I have an AWS Route53 with a lot of clients, and I would like to build something like a DNS server in Bind9 so I can send allow my clients to use the same DNS on their registars, and then I would manage which goes where within this EC2 with bind.
I would like to know if that's possible or there is another approach for this? Been that I cannot make my clients point to Route53 weird Delegation set. That's is a decision above my pay grade.
Technically speaking:
Registar's today DNS:
- Master: ns-470.awsdns-58.com
- Slave 1: ns-1099.awsdns-09.org
- Slave 2: ns-1804.awsdns-33.co.uk
- Slave 3: ns-723.awsdns-26.net
I would like to be able to:
- Master: ns1.myappdomain.com
- Slave 1: ns2.myappdomain.com
- Slave 2: ns3.myappdomain.com
- Slave 3: ns4.myappdomain.com
Then on these would point on Route53 to this EC2 with Bind9, but I don't know how to route the connection to the actual name servers.
Best Answer
The original form of this answer was a train wreck. Abandon all hope all ye who view edit history. Here's the re-done and more-right answer.
If I understand you correctly, you are using Route 53, but don't want to give your clients the ugly Amazon URLs. You want your clients to point their domains' NS records to your DNS servers that will be given more-attractive-than-Route53-style names. You will manage DNS records in R53, but you will then need to replicate the zones down to your servers so that they are in sync. Your comment confirmed that suspicion:
First, do not CNAME your name servers to Route53 and then have your clients point their NS records to your CNAMEs. As you have found out, that often isn't even allowed in certain applications.
Your best bet would have been to simply perform a zone transfer from Amazon to your BIND servers. Except, at the time of this post and in the words of an Amazon employee in this thread:
At the time of this post, the only major public third party integration with Route53 is easyDNS's easyRoute53 which will push easyDNS zones to Route53 as secondaries, but that's not what you're looking to do. That solution would mean easyDNS is your primary nameservers but you want to use your own metal.
So now what? It appears that you will need to write some custom middleware that queries Amazon's name servers for individual records and updates your BIND servers' records. Except that makes no sense for about nine different reasons, but ultimately the biggest problem is that you've scoped your point of failure down to your own servers anyway, so why bother with Amazon at all unless you think Jeff Bezos needs more money.
If you must have pretty name servers either just use your own metal and manage your own DNS service stack or move to a different DNS service that offers you the ability to whitelabel DNS management and use your own vanity name servers. I won't list any services that would do that since they'll go out of date. At this point there is no advantage to using Route53 for what you want to do and there is only disadvantages and downtime in trying to make it work.