address of a server we have just to test this. This is the bit that fails, as I cannot see an attempt to reach this IP.

EDIT: I should mention that when checking the actual DNS records, there are no A records present - it's not just a failed reach, they are just not present.

Thanks

1
amazon-web-servicessubdomainamazon-route53

1 Answers

1
votes

The CNAME for the clients DNS configuration should not be the Name Server. If you're trying to have delegated access.

If client wants to delegate access to the subdomain to be controlled by your hosted zone the following steps should be performed:

  • Create a public hosted zone of your subdomain i.e. sub.example.com.
  • Copy the NS record values from this hosted zone and provide to your client.
  • Have your client create a new NS record with the name of your subdomain, its values must match the values in your hosted zone.
  • You can now use your public hosted zone as the DNS management for the subdomain.

If your client wants to control all of their DNS then they should instead create a CNAME record in their DNS management that with a value of the S3 bucket.

Please note for any of these solutions the bucket name must match the subdomain name.