Route53 Hosted Zone with Domain in different Account - amazon-route53

I had my set up in account A:
domain bought
hosted zone
I moved my domain name to account B.
The hosted zone is still in account A.
Why is the traffic routed correctly - I can see the expected content when I access my website, shouldn't make sense to have the hosted zone in the same account as my domain?
Where can I find the docs to clear my mind, please.

There are two items to understand in your question:
Authoritative name servers
Hosted zones
The registrar for your domain contains the IP addresses or hostnames of the authoritative name servers. Those name servers can be located anywhere. Authoritative names servers are the DNS servers used to resolve DNS queries for your domain.
A Hosted Zone is a collection of DNS resource records similar to a database.
In your case, your domain is located in account B, with either hostnames or IP addresses that resolve to resources located in account A. There is no problem with that design and is in fact commonly deployed for security and isolation.

Related

Cloud DNS delegated zone management in another GCP account

What needs to be configured in Google Domains domain in GCP Account A that will allow zone management in another GCP account (GCP Account B)?
There is no relationship between the accounts and Account B corporate policy will not allow specific user permissions for a user on another account.
Clarification & Update:
Title updated. After investigation, it appears that the issue is configuring DNS delegation.
Now working on this assumption: "Child subdomain DNSKEY record hashed results are compared with the DS record stored in the parent zone. If there is a match, the resolver can trust all records in the child zone."
Assuming a domain registered as example.com (parent) and a subdomain dev.example.com setup in Cloud DNS in a separate account:
Turn on DNSSEC in the subdomain Cloud DNS zone
Click on Registrar Setup and enter the information in the parent zone NS and DS records. The parent zone acts as the 'registrar' for the subdomain
Now, the subdomain zone can answer authoritatively for queries for domains such as one.dev.example.com, two.dev.example.com etc.

How to use Netlify DNS for domains managed by AWS Route 53?

I have a domain registered at Route 53, but I want to have Netlify manage the DNS for this domain (the entire domain, unlike other questions about subdomains). I set the NS record for the domain to point to Netlify's name servers, but Netlify's custom domain configuration tool still claims that DNS is not configured correctly.
Below is a screenshot showing my current Route53 hosted zone configuration, with the NS records clearly pointed at Netlify's DNS servers. I waited for DNS propagation timeouts, flushed Google's DNS cache, and tried other suggestions and nothing worked.
The problem turned out to be that setting the NS records in the hosted zone doesn't actually let Netlify manage the DNS for the domain. Instead, you need to change the nameservers in the Registered Domains section of the Route 53 console. (NOT the Hosted Zones section.)
On that page, remove the AWS nameservers and add Netlify's nameservers. It will look like this when it's done: (Note that your nameserver hostnames may be different; copy them from Netlify's Custom Domain page)
Kudos to Netlify's support team for writing a doc that explains how to do this. It was admittedly hard to find this doc in Google because there are so many different Netlify docs about various DNS intricacies. But eventually Googling helped me find it.
In retrospect, it's now obvious to me that adding DNS records to a zone (even NS records!) can't change the nameservers used by the domain. But it would have been nice if the AWS console included this info when I edited the NS records so I didn't waste a few hours.
Leaving this answer here for the next victim. 😁
For domain registered at Route 53 and Netlify managing the DNS. It worked for me by changing the name servers both from the "Registered Domain" area and "Hosted Zone".

How do I find out the domain name provider from our company?

I want to verify domain ownership via DNS record like this :
There said to sign in to the domain name provider. I am confused how to sign in to the domain name provider. So I get some reference and the reference says to use https://www.whoishostingthis.com/
I check our domain and I get like this :
Is the domain name provider cloudflare? Do I have to log in to cloudflare?
But my colleague said that our website uses the portal azure
Which is true? Login to cloudflare or login to portal azure? I want to copy the TXT record into the DNS configuration
All your domain's DNS records (including TXT record) are stored in its DNS zone. Where its active DNS zone is located is determined by the domain's name servers. In turn, a domain's name servers are set with the domain's registrar.
Based on your screenshot you provided, your Nameservers (NS) are pointing to CloudFlare, so this means you would need to add your TXT record there.
Here is the article for adding a TXT record: https://cloud.google.com/identity/docs/verify-domain-txt

How are domain names stored?

I have three domains hosted with GoDaddy, these three domains point to the digital ocean name servers, where I can manage the DNS records, I can still access the domains through my GoDaddy account and GoDaddy still change me yearly for these domains.
I was wondering how these domain names are still available on GoDaddy, if they are pointing to the digital ocean name servers? and how can GoDaddy still charge me to host the domains if they are pointing to another name server?
I'm finding it hard to understand the general architecture of this whole thing.
GoDaddy is in this case the service provider who has rented the domain for you from the responsible registrar. A domain name registrar is an organization that manages the reservation of Internet domain names.
By changing the name server you only change an entry of the domain that shows which name server is responsible for resolving the domain. If you have set your domain's NS record to the Digital Ocean name servers, Digital Ocean's name servers are now responsible for resolving the domain names. Here is a HowTo
If your domain is pointing to another name server, then the Dommain is still in the administration area of GoDaddy, for which you have to pay GoDaddy.
I am not a digital ocean expert, but I don't think you can host / rent a domain directly there. So you've done everything right.
An Introduction to DNS Terminology, Components, and Concepts

Pointing 1and1 domain to an S3 bucket

I've registered my domain about a month ago (It's a .com, so I need to wait 60 days before being allowed to transfer the domain, which I will do as I'm fed up with 1and1's service)
I created an Amazon S3 bucket with my domain name: example.com and www.example.com.
All my Amazon S3 settings are in order, I've enabled website hosting, I have an index document...
In 1and1, I've set my redirect destination for example.com to my S3 bucket endpoint.
When I hit save: "Operation Failed, The redirect URL is invalid."
What am I doing wrong?
You do not have to wait 60 days.
There are two different services that are commonly confused because providers often market then together: domain registrar services and domain hosting.
You can change your hosting provider at any time, by changing the configuration options with the current registrar. This change typically takes effect almost immediately, though conventional wisdom is that it may require up to 48 hours to take effect globally.
Create a new "hosted zone" in Route 53 for your domain. Take note of the four "awsdns" name servers that Route 53 assigns.
Log in to your registrar's admin portal and find the option the change your authoritative name server configuration. Replace the registrar's default name servers with the four provided by Route 53.
You will then use the Route 53 console to create your DNS records, including the appropriate "Alias" records pointing your domain to the S3 web site endpoint.
After the 60 days, you can change the registrar to Route 53, or any other registrar you like, continuing to use the authoritative name servers assigned to your domain by Route 53.
Route 53 is the simplest option for DNS hosting when you are using S3 for static website hosting (or CloudFront or Elastic Load Balancer) simply because of the tight integration provided by Alias records, which offer capabilities that CNAMEs can't and other DNS hosting providers can't, because they don't have direct access to the operational internals of AWS.
It sounds like you configured your domain name to use a Redirect instead of a CNAME record. Create a CNAME record to your AWS domain.
Here are some instructions:
http://help.1and1.com/domains-c36931/manage-domains-c79822/dns-c37586/enter-a-cname-record-for-your-domain-a643600.html
Sometimes people don't want to create CNAMEs for their root domain and prefer to redirect from example.com to www.example.com