Migrating DNS from ZoneEdit to Amazon Route 53

Submitted by hc on Sun, 2013-01-20 11:54
hc's picture

I've used ZoneEdit for a long, long time. I've never like the idea of a DNS service that was bundled with something else (domain purchasing, hosting etc), so ZoneEdit seemed a pretty good match. Wasn't free (if you paid for a bit of extra redundancy) but didn't cost the $30+ / year some vendors weere charging. Until a few years back, it looked so ugly that it had to be good. ;-)

Recently I fell out of love with it though; I've had several instances where changes made to a record set failed to propagate to all the nominated name servers, which seems like a fundamental for a DNS service. Worse still, support requests have gone completely unanswered for over a week. So, I shopped around, and Amazon's Route 53 seemed like the ticket, $6 / domain / year, plus per query charges seemed  like a fair deal for the quality of service. Teh management console for Route 53 is pretty basic (it came later). Instead, the best tools use the management API. Here's how I've gone about migrating, using one of these, the command line tool cli53

You need a *nix box, with Python installed. I'm not a *nix guru, by any stretch, but I've built, broken and fixed a few Ubuntu boxes over the last 3-4 years, so I've become more comfortable with it. The general principal is as follows:

  • export BIND zone files from ZoneEdit
  • tweak zone files by hand (remove a few lines, add a line)
  • import zone file into Amazon Route 53
Here's a quick step by step, in this case using Ubuntu 12.x; assumptions are that you already have a paid Amazon Web Services (AWS) account, and can use a text editor (in this case pico).
Install the Python package manager, pip:

sudo apt-get install python-pip

and then, using pip, install the cli53 python script and dependencies:

sudo pip install cli53

Once you've got cli53 installed, you need to configure it to use your AWS id and access key. That involves editing the ~/.boto file to include your AWS credentials, as per this guide.   When you log in to the AWS console, go to the Route 53 control panel and make sure the service is enabled. 
To check that your credentials are working, ask for a list of all zones held at Amazon (which should be empty initially):

cli53 list

If you get back an auth error, check your credentials are set up correctly. 

Now, turning to your existing zones, first get a handle on the nameservers they are using at ZoneEdit.

dig your.domain.com

In the data that comes back will be a reference to the name servers used, in the form of several NS records. Now that we know the addresses of the name servers, we can query them directly for the required data (where xxx is the name server address, ns2, ns4 etc). In this, at least, ZoneEdit are useful, in that you can extract a full zone file from their servers directly. Not sure if you'd call this a feature, or a security hole, but there no such thing as a private DNS entry there. Not all servers will cough up all info, as the axfr flags are asking.

dig @xxx.zoneedit.com your.domain.com axfr >your.domain.com.txt

This dumps your zone info into a text file, almost ready to import using cli53. Open the resulting file in a text editor and make the following edits:

  • remove all NS records, and references to an SOA record, as Route 53 will handle these.
  • add the following line at the front of the file: $ORIGIN your.domain.com. making sure you include the trailing full stop
You should now be ready to import the zone file to Route 53, using the cli53 tool. Firstly, create the zone, with an optional comment:

cli53 create your.domain.com --comment "an extra comment"

and then import the edited zone file:

cli53 import your.domain.com --file your.domain.com.txt

You should get back a status message indicating the changes are pending. That's pretty much it. If you want a confirmation that all is well, log into the AWS management console, and look in your Route 53 control panel to make sure things appear as you'd expect.

Once satisfied, the last step is to redelegate your domains' DNS across to AWS, via whatever mechanism your registrar of choice uses. 


Drupal theme by Kiwi Themes.