Tuesday, March 3, 2015

amazon web services - Registered domain using Route 53, using Cloudflare for DNS, having problems configuring DNS correctly



I've been trying to configure a Github Pages + Universal SSL from Cloudflare setup, unfortunately while the Jekyll/Github Pages part is going well, DNS configuration is not going as well.



I've bought a domain from Amazon/AWS/Route 53 (http://oblio360.com), and now I'm in a similar situation to the one from here:



DNS errors after changing nameservers for Cloudflare



What I did was:





  1. Bought the domain name from AWS.

  2. Initially configured Route53 with CNAMES to point to Github.

  3. Decided I want SSL.

  4. Found out about the Github Pages limitations and decided to go with CloudFlare. Followed this tutorial: www.benburwell.com/posts/configuring-cloudflare-universal-ssl/

  5. Deleted the previous CNAMEs at AWS and changed the NS record set to use the CloudFlare name servers.

  6. Configured SSL & DNS at CloudFlare and now I have 3 sub domains which seem to work: dota.oblio360.com / hearthstone.oblio360.com / blog.oblio360.com).

  7. And now it gets tricky. I want to use Google Apps for email. I've been trying to verify my domain with them and I can't get it to work. I've tried TXT RR verification, HTML meta tag, HTML file upload, nothing works.

  8. So I've start investigating and found this:




www.whatsmydns.net/#TXT/oblio360.com



=> some name servers around the world see the SOA as the former AWS one, some see CloudFlare. Should I update the SOA record set in AWS? It currently says this:



ns-302.awsdns-37.com. awsdns-hostmaster.amazon.com. 1 7200 900 1209600 86400




  1. I found another debugging tool:




www.intodns.com/oblio360.com



I read the other ServerFault question but I'm not sure how I should proceed. Should I add A entries in Route53 for the CloudFlare name servers?




  1. I'm a bit afraid of proceeding, despite reading up about DNS, because every mistake I make takes a ton of hours to correct due to the nature of DNS :(



Thanks for your help!



Answer



For poor souls who might have had the same question: you don't need to add NS RRs in Route53 in the hosted zone section. You need to go to your Registered Domains, click the domain you want to modify, and then Add/Edit the name servers there.



Those are the domain NSes, and are associated with the registrar, they are different from the ones delegated inside the zone itself.



When I did this the update was almost instant, the AWS data center is probably next to the Google one :)


-

No comments:

Post a Comment

Subscribe to: Post Comments (Atom)

linux - How to SSH to ec2 instance in VPC private subnet via NAT server

I have created a VPC in aws with a public subnet and a private subnet. The private subnet does not have direct access to external network. S...