Branded DNS or white labeling on Amazon Route 53

Virtual hosting management is a difficult, but interesting task in implementation, which is constantly associated with various difficulties.

For example, when you have hundreds of clients, you have to deal with a large number of domain names, which usually belong to different registrars and belong to different people. This situation is not always easy to handle.

Therefore, I would like to share the success story of one of our customers, demonstrating how you can use Amazon Route 53 in a shared hosting.

')
Any normal hoster provides its NS servers for servicing client domains. Moreover, it is highly desirable to actually use them - in the future this will facilitate the migration of client sites from the server to the server or recovery from the backup. In this case, the hoster does not need client participation in order to establish new IPs for the domain, therefore, in the event of maintenance work or an accident, the sites will work in a new place with minimal or no downtime.
Usually NS servers look like this:

• ns1.awesome-hoster.com
• ns2.awesome-hoster.com

If you decide to use Amazon Route 53 as a DNS hosting service, you will quickly notice that by default it provides a separate set of NS servers for each domain:

• ns-XXXX.awsdns-XX.org
• ns-XXXX.awsdns-XX.co.uk
• ns-XXXX.awsdns-XX.com
• ns-XXXX.awsdns-XX.net

Here’s how it looks from the Route 53 panel:


As can be seen in the section called “Hosted Zone Details” located on the right of the screenshot, name servers have addresses like “ns-1072.awsdns-06.org” . This means that the DNS will not start its work until these addresses are specified by the registrar of this domain name.

How to get one set of NS servers for all, and even a white label? Switching domains one by one is clearly not an option.

There is a solution - the Route 53 API allows you to create a “reusable delegation set” or, if in Russian, a reused set of NS servers. Interestingly, this functionality is not available from the Route 53 panel itself.

However, even in this case, the new set of servers has the same “scary” look:

• ns-XXXX.awsdns-XX.org
• ns-XXXX.awsdns-XX.co.uk
• ns-XXXX.awsdns-XX.com
• ns-XXXX.awsdns-XX.net

In fact, nothing wrong with that. The idea is to create all domain zones with one set of name servers, and to specify the Amazon IP addresses of name servers as IP addresses for ns1.awesome-hoster.com and ns2.awesome-hoster.com . Yes, the IP of those ns-XXXX.awsdns-XX.org and ns-XXXX.awsdns-XX.co.uk , as an example.

If you are using a Plesk control panel, we recommend using our extension to integrate with Route 53. This extension automates the creation of domain zones in Route 53 and supports the “reusable delegation set” .

The extension is installed in one click from the directory in Plesk itself (“Extensions” in the main menu and then “Extension Catalog”).


Follow the expansion instructions to get a pair of secret keys on the Amazon portal and enable synchronization. Each domain created in Plesk will immediately receive a domain zone in Route 53.

Let's go back to the “reusable delegation set” and look at the functionality that gives us an extension to manage these sets. Using the extension, you can create a new, reusable set of name servers, or make one of the existing sets such. To do this, you need to open the extension, go to the “Reusable Delegation Sets” tab and select “Create Delegation Set” . As a result, a new set of 4 name servers will appear, which we will use by default.


Now all new domain zones created in Plesk will use the same set of name servers. It should be noted that Route 53 imposes a restriction that does not allow changing name servers in already existing zones. To change the set, you will have to recreate each zone, indicating the correct set, and this is another task. The interface of the Route 53 panel by all means prevents the zone from being deleted: you must first delete all resource records from it, except for NS, and only after that you can delete the zone.

In our expansion, we offer tools for group operations (under the “Mass Management” tab), which allow, in one click, to delete and re-create in Route 53 all domain zones registered in Plesk, without the difficulties inherent in the Route 53 panel.


When the synchronized zones contain a single set of servers, you can switch A records ns1.awesome-hoster.com and ns2.awesome-hoster.com to the IP addresses of the corresponding servers from the set (just select 2 of them). It should be noted that the CNAME record in this case will not work for security reasons.

To make sure the settings are correct, we can use the command line utility dig or the online service from Google .

Consider the following restrictions that Route 53 imposes on us:

• Subdomains should not have a separate zone: by default, Plesk creates an A record with the name of the subdomain in the parent's zone, however, the delegation of the subdomain in a separate zone will result in an error: “VPC or Delegation Set”.
• By default, the maximum number of zones using one set of servers is 100. This number can be increased upon request .
• The total number of zones is limited to 500, but can also be increased .

In addition to high availability, the cloud provider offers scalability: configure DNS checks to switch to site backup, have geo-distributed traffic, and more. But this is a separate topic for future articles.

We would be interested to learn from the experience of other Amazon Route 53 users. We are looking forward to your comments!