Overview
Delegating specific sub-domains of cucloud.net to Route 53 allows your group or department the ability to create dynamic environments with the tools provided by Amazon Web Services. While anyone can create a Hosted Zone for a sub-domain in Route 53, DNS delegation requires the owner/administrator of the parent domain ("cucloud.net") to create nameserver (NS) and start-of-authority (SOA) records that direct incoming requests for your specific sub-domain to the nameservers AWS assigned to the Hosted Zone in your account.
The root or base Hosted Zone for cucloud.net currently resides in the Kuali AWS Account.
Process workflow
Note that the example screenshots and commands reference the fictional sub-domain sms249.cucloud.net. You should substitute your own ".cucloud.net" name wherever this fictional example sub-domain name is referenced.
Selecting a sub-domain name
Despite existing outside of the traditional cornell.edu namespace, usage of the cucloud.net domain name has the potential to reflect on Cornell as an institution and should adhere to university naming standards.
Appropriate sub-domain names under cucloud.net should be:
- Representative of your department, group or project.
- Mindful of Cornell policies and practices for branding
Create the Hosted Zone
In your AWS account, create a new Hosted Zone in the Route 53 interface:
Provide the sub-domain name, a comment to describe the purpose of the sub-domain, and set the Hosted Zone Type:
It is important to note that you will most likely want to create a Public Hosted Zone. The use case for a private zone involves names you only wish to have resolved within a specific VPC, which generally falls outside the intended purpose of cucloud.net subnet delegation.
After clicking the "Create" button, the Hosted Zone will be created and you will be shown a set of Start of Authority (SOA) and Nameserver (NS) records.
In the above example screenshot, the NS records of note are:
- ns-364.awsdns-45.com
- ns-1237.awsdns-26.org
- ns-1756.awsdns-27.co.uk
- ns-742.awsdns-28.net
If you were so inclined, and had access to a Linux host with the dig utility, you could verify that the above server list produced a Start of Authority response for you new domain:
> dig +short SOA sms249.cucloud.net @ns-364.awsdns-45.com
ns-364.awsdns-45.com. awsdns-hostmaster.amazon.com. 1 7200 900 1209600 86400
> dig +short NS sms249.cucloud.net @ns-364.awsdns-45.com
ns-1262.awsdns-29.org. ns-506.awsdns-63.com. ns-709.awsdns-24.net. ns-1892.awsdns-44.co.uk.
Note that we purposely asked dig to use one of the nameservers you were provided by AWS. Performing the same query against the default resolvers on your host/workstation should produce a different result:
> dig +short SOA sms249.cucloud.net
> dig +short NS sms249.cucloud.net
In this example, no responses were received. To make your new sub-domain resolve properly, you need to request a sub-domain delegation.
Request delegation from cucloud.net administrators
Now that you've created the Hosted Zone, and optionally verified that the AWS nameservers will respond to requests for your new sub-domain, we need to have the administrators for the cucloud.net domain provide the "glue" records that will allow lookups for the sub-domain to be passed along properly so Internet users can resolve the records you create within your Hosted Zone.
You will need to send a request to cloud-support@cornell.edu with the following information:
- The full sub-domain (ie: sms249.cucloud.net).
- The full list of NS records as shown on the Hosted Zone in your account.
- A due date and an indication of priority.
The Cloud Services team will use this information to create a KDO Task for the Kuali DevOps team to complete the delegation setup.
Verify delegation
Once the Cloud Services team notifies you that the request has been completed, you should be able to verify the delegation is working properly using the dig utility:
> dig +short SOA sms249.cucloud.net
ns-364.awsdns-45.com. awsdns-hostmaster.amazon.com. 1 7200 900 1209600 86400
> dig +short NS sms249.cucloud.net
ns-1262.awsdns-29.org. ns-506.awsdns-63.com. ns-709.awsdns-24.net. ns-1892.awsdns-44.co.uk.
Note that we're no longer specifying a nameserver (via "@servername"), thus allowing normal DNS resolution to take place.
At this point, you should be all set to use your new cucloud.net sub-domain with Route 53 in your AWS account. If you experience problems, or have further questions, please contact cloud-support@cornell.edu.
Pointing cornell.edu names at your cucloud.net Hosted Zones
Please see our post on the Cloudification Blog detailing how to create CNAMEs from the cornell.edu namespace to Route 53 Hosted Zones.