Reputation: 51
DNS servers replication with Amazon Route53
Our Company local network is connected to a AWS VPC in VPN - see schema below :
Now, we want to configure DNS servers in order to use host name instead of Ip all over the network.
What is the best solution ?
- Let Route53 handle DNS for the entire network (even the local one)
- Have a DNS server on our local network, and Route53 on Amazon VPC. And if so, how to perform synchronization/replication between local DNS server and Route53 ?
- Another solution :)
Thanks !
And have a nice day !
Upvotes: 3
Views: 6185
Answers (2)
Reputation: 13642
We have the same architecture, network wise, and have not found a reasonable way to unify both networks' DNS data into one set of DNS servers.
Here is what works for us.
Assuming you want to use a corporate domain such as example.com, you can get a unified naming scheme where all hosts are under the example.com domain. This is done via Zone Delegation. In this document it states:
Domain Name System (DNS) provides the option of dividing up the namespace into one or more zones, which can then be stored, distributed, and replicated to other DNS servers. When you are deciding whether to divide your DNS namespace to make additional zones, consider the following reasons to use additional zones:
So in your case:
Use company network DNS for servers/devices on the local network.
server1.example.comresolves to the IP# for the local network.Delegate a subdomain such as 'corp' or 'cloud' to Route 53 for all hosts on AWS. Also known as a subzone, this gives full DNS responsibility to another name server. An instance in EC2 would be referenced as
server1.cloud.example.com
This gives you a logical naming scheme, with IP resolution for all hosts on the network.
There are some 3rd party solutions that add features onto Route 53, easyRoute53, and Route53d. Route53d claims for offer some sup[port for zone transfers (IXFR only).
Upvotes: 0
Reputation: 12228
The problem with Route 53 is that it doesn't play with other DNS servers. It is a completely self contained solution. This means that if you used Route 53 your internal servers could only look up through the VNet into Route 53, you couldn't have a secondary Nameserver onsite that took a zone transfer from Route 53 (they don't support them)
You could potentially have caching nameservers internally, and have long expirely times on your host records, so if there was any problem the records wouldn't go stale but this brings its own set of problems.
This leaves you with a couple of solutions.
Use your internal network entirely, set up your internal name servers, internal.example.com and have a secondary name server located inside your Vnet that AWS clients can refer to. This way if there is a problem with the link, both sides still have working DNS.
Alternatively, you could configure internal.example.com in the same way, but then have aws.example.com running on Route 53. (or on a standalone server)
If Route 53 supported Zone Transfers and secondary servers it would be largely irrelevant what you went with but because they don't any solution you build is going to mean rolling some sort of glue to sit in between everything. This is invariably a Very Bad Thing™
Upvotes: 2
Related Questions
- How do I get AWS Client VPN to resolve DNS using VPC-peered Private Hosted Zone
- What is the difference between Amazon SNS and Amazon SQS?
- Cannot reach my route 53 private hosted zone from a ec2 instance
- Can i use both DNS service for my domain name Godaddy and Route53?
- How to perform health check on local/private IPs (on Prem) in Amazon Route 53?
- Amazon Route53 with Private Hosted Zone - Ping Works, Web Connection Fails
- AWS ec2 can connect to internal company DNS servers
- Using Route53 as private DNS