Solved

orphaned DNS entry

Posted on 2016-09-07
14
58 Views
Last Modified: 2016-09-08
We have a split dns. Our ISP hosts the external zone. Because our web server is going on to AWS now, it has been offered to us to have the entry just for the web server on their dns servers, in the interest of less chance of outage.

My understanding is that there is only one SOA for a dns zone. One can replicate the entire zone, but not split off one entry. Is this correct?
0
Comment
Question by:sshield4
  • 6
  • 6
  • 2
14 Comments
 
LVL 28

Expert Comment

by:Jan Springer
ID: 41789515
When you say that you have split DNS, do you mean that you are using two views or that your zone is authoritative with different answers from two different servers?
0
 

Author Comment

by:sshield4
ID: 41789542
Internally we have a DNS server in our DMZ zone for the internal IPs. For example if we go to our web server from inside, or our intranet server from inside, the addresses are not public addresses.
This Internal DNS server is authoritative from inside our network.

But for anyone accessing our web sites from outside the network, our ISP's dns server is authoritative. From outside there are public IP addresses.

My question is, short of replicating the whole zone, we can't give AWS' DNS server just one DNS entry, can we?
0
 
LVL 1

Expert Comment

by:Steeve Roucaute
ID: 41789594
Your best bet would be to use Amazon Route 53 and configure your ns servers to be the Route53 ones. Then in your local DNS you can create an A record which would point the external IP of the EC2 instance.
Should you implement this, what I would recommend is to attach an Elastic IP to your EC2 instance so that the IP remain always the same. You could also create a pointer record to the AWS DNS name for your EC2 instance but there is no guarantee that this will always remain the same, whereas an Elastic IP is static.
0
 
LVL 28

Expert Comment

by:Jan Springer
ID: 41789596
To my knowledge, Route 53 doesn't do views.  So, it would take the place of providing external authority from your ISP.  It's strength is in failover but that's a completely different subject.
0
 

Author Comment

by:sshield4
ID: 41789644
So basically, we would have to MOVE our SOA to Route 53, away from our ISP,  for our entire zone, all the A records, alias records, MX record, etc, correct?
0
 
LVL 1

Accepted Solution

by:
Steeve Roucaute earned 250 total points
ID: 41789652
Yes, if you move the ns then you should have all records added to route53. One of the big advantages of Route53 is that you set the TTL very low, so any DNS changes that you will make would propagate in no time as opposed to several hours for most ISPs. Also, you can setup some routing rules based on availability and latency. A common one to setup being to route all your traffic to a S3 static site if your webserver is down. Route 53 will perform some healthchecks at regular intervals. Jan is correct that it will need to provide external authority.
I have looked back at your original question, and I am not sure what exactly you are trying to achieve? Why do you want to route only the traffic of the EC2 instance to via Route 53? As you could also route the traffic from your existing ISP to the EC2 webserver?
0
 
LVL 28

Expert Comment

by:Jan Springer
ID: 41789653
Oh, now I understand.  No, have one or the other for the entire zone -- it's easier to manage.  I like Route 53 resiliency but if you are happy, don't worry about moving DNS.
0
Efficient way to get backups off site to Azure

This user guide provides instructions on how to deploy and configure both a StoneFly Scale Out NAS Enterprise Cloud Drive virtual machine and Veeam Cloud Connect in the Microsoft Azure Cloud.

 

Author Comment

by:sshield4
ID: 41789691
Thank you both so much.

Indeed, I did ask about moving only the EC2 IP to the Route 53  because that is what we were told should happen. I did not think such a thing possible, but wanted to check with Experts.
1
 
LVL 28

Expert Comment

by:Jan Springer
ID: 41789703
It is.  But you are still relying on your primary DNS server to serve those NS records for that single FQDN.  That's why I feel that it's not work the trouble.  

Either move the entire zone for resiliency or not.
0
 

Author Comment

by:sshield4
ID: 41789769
Jan, Just to be sure what you are saying, a single record COULD go over to route53 but it would be a replication from our ISP's server, not independent?

I actually was not away one could do a partial replication.
0
 
LVL 28

Expert Comment

by:Jan Springer
ID: 41789952
It would the server that hosts the primary domain that would provide the NS record for that subdomain.  

It's not a partial replication, it's an identification of authority for part or all of a zone.
0
 

Author Comment

by:sshield4
ID: 41789963
It would not be a sub domain...Just one of the hosts.
0
 
LVL 28

Assisted Solution

by:Jan Springer
Jan Springer earned 250 total points
ID: 41789971
Technically, you would make "www" a child or subdomain of "example.com" that could further be configured with hosts if you so chose.
0
 

Author Comment

by:sshield4
ID: 41789976
Oh, I see. Thanks so much for the explanation. Now I understand.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article explains how a domain name may be inadvertently appended to all DNS queries. This exhibits as described below. (CODE)And / Or: (CODE) Cause This issue can occur in either of these two scenarios. EITHER 1. A Primary DNS S…
I will assume you are running a non-server version of some sort of Windows throughout this article. There are many flavors of Windows since Windows Server 2000 - 2008, XP Home & Pro, Vista Home & Pro, and Windows 7 Starter, Home, Pro, Ultimate, etc.…
Migrating to Microsoft Office 365 is becoming increasingly popular for organizations both large and small. If you have made the leap to Microsoft’s cloud platform, you know that you will need to create a corporate email signature for your Office 365…
Both in life and business – not all partnerships are created equal. As the demand for cloud services increases, so do the number of self-proclaimed cloud partners. Asking the right questions up front in the partnership, will enable both parties …

863 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now