Wednesday, April 3, 2019

amazon ec2 - Multi-domain DNS configuration with Route53



I am configuring a few domain names in Route53 and am looking for some advice on best practices for setting things up. Here is the scenario:



Let's say domain1.com is my master corporate domain, and I also have domain2.com and domain3.com.



Suppose I have two Amazon EC2 instances defined as a web and database server, with elastic IPs of 11.11.11.11 and 22.22.22.22 respectively, and I want to address them externally as:




 prod-web01.domain1.com
prod-db01.domain1.com


Let's further suppose that the website for domain1.com is hosted on one of the above instances, which means that I must set an A record for domain1.com (right?) to the elastic IP of the web instance. So I create record sets in Route53 like:



 domain1.com.                A         11.11.11.11
prod-web01.domain1.com. A 11.11.11.11
prod-db02.domain1.com. A 22.22.22.22

www.domain1.com. CNAME prod-web01.domain1.com


Now, both domain2.com and domain3.com are also hosted on that web01 instance above, so I create record sets for them like:



 domain2.com.                A         11.11.11.11
www.domain2.com. CNAME prod-web01.domain1.com.


and




 domain3.com.                A         11.11.11.11
www.domain3.com. CNAME prod-web01.domain1.com.


This all works just fine, but it is not as elegant as I was hoping for. I am wondering if there is some way to set up this type of configuration in which there are fewer records pointing to direct IP addresses.



My understanding is that I can't use a CNAME record for the root of a domain (right?), so is there some other way to set things so that I only have one "hard" reference to each IP in my DNS infrastructure?



If not, does this seem like a smart setup? Or a dumb one? Feel free to tell me I'm dumb. :)



Answer



First things first, if you only have two instances (one web and one DB), you're doing it wrong. You should be setting up an elastic load balancer with a minimum of two application server instances behind it. Instances can (and do) fail from time-to-time. And you really should be using RDS for your persistent data store.




My understanding is that I can't use a CNAME record for the root of a
domain (right?)




You can, but it will frequently break stuff (esp email) in unexpected ways and shouldn't be done. This how I would do things:




 domain1.com.                A         11.11.11.11
prod-web01.domain1.com. A 11.11.11.11
prod-db02.domain1.com. A 22.22.22.22
www.domain1.com. CNAME prod-web01.domain1.com

domain2.com. A 11.11.11.11
www.domain2.com. CNAME domain2.com.

domain3.com. A 11.11.11.11
www.domain3.com. CNAME domain3.com.


No comments:

Post a Comment

linux - How to SSH to ec2 instance in VPC private subnet via NAT server

I have created a VPC in aws with a public subnet and a private subnet. The private subnet does not have direct access to external network. S...