Uly.me

cloud engineer

Home/Archives for dns

Outbound DNS

Here’s a typical setup for an Outbound DNS server.

What are unbound servers? Unbound servers are a validating, recursive and caching DNS server

Install Unbound DNS

yum install unbound

Configuration: /etc/outbound/outbound.conf

server:
        interface: 0.0.0.0
        access-control: 0.0.0.0/0 allow
        local-zone: "10.in-addr.arpa." nodefault
forward-zone:
        name: "10.in-addr.arpa."
        forward-addr: 169.254.169.253
forward-zone:
        name: "ec2.internal"
        forward-addr: 169.254.169.253
forward-zone:
        name: '.'
        forward-addr: 10.10.10.1
        forward-addr: 10.10.11.2

Unbound Start, Stop, Restart and Status

service outbound start | stop | restart | status

Route 53 Policy to Change Records

Here’s the IAM policy you’ll need to change Route 53 DNS records. Substitute with your own hosted zone id. 

{
   "Statement":[{
      "Effect":"Allow",
      "Action":["route53:ChangeResourceRecordSets"],
      "Resource":"arn:aws:route53:::hostedzone/*HOSTEDZONEID*"
      }
   ],
   "Statement":[{
      "Effect":"Allow",
      "Action":["route53:GetChange"],
      "Resource":"arn:aws:route53:::change/*"
      }
   ]
}

Add to policy to a user.

Change DNS Records in Route 53 via CLI

How to change DNS records in Route 53 via AWS CLI.

  • Assuming AWS CLI is already configured
  • Uses Route53 change-resource-record-sets to update DNS records
  • Substitute with your own hosted-zone-id
  • Uses JSON files containing record sets
  • See JSON file examples below 
cd /path/to/scripts/
# the command to switch to the elb
aws route53 change-resource-record-sets --hosted-zone-id xxxxxxxxxxxxxx --change-batch file://elb.json
# the command to switch to standard site
aws route53 change-resource-record-sets --hosted-zone-id xxxxxxxxxxxxxx --change-batch file://live.json

elb.json = points to AWS ELB (elastic load balancer)

{
   "Comment": "back to elb",
   "Changes": [
      {
         "Action": "UPSERT",
         "ResourceRecordSet": {
            "Name": "yourdomain.com",
            "Type": "A",
            "AliasTarget": {
               "HostedZoneId": "xxxxxxxxxxxxxx",
               "EvaluateTargetHealth": false,
               "DNSName": "xxxxxxxxxxxxx.us-east-1.elb.amazonaws.com."
            }
         }
      }
   ]
}

live.json = points to your standard site. Value is your IP Address.

{
   "Comment": "back to live",
   "Changes": [
      {
         "Action": "UPSERT",
         "ResourceRecordSet": {
            "Name": "yourdomain.com",
            "Type": "A",
            "TTL": 60,
            "ResourceRecords": [
               {
                  "Value": "xxx.xxx.xxx.xxx"
               }
            ]
         }
      }
   ]
}