Migrating DNS from ZoneEdit to Amazon Route 53
I've used ZoneEdit for a long, long time. I've never like the idea of a DNS service that was bundled with something else (domain purchasing, hosting etc), so ZoneEdit seemed a pretty good match. Wasn't free (if you paid for a bit of extra redundancy) but didn't cost the $30+ / year some vendors weere charging. Until a few years back, it looked so ugly that it had to be good. ;-)
Recently I fell out of love with it though; I've had several instances where changes made to a record set failed to propagate to all the nominated name servers, which seems like a fundamental for a DNS service. Worse still, support requests have gone completely unanswered for over a week. So, I shopped around, and Amazon's Route 53 seemed like the ticket, $6 / domain / year, plus per query charges seemed like a fair deal for the quality of service. Teh management console for Route 53 is pretty basic (it came later). Instead, the best tools use the management API. Here's how I've gone about migrating, using one of these, the command line tool cli53.
You need a *nix box, with Python installed. I'm not a *nix guru, by any stretch, but I've built, broken and fixed a few Ubuntu boxes over the last 3-4 years, so I've become more comfortable with it. The general principal is as follows:
- export BIND zone files from ZoneEdit
- tweak zone files by hand (remove a few lines, add a line)
- import zone file into Amazon Route 53
sudo apt-get install python-pip
sudo pip install cli53
If you get back an auth error, check your credentials are set up correctly.
Now, turning to your existing zones, first get a handle on the nameservers they are using at ZoneEdit.
In the data that comes back will be a reference to the name servers used, in the form of several NS records. Now that we know the addresses of the name servers, we can query them directly for the required data (where xxx is the name server address, ns2, ns4 etc). In this, at least, ZoneEdit are useful, in that you can extract a full zone file from their servers directly. Not sure if you'd call this a feature, or a security hole, but there no such thing as a private DNS entry there. Not all servers will cough up all info, as the axfr flags are asking.
dig @xxx.zoneedit.com your.domain.com axfr >your.domain.com.txt
This dumps your zone info into a text file, almost ready to import using cli53. Open the resulting file in a text editor and make the following edits:
- remove all NS records, and references to an SOA record, as Route 53 will handle these.
- add the following line at the front of the file: $ORIGIN your.domain.com. making sure you include the trailing full stop
cli53 create your.domain.com --comment "an extra comment"
and then import the edited zone file:
cli53 import your.domain.com --file your.domain.com.txt
You should get back a status message indicating the changes are pending. That's pretty much it. If you want a confirmation that all is well, log into the AWS management console, and look in your Route 53 control panel to make sure things appear as you'd expect.
Once satisfied, the last step is to redelegate your domains' DNS across to AWS, via whatever mechanism your registrar of choice uses.