Solved

orphaned DNS entry

Posted on 2016-09-07
14
73 Views
Last Modified: 2016-09-08
We have a split dns. Our ISP hosts the external zone. Because our web server is going on to AWS now, it has been offered to us to have the entry just for the web server on their dns servers, in the interest of less chance of outage.

My understanding is that there is only one SOA for a dns zone. One can replicate the entire zone, but not split off one entry. Is this correct?
0
Comment
Question by:sshield4
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 6
  • 6
  • 2
14 Comments
 
LVL 29

Expert Comment

by:Jan Springer
ID: 41789515
When you say that you have split DNS, do you mean that you are using two views or that your zone is authoritative with different answers from two different servers?
0
 

Author Comment

by:sshield4
ID: 41789542
Internally we have a DNS server in our DMZ zone for the internal IPs. For example if we go to our web server from inside, or our intranet server from inside, the addresses are not public addresses.
This Internal DNS server is authoritative from inside our network.

But for anyone accessing our web sites from outside the network, our ISP's dns server is authoritative. From outside there are public IP addresses.

My question is, short of replicating the whole zone, we can't give AWS' DNS server just one DNS entry, can we?
0
 
LVL 1

Expert Comment

by:Steeve Roucaute
ID: 41789594
Your best bet would be to use Amazon Route 53 and configure your ns servers to be the Route53 ones. Then in your local DNS you can create an A record which would point the external IP of the EC2 instance.
Should you implement this, what I would recommend is to attach an Elastic IP to your EC2 instance so that the IP remain always the same. You could also create a pointer record to the AWS DNS name for your EC2 instance but there is no guarantee that this will always remain the same, whereas an Elastic IP is static.
0
Get your Disaster Recovery as a Service basics

Disaster Recovery as a Service is one go-to solution that revolutionizes DR planning. Implementing DRaaS could be an efficient process, easily accessible to non-DR experts. Learn about monitoring, testing, executing failovers and failbacks to ensure a "healthy" DR environment.

 
LVL 29

Expert Comment

by:Jan Springer
ID: 41789596
To my knowledge, Route 53 doesn't do views.  So, it would take the place of providing external authority from your ISP.  It's strength is in failover but that's a completely different subject.
0
 

Author Comment

by:sshield4
ID: 41789644
So basically, we would have to MOVE our SOA to Route 53, away from our ISP,  for our entire zone, all the A records, alias records, MX record, etc, correct?
0
 
LVL 1

Accepted Solution

by:
Steeve Roucaute earned 250 total points
ID: 41789652
Yes, if you move the ns then you should have all records added to route53. One of the big advantages of Route53 is that you set the TTL very low, so any DNS changes that you will make would propagate in no time as opposed to several hours for most ISPs. Also, you can setup some routing rules based on availability and latency. A common one to setup being to route all your traffic to a S3 static site if your webserver is down. Route 53 will perform some healthchecks at regular intervals. Jan is correct that it will need to provide external authority.
I have looked back at your original question, and I am not sure what exactly you are trying to achieve? Why do you want to route only the traffic of the EC2 instance to via Route 53? As you could also route the traffic from your existing ISP to the EC2 webserver?
0
 
LVL 29

Expert Comment

by:Jan Springer
ID: 41789653
Oh, now I understand.  No, have one or the other for the entire zone -- it's easier to manage.  I like Route 53 resiliency but if you are happy, don't worry about moving DNS.
0
 

Author Comment

by:sshield4
ID: 41789691
Thank you both so much.

Indeed, I did ask about moving only the EC2 IP to the Route 53  because that is what we were told should happen. I did not think such a thing possible, but wanted to check with Experts.
1
 
LVL 29

Expert Comment

by:Jan Springer
ID: 41789703
It is.  But you are still relying on your primary DNS server to serve those NS records for that single FQDN.  That's why I feel that it's not work the trouble.  

Either move the entire zone for resiliency or not.
0
 

Author Comment

by:sshield4
ID: 41789769
Jan, Just to be sure what you are saying, a single record COULD go over to route53 but it would be a replication from our ISP's server, not independent?

I actually was not away one could do a partial replication.
0
 
LVL 29

Expert Comment

by:Jan Springer
ID: 41789952
It would the server that hosts the primary domain that would provide the NS record for that subdomain.  

It's not a partial replication, it's an identification of authority for part or all of a zone.
0
 

Author Comment

by:sshield4
ID: 41789963
It would not be a sub domain...Just one of the hosts.
0
 
LVL 29

Assisted Solution

by:Jan Springer
Jan Springer earned 250 total points
ID: 41789971
Technically, you would make "www" a child or subdomain of "example.com" that could further be configured with hosts if you so chose.
0
 

Author Comment

by:sshield4
ID: 41789976
Oh, I see. Thanks so much for the explanation. Now I understand.
0

Featured Post

Independent Software Vendors: We Want Your Opinion

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

This article is intended as an extension of a blog on Aging and Scavenging by the MS Enterprise Networking Team. In brief, Scavenging is used as follows: Each record in a zone which has been dynamically registered with an MS DNS Server will have…
This article explains how a domain name may be inadvertently appended to all DNS queries. This exhibits as described below. (CODE)And / Or: (CODE) Cause This issue can occur in either of these two scenarios. EITHER 1. A Primary DNS S…
There are cases when e.g. an IT administrator wants to have full access and view into selected mailboxes on Exchange server, directly from his own email account in Outlook or Outlook Web Access. This proves useful when for example administrator want…
In this video, viewers will be given step by step instructions on adjusting mouse, pointer and cursor visibility in Microsoft Windows 10. The video seeks to educate those who are struggling with the new Windows 10 Graphical User Interface. Change Cu…
Suggested Courses

635 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question