Search code examples
amazon-web-servicesdnsnameserversa-records

What IP address do we give to clients to point to our domain on route 53?


I've done a bit of searching on Stack Overflow and the web but I can't seem to find an answer to this - I'm hoping it is possible.

Currently, the flow for our cloud SaaS system is:

Our domain name (Company A) -> Managed hosting (Company B) -> Loads our website

We can also ask clients to point their domain name to us, such that when you type in their domain name, it loads their website on our platform, not our website, e.g.:

Our domain name (Company A) -> Managed hosting (Company B) -> Loads our website

Client domain name (Company C) -> Managed hosting (Company B) -> Loads their website

Client domain name (Company D) -> Managed hosting (Company B) -> Loads their website

To do that, the instructions we give to clients are:

You can either change the name servers of your domain name to ours, e.g.

ns1.ourwebsite.com

ns2.ourwebsite.com

Or, if you have other services connected, complex DNS etc, add two A records, e.g.

www.theirsite.com -> 111.222.333.444

theirsite.com -> 111.222.333.444

This works quite well. However it means hundreds of clients either point to our name servers, or point to our IP address. If we change hosting, we have to update hundreds of clients in a managed way.

We would like to move our primary domain to Route 53, and route traffic that way. For example:

client domain A -> route 53 -> our hosting

client domain B -> route 53 -> our hosting

This means that if we change hosting in future, we just have to update route 53 once.

Is there a clean way to do this?

All I can seem to find is we need to give clients the standard 4 route 53 name servers, e.g.

ns-XXXX.awsdns-XX.com

ns-XXXX.awsdns-XX.net

ns-XXXX.awsdns-XX.org

ns-XXXX.awsdns-XX.co.uk

However some clients don't want to point the name servers to us (understandably in most cases due to their complexity). Is there a way around this?

The crux really is can we give people an IP address for their A records? Or can they do something with a CNAME instead?

I've read a bit about private name servers but I think that ends up with the same problem: having to give clients name servers rather than an IP address.

Any advice anyone has would be amazing.

Kind Regards,

AB


Solution

  • You should always use a CNAME for this type of stuff. I think taking over responsibility of hosting someone's entire zone (NS records) seems risky.

    Unfortunately, the CNAME options works fine for subdomains (www.domain.com) but it does not work for the so-called 'apex' domain. (domain.com).

    For the latter, your only option is an A record. However, many DNS hosts have a feature a that allows you to simulate 'CNAME record behavior' on an A record. If your customers for example use namecheap or route53, they can use 'alias' records which:

    • Looks like a CNAME record
    • But really uses an A record
    • And it occasionally updates the A record if the ip of the domain you're pointing to changes.

    If you're looking for other examples of this, they are all over the place. For example, github pages has the same issue and they also have a description on how to deal with apex records and non-apex records.

    Lastly, another option might be to suggest a free cloudflare account.