Cloud DNS delegated zone management in another GCP account - google-cloud-dns

What needs to be configured in Google Domains domain in GCP Account A that will allow zone management in another GCP account (GCP Account B)?
There is no relationship between the accounts and Account B corporate policy will not allow specific user permissions for a user on another account.
Clarification & Update:
Title updated. After investigation, it appears that the issue is configuring DNS delegation.
Now working on this assumption: "Child subdomain DNSKEY record hashed results are compared with the DS record stored in the parent zone. If there is a match, the resolver can trust all records in the child zone."

Assuming a domain registered as example.com (parent) and a subdomain dev.example.com setup in Cloud DNS in a separate account:
Turn on DNSSEC in the subdomain Cloud DNS zone
Click on Registrar Setup and enter the information in the parent zone NS and DS records. The parent zone acts as the 'registrar' for the subdomain
Now, the subdomain zone can answer authoritatively for queries for domains such as one.dev.example.com, two.dev.example.com etc.

Related

Route53 Hosted Zone with Domain in different Account

I had my set up in account A:
domain bought
hosted zone
I moved my domain name to account B.
The hosted zone is still in account A.
Why is the traffic routed correctly - I can see the expected content when I access my website, shouldn't make sense to have the hosted zone in the same account as my domain?
Where can I find the docs to clear my mind, please.
There are two items to understand in your question:
Authoritative name servers
Hosted zones
The registrar for your domain contains the IP addresses or hostnames of the authoritative name servers. Those name servers can be located anywhere. Authoritative names servers are the DNS servers used to resolve DNS queries for your domain.
A Hosted Zone is a collection of DNS resource records similar to a database.
In your case, your domain is located in account B, with either hostnames or IP addresses that resolve to resources located in account A. There is no problem with that design and is in fact commonly deployed for security and isolation.

How to use Netlify DNS for domains managed by AWS Route 53?

I have a domain registered at Route 53, but I want to have Netlify manage the DNS for this domain (the entire domain, unlike other questions about subdomains). I set the NS record for the domain to point to Netlify's name servers, but Netlify's custom domain configuration tool still claims that DNS is not configured correctly.
Below is a screenshot showing my current Route53 hosted zone configuration, with the NS records clearly pointed at Netlify's DNS servers. I waited for DNS propagation timeouts, flushed Google's DNS cache, and tried other suggestions and nothing worked.
The problem turned out to be that setting the NS records in the hosted zone doesn't actually let Netlify manage the DNS for the domain. Instead, you need to change the nameservers in the Registered Domains section of the Route 53 console. (NOT the Hosted Zones section.)
On that page, remove the AWS nameservers and add Netlify's nameservers. It will look like this when it's done: (Note that your nameserver hostnames may be different; copy them from Netlify's Custom Domain page)
Kudos to Netlify's support team for writing a doc that explains how to do this. It was admittedly hard to find this doc in Google because there are so many different Netlify docs about various DNS intricacies. But eventually Googling helped me find it.
In retrospect, it's now obvious to me that adding DNS records to a zone (even NS records!) can't change the nameservers used by the domain. But it would have been nice if the AWS console included this info when I edited the NS records so I didn't waste a few hours.
Leaving this answer here for the next victim. 😁
For domain registered at Route 53 and Netlify managing the DNS. It worked for me by changing the name servers both from the "Registered Domain" area and "Hosted Zone".

How do I find out the domain name provider from our company?

I want to verify domain ownership via DNS record like this :
There said to sign in to the domain name provider. I am confused how to sign in to the domain name provider. So I get some reference and the reference says to use https://www.whoishostingthis.com/
I check our domain and I get like this :
Is the domain name provider cloudflare? Do I have to log in to cloudflare?
But my colleague said that our website uses the portal azure
Which is true? Login to cloudflare or login to portal azure? I want to copy the TXT record into the DNS configuration
All your domain's DNS records (including TXT record) are stored in its DNS zone. Where its active DNS zone is located is determined by the domain's name servers. In turn, a domain's name servers are set with the domain's registrar.
Based on your screenshot you provided, your Nameservers (NS) are pointing to CloudFlare, so this means you would need to add your TXT record there.
Here is the article for adding a TXT record: https://cloud.google.com/identity/docs/verify-domain-txt

Pointing 1and1 domain to an S3 bucket

I've registered my domain about a month ago (It's a .com, so I need to wait 60 days before being allowed to transfer the domain, which I will do as I'm fed up with 1and1's service)
I created an Amazon S3 bucket with my domain name: example.com and www.example.com.
All my Amazon S3 settings are in order, I've enabled website hosting, I have an index document...
In 1and1, I've set my redirect destination for example.com to my S3 bucket endpoint.
When I hit save: "Operation Failed, The redirect URL is invalid."
What am I doing wrong?
You do not have to wait 60 days.
There are two different services that are commonly confused because providers often market then together: domain registrar services and domain hosting.
You can change your hosting provider at any time, by changing the configuration options with the current registrar. This change typically takes effect almost immediately, though conventional wisdom is that it may require up to 48 hours to take effect globally.
Create a new "hosted zone" in Route 53 for your domain. Take note of the four "awsdns" name servers that Route 53 assigns.
Log in to your registrar's admin portal and find the option the change your authoritative name server configuration. Replace the registrar's default name servers with the four provided by Route 53.
You will then use the Route 53 console to create your DNS records, including the appropriate "Alias" records pointing your domain to the S3 web site endpoint.
After the 60 days, you can change the registrar to Route 53, or any other registrar you like, continuing to use the authoritative name servers assigned to your domain by Route 53.
Route 53 is the simplest option for DNS hosting when you are using S3 for static website hosting (or CloudFront or Elastic Load Balancer) simply because of the tight integration provided by Alias records, which offer capabilities that CNAMEs can't and other DNS hosting providers can't, because they don't have direct access to the operational internals of AWS.
It sounds like you configured your domain name to use a Redirect instead of a CNAME record. Create a CNAME record to your AWS domain.
Here are some instructions:
http://help.1and1.com/domains-c36931/manage-domains-c79822/dns-c37586/enter-a-cname-record-for-your-domain-a643600.html
Sometimes people don't want to create CNAMEs for their root domain and prefer to redirect from example.com to www.example.com

What is the best way to use a custom domain name with IBM Bluemix?

I was wondering how developers go about using IBM Bluemix with custom domain names, and how you go about registering your DNS information.
Thanks!
Bluemix supports custom domains and SSL certs. You can even use wildcard and SAN certs as well.
To use a custom domain you need to register the domain in the Bluemix UI. Once you login click on your organization name on the left and click on "Manage Organizations".
Find your organization and click domains. Enter in the domain of your choosing.
The next step is creating a DNS record for Bluemix.
Create an A record for whatever host you want, for example . for the root domain of your domain. You can also create an A record for * so all requests all routed to Bluemix.
The A record needs to point to 75.126.81.68 for the US-South Instance.
For the EU-GB region in London you need to create an A record that points to 5.10.124.141.
The good news is Bluemix supports custom domains which you have to configure in the Bluemix management dashboard. To do this you should follow these easy steps:
Login to the Bluemix admin dashboard
Go to the 'Manage Your Organization' tab in the dashboard
Click on the domains admin link to open the domain management UI
Enter your domain name (you need to have registered this domain already and have access to the DNS settings).
Login to your DNS management dashboard and set your DNS settings:
a. Create an A-RECORD for the home domain *.domain.com
b. Set the A-RECORD to your instance IP (you can find this on the admin page)
c. Commit and save the changes
This will take up to 48-hours to propagate, but you can test it within 30-min.