The most difficult thing about configuring the DNS settings for a\u00a0domain\u00a0is designing\u00a0a plan of action:\u00a0making up one’s\u00a0mind about what kind of services you envision and how you want to route the traffic.\u00a0Here’s a primer on how to configure DNS using Route 53 or any other service.<\/p>\n
<\/p>\n
In your web browser, sign in to the AWS Management Console.<\/p>\n
IMPORTANT: Always use MFA (multi-factor authentication) for your\u00a0IAM credentials. Always use IAM credentials instead of your\u00a0AWS\u00a0root account access (except where required otherwise). An\u00a0IAM login\u00a0uses\u00a0a different URL that might include your AWS account number or an alias of your own choosing (you can set it up this link in the AWS Management Console while signed in with your root account credentials).<\/p>\n
From the Services menu, navigate to Route 53. In the Route 53 dashboard, switch to the view of your Hosted Zones. Add a new hosted zone for the domain name you want to configure.<\/p>\n
If the hosted zone for the domain name you want to edit already exists,\u00a0select it\u00a0and click on the button Go to Records Sets at the top of the page (alternatively, you can\u00a0click on the count of existing records sets in the right-hand pane).<\/p>\n
When a new Hosted Zone is created, Route 53 automatically generates the obligatory SOA entry as well as an NS record with four name servers supplied\u00a0by AWS. Make sure that these four name servers are registered as authoritative name servers for your domain with the registrar of your domain (this is the company whose service you used to register your domain name).<\/p>\n
The records you need depend on the services you run.<\/p>\n
These are the DNS records needed to run a web server:<\/p>\n
To run a mail server,\u00a0create a record of the type “MX \u2014 Mail exchange” and enter the host name of your mail server (on this or on another domain) with the default priority of 0 in the form:<\/p>\n
0 smtp.somefancymailserver.tld.<\/pre>\nHowever, you will also need a reverse DNS record, which only Amazon can set up for you. For more details, see this post:\u00a0How to set up a mail server on AWS EC2 using open source software<\/a>.<\/p>\n
Decide how to handle the IPv4 scarcity<\/h3>\n
Make sure that the IP address(es) in your A record\u00a0have been assigned to the host that is running\u00a0your web server. Users of AWS EC2 have to choose how to handle the IPv4 scarcity and the resulting AWS restrictions.<\/p>\n
There are several strategies to deal with IPv4 on AWS:<\/p>\n
\n
- use an EIP address (not an automatically assigned public address). The upside: ease of use as the address persists across reboots (there is no charge for the first EIP on each running instance). The downsides: high cost and an IPv4 limit per account.<\/li>\n
- use ELB (Amazon’s Elastic Load Balancer) and you won’t need an EIP.<\/li>\n
- use a dynamic DNS provider to update your DNS configuration each time the IP address changes. (You can set the TTL as low as 5 seconds, by the way.) The downside: DNS and browser caching will cause delays. This method is not recommended for production servers, especially facing the Internet.<\/li>\n
- use a script to update Route 53 each time the IPv4 of an instance changes.\n
\n
- Create an instance role with permissions to update Route 53. This role can be limited to only one host name, but must be applied each time a new instance is launched.<\/li>\n
- Save a script somewhere in \/home\/ec2-user<\/strong> with roughly this content<\/a>\u00a0and save it as\u00a0dnsupdate.sh.<\/em><\/li>\n
- Set your script up to run on every instance upon startup (crontab -e):\n
\n
- @reboot \/home\/ec2-user\/dnsupdate.sh >dnsupdate.log 2>&1<\/strong><\/li>\n<\/ul>\n<\/li>\n<\/ul>\n<\/li>\n
- use IPv6 only (not a good idea when serving the public).<\/li>\n
- put your instance behind a proxy such as HA proxy or NGINX and have it forward traffic to your instance’s private IP or internal DNS hostname (both of which won’t change on reboot).<\/li>\n<\/ul>\n
Wait for changes to propagate<\/h3>\n
You may need to wait a few minutes for the changes to propagate (depending on the previously defined TTL). Tip: when you anticipate the need to make adjustments to your DNS configuration, you may want to reduce the TTL in advance.<\/p>\n
TIP:\u00a0Make sure that the ports that your service uses (typically 80 for http and 443 for https) are not being blocked by any firewalls or the AWS Security Group.<\/p>\n
Step 5. Verify your DNS configuration (and modify settings if required)<\/h2>\n
Verify that the settings are correct by\u00a0using a diagnostic service such as intodns.com<\/a>. Enter your domain name and run the test.<\/p>\n
(Should you receive an error as a result\u00a0of a missing MX record, you can safely ignore it as it does not affect your ability to run a web server; it is only needed\u00a0if you also happen to\u00a0require\u00a0a mail exchanger such as Postfix.<\/p>\n
Step 6. Configure your web server software for the IP address and the hostname<\/h2>\n