orphaned DNS entry

We have a split dns. Our ISP hosts the external zone. Because our web server is going on to AWS now, it has been offered to us to have the entry just for the web server on their dns servers, in the interest of less chance of outage.

My understanding is that there is only one SOA for a dns zone. One can replicate the entire zone, but not split off one entry. Is this correct?
sshield4Asked:
Who is Participating?
 
Steeve RoucauteConnect With a Mentor Director of Strategic ProjectsCommented:
Yes, if you move the ns then you should have all records added to route53. One of the big advantages of Route53 is that you set the TTL very low, so any DNS changes that you will make would propagate in no time as opposed to several hours for most ISPs. Also, you can setup some routing rules based on availability and latency. A common one to setup being to route all your traffic to a S3 static site if your webserver is down. Route 53 will perform some healthchecks at regular intervals. Jan is correct that it will need to provide external authority.
I have looked back at your original question, and I am not sure what exactly you are trying to achieve? Why do you want to route only the traffic of the EC2 instance to via Route 53? As you could also route the traffic from your existing ISP to the EC2 webserver?
0
 
Jan SpringerCommented:
When you say that you have split DNS, do you mean that you are using two views or that your zone is authoritative with different answers from two different servers?
0
 
sshield4Author Commented:
Internally we have a DNS server in our DMZ zone for the internal IPs. For example if we go to our web server from inside, or our intranet server from inside, the addresses are not public addresses.
This Internal DNS server is authoritative from inside our network.

But for anyone accessing our web sites from outside the network, our ISP's dns server is authoritative. From outside there are public IP addresses.

My question is, short of replicating the whole zone, we can't give AWS' DNS server just one DNS entry, can we?
0
Protect Your Employees from Wi-Fi Threats

As Wi-Fi growth and popularity continues to climb, not everyone understands the risks that come with connecting to public Wi-Fi or even offering Wi-Fi to employees, visitors and guests. Download the resource kit to make sure your safe wherever business takes you!

 
Steeve RoucauteDirector of Strategic ProjectsCommented:
Your best bet would be to use Amazon Route 53 and configure your ns servers to be the Route53 ones. Then in your local DNS you can create an A record which would point the external IP of the EC2 instance.
Should you implement this, what I would recommend is to attach an Elastic IP to your EC2 instance so that the IP remain always the same. You could also create a pointer record to the AWS DNS name for your EC2 instance but there is no guarantee that this will always remain the same, whereas an Elastic IP is static.
0
 
Jan SpringerCommented:
To my knowledge, Route 53 doesn't do views.  So, it would take the place of providing external authority from your ISP.  It's strength is in failover but that's a completely different subject.
0
 
sshield4Author Commented:
So basically, we would have to MOVE our SOA to Route 53, away from our ISP,  for our entire zone, all the A records, alias records, MX record, etc, correct?
0
 
Jan SpringerCommented:
Oh, now I understand.  No, have one or the other for the entire zone -- it's easier to manage.  I like Route 53 resiliency but if you are happy, don't worry about moving DNS.
0
 
sshield4Author Commented:
Thank you both so much.

Indeed, I did ask about moving only the EC2 IP to the Route 53  because that is what we were told should happen. I did not think such a thing possible, but wanted to check with Experts.
1
 
Jan SpringerCommented:
It is.  But you are still relying on your primary DNS server to serve those NS records for that single FQDN.  That's why I feel that it's not work the trouble.  

Either move the entire zone for resiliency or not.
0
 
sshield4Author Commented:
Jan, Just to be sure what you are saying, a single record COULD go over to route53 but it would be a replication from our ISP's server, not independent?

I actually was not away one could do a partial replication.
0
 
Jan SpringerCommented:
It would the server that hosts the primary domain that would provide the NS record for that subdomain.  

It's not a partial replication, it's an identification of authority for part or all of a zone.
0
 
sshield4Author Commented:
It would not be a sub domain...Just one of the hosts.
0
 
Jan SpringerConnect With a Mentor Commented:
Technically, you would make "www" a child or subdomain of "example.com" that could further be configured with hosts if you so chose.
0
 
sshield4Author Commented:
Oh, I see. Thanks so much for the explanation. Now I understand.
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.