ns1.example.com和
ns2.example.com
这样我就可以将它们用作其他域的名称服务器.假设我想通过将mydomain2.com的名称服务器更改为ns1.example.com和ns2.example.com来将mydomain2.com转发到负载均衡器.但是我不确定我是如何添加子域ns1和ns2并将它们指向亚马逊Route53 gui控制台中的LB.
我将感谢任何帮助.
解决方法
http://neonos.net/white-labeled-dns-name-servers-on-amazon-route-53-with-delegation-sets/
该功能已于2014年11月由亚马逊编程,但尚未在基于Web的控制台中实施,希望他们能尽快完成.我也没有关于此主题的文档或任何文章.但我能够通过使用AWS CLI Client来做到这一点,如下:
Create your delegation set使用CLI客户端:
aws route53 create-reusable-delegation-set --caller-reference MyDelegationSet
这将返回如下内容:
{
"Location": "https://route53.amazonaws.com/2015-01-01/delegationset/xxx","DelegationSet": {
"NameServers": [
"ns-xxx.awsdns-xx.com","ns-xxx.awsdns-xx.co.uk","ns-xxx.awsdns-xx.org","ns-xxx.awsdns-xx.net"
],"CallerReference": "MyDelegationSet","Id": "/delegationset/XXXXXXXXXX"
}
}
创建可重用委托集后,需要使用CLI客户端create the hosted zone,这将允许您将新区域与上面创建的委托集关联.
aws route53 create-hosted-zone --delegation-set-id /delegationset/XXXXXXXX --name mydomain.tld --caller-reference UNIQUEREFERENCEID
使用输出中找到的名称服务器列表,ping每个服务器以获取IP地址.使用IP地址在父区域中创建粘合记录(使用A记录).我推荐更短的TTL,以防亚马逊通知IP区域的IP更改.我打电话给我的route531.mydomain.com,route532 ……等等.
现在在注册商处更新您的域名服务器,然后更新您的Route53以将这些域名服务器包括为权威名称服务器.
更多信息:
亚马逊声称可以在没有任何进一步参考的情况下对这些名称服务器进行白名称.
“This feature also makes it possible for you to create “white label”
name server addresses such as ns1.example.com,ns2.example.com,etc.,
which you can point to your Route 53 name servers. You can then use
your “white label” name server addresses as the authoritative name
servers for as many of your domain names as desired.” –SeanM@AWS
https://forums.aws.amazon.com/ann.jspa?annID=2733
问题是,亚马逊还表示,他们不能保证名称服务器的IP不会改变.
https://forums.aws.amazon.com/thread.jspa?messageID=474708
“We do promise that the DNS names of your Route 53 nameservers will
not change,but we can’t make the same guarantee about their IP
addresses. If they were to change in the future,your DNS could
silently break if you used them in this unsupported way.” — DavidR@AWS Jan 25,2011
在您惊慌失措之前,这可能会让您感觉更好:
Some registrars only allow you to specify name servers using IP
addresses; they don’t allow you to specify fully qualified domain
names. If your registrar requires using IP addresses,you can get the
IP addresses for your name servers using the dig utility (for Mac,
Unix,or Linux) or the nslookup utility (for Windows). We rarely
change the IP addresses of name servers; if we need to change IP
addresses,we’ll notify you in advance.
07006
请记住,为每个名称服务器创建具有您自己的域的CNAME记录是一个坏主意,即使理论上这将解决IP问题的更改,这是一个坏主意:
NS records pointing to a CNAME is bad and may conflict badly with
current BIND servers. In fact,current BIND implementations will
ignore such records,possibly leading to a lame delegation. There is a
certain amount of security checking done in BIND to prevent spoofing
DNS NS records. Also,older BIND servers reportedly will get caught in
an infinite query loop trying to figure out the address for the
aliased nameserver,causing a continuous stream of DNS requests to be
sent. –RFC1912
