Uly.me

cloud engineer

  • Home
  • About
  • Archives
Home/Archives for dns

August 23, 2019

Outbound DNS

Here’s a typical setup for an Outbound DNS server.

What are unbound servers? Unbound servers are a validating, recursive and caching DNS server

Install Unbound DNS

yum install unbound

yum install unbound

Configuration: /etc/outbound/outbound.conf

server:
        interface: 0.0.0.0
        access-control: 0.0.0.0/0 allow
        local-zone: "10.in-addr.arpa." nodefault
forward-zone:
        name: "10.in-addr.arpa."
        forward-addr: 169.254.169.253
forward-zone:
        name: "ec2.internal"
        forward-addr: 169.254.169.253
forward-zone:
        name: '.'
        forward-addr: 10.10.10.1
        forward-addr: 10.10.11.2

server: interface: 0.0.0.0 access-control: 0.0.0.0/0 allow local-zone: "10.in-addr.arpa." nodefault forward-zone: name: "10.in-addr.arpa." forward-addr: 169.254.169.253 forward-zone: name: "ec2.internal" forward-addr: 169.254.169.253 forward-zone: name: '.' forward-addr: 10.10.10.1 forward-addr: 10.10.11.2

Unbound Start, Stop, Restart and Status

service outbound start | stop | restart | status

service outbound start | stop | restart | status

June 14, 2019

Route 53 Policy to Change Records

Here’s the IAM policy you’ll need to change Route 53 DNS records. Substitute with your own hosted zone id.

{
   "Statement":[{
      "Effect":"Allow",
      "Action":["route53:ChangeResourceRecordSets"],
      "Resource":"arn:aws:route53:::hostedzone/*HOSTEDZONEID*"
      }
   ],
   "Statement":[{
      "Effect":"Allow",
      "Action":["route53:GetChange"],
      "Resource":"arn:aws:route53:::change/*"
      }
   ]
}

{ "Statement":[{ "Effect":"Allow", "Action":["route53:ChangeResourceRecordSets"], "Resource":"arn:aws:route53:::hostedzone/*HOSTEDZONEID*" } ], "Statement":[{ "Effect":"Allow", "Action":["route53:GetChange"], "Resource":"arn:aws:route53:::change/*" } ] }

Add to policy to a user.

June 14, 2019

Change DNS Records in Route 53 via CLI

How to change DNS records in Route 53 via AWS CLI.

  • Assuming AWS CLI is already configured
  • Uses Route53 change-resource-record-sets to update DNS records
  • Substitute with your own hosted-zone-id
  • Uses JSON files containing record sets
  • See JSON file examples below
cd /path/to/scripts/
# the command to switch to the elb
aws route53 change-resource-record-sets --hosted-zone-id xxxxxxxxxxxxxx --change-batch file://elb.json
# the command to switch to standard site
aws route53 change-resource-record-sets --hosted-zone-id xxxxxxxxxxxxxx --change-batch file://live.json

cd /path/to/scripts/ # the command to switch to the elb aws route53 change-resource-record-sets --hosted-zone-id xxxxxxxxxxxxxx --change-batch file://elb.json # the command to switch to standard site aws route53 change-resource-record-sets --hosted-zone-id xxxxxxxxxxxxxx --change-batch file://live.json

elb.json = points to AWS ELB (elastic load balancer)

{
   "Comment": "back to elb",
   "Changes": [
      {
         "Action": "UPSERT",
         "ResourceRecordSet": {
            "Name": "yourdomain.com",
            "Type": "A",
            "AliasTarget": {
               "HostedZoneId": "xxxxxxxxxxxxxx",
               "EvaluateTargetHealth": false,
               "DNSName": "xxxxxxxxxxxxx.us-east-1.elb.amazonaws.com."
            }
         }
      }
   ]
}

{ "Comment": "back to elb", "Changes": [ { "Action": "UPSERT", "ResourceRecordSet": { "Name": "yourdomain.com", "Type": "A", "AliasTarget": { "HostedZoneId": "xxxxxxxxxxxxxx", "EvaluateTargetHealth": false, "DNSName": "xxxxxxxxxxxxx.us-east-1.elb.amazonaws.com." } } } ] }

live.json = points to your standard site. Value is your IP Address.

{
   "Comment": "back to live",
   "Changes": [
      {
         "Action": "UPSERT",
         "ResourceRecordSet": {
            "Name": "yourdomain.com",
            "Type": "A",
            "TTL": 60,
            "ResourceRecords": [
               {
                  "Value": "xxx.xxx.xxx.xxx"
               }
            ]
         }
      }
   ]
}

{ "Comment": "back to live", "Changes": [ { "Action": "UPSERT", "ResourceRecordSet": { "Name": "yourdomain.com", "Type": "A", "TTL": 60, "ResourceRecords": [ { "Value": "xxx.xxx.xxx.xxx" } ] } } ] }

January 7, 2019

Resolv.conf

Resolv.conf is a computer file used by various operating systems as a DNS resolver. The file is in plain text. It’s usually generated by the system administrator or a network program. The file is located in the /etc/ directory and contains the search domain as well a list of nameservers.

Here’s an example of the /etc/resolv.conf file.

search domain.com local.lan
nameserver 1.1.1.1
nameserver 8.8.8.8
nameserver 9.9.9.9

search domain.com local.lan nameserver 1.1.1.1 nameserver 8.8.8.8 nameserver 9.9.9.9

If you have problems resolving domain names, check this file first.

June 24, 2018

Failover Test

How to failover a website without actually doing a failover? It’s actually easier than you think. The key is to trick your computer that it’s pointing to a failover website. You can easily do this by editing your hosts file and adding a DNS entry. In both Linux and MacOS, you can edit the /etc/hosts file and add the failover site like the following below.

# /etc/hosts
# failover site
# xxx.xxx.xxx.xxx   yourdomain.com

# /etc/hosts # failover site # xxx.xxx.xxx.xxx yourdomain.com

xxx.xxx.xxx.xxx is the IP address of your failover site.
If you need to test the failover site, just uncomment the IP address.
Replace a comment if you’re done testing.

  • 1
  • 2
  • Next Page »
  • Cloud
  • Linux
  • Git

Copyright © 2012–2021