4

I'm trying to configure a domain name setup like below and having trouble with Route53.

base.com
sub.base.com
*.sub.base.com => CNAME sub.base.com

I've attempt to create a new hosted zone sub.base.com and add the NS records to base.com. This does appear to delegate (though I'm not sure it is necessary on AWS). I then add the wildcard CNAME to the sub.base.com Zone, and also add an A record to the zone. Now when I lookup a name (dig demo.sub.base.com) dig just gives me back the SOA record and doesn't resolve to the A record.

How should I be configuring this domain layout?

edA-qa mort-ora-y
  • 235
  • 3
  • 10

2 Answers2

1

I've attempt to create a new hosted zone sub.base.com and add the NS records to base.com. This does appear to delegate (though I'm not sure it is necessary on AWS).

This is necessary anytime you delegate, it's not specific to AWS.

I then add the wildcard CNAME to the sub.base.com Zone, and also add an A record to the zone. Now when I lookup a name (dig demo.sub.base.com) dig just gives me back the SOA record and doesn't resolve to the A record.

The reason you are getting an SOA back is that demo.sub.base.com does not exists in sub.base.com zone. This is best visualized using dig +trace demo.sub.base.com via command prompt or http://digwebinterface.com/.

How should I be configuring this domain layout?

Remove the CNAME from the base.com zone and configure your demo.sub.base.com record in the sub.base.com zone. Then create *.sub.base.com in the sub.base.com zone as a CNAME to demo.sub.base.com.

imperalix
  • 346
  • 2
  • 4
0

Amazon says that Route53 was not designed to have its Name Servers hit directly, as these were designed to be hit by other DNS servers. This is why the A record past the CNAME will not resolve, because it will not iterate to the server that owns the A record. Further more it is not suggested to use the Route53 NS as your resolver.

For CNAME records route53 is authoritative for the CNAME record but not for the A record the CNAME points to. If this was a valid domain that was registered, delegated to Route 53 and you were using a non-route53 DNS server for resolving, this would work.

In conclusion, it you interrogate the DNS server that points to the servers in the route53 delegation zone it would work. If you interrogate one of the servers in the delegation zone directly it will NOT work for CNAMEs.

I know it could be hard to understand but if you give it an extra read it will make sense.

Bogdan
  • 218
  • 2
  • 8
  • I don't think I understand that. But anyway, I'm looking more for how I should do it rather than understand why it doesn't work. I have no preference to the structure the DNS records should have, I just want something that will have my intended resolution working. – edA-qa mort-ora-y Jan 28 '14 at 16:13