amazon-web-servicesdnsamazon-route53
AWS Route 53: dig (my subdomain) returns no records
I got a domain (skhole.club) from Route 53 and automatically generated a host zone skhole.club.
And I created a new host zone alb.skhole.club.
Records are added by my terraform codes.
When I run the dig command in skhole.club, dig returns records.
On the other hand, alb.skhole.club returns no records.
This is the first time using a custom domain so I may make an elementary mistake. Any Solutions or Hints?
Terraform file (route53.tf)
version
required_providers {
aws = {
source = "hashicorp/aws"
version = "4.59.0"
}
}
data "aws_route53_zone" "host_domain" {
name = local.host_domain
}
data "aws_route53_zone" "alb" {
name = "alb.${local.host_domain}"
}
resource "aws_route53_record" "cert_validation" {
for_each = {
for dvo in aws_acm_certificate.cert.domain_validation_options : dvo.domain_name => {
name = dvo.resource_record_name
record = dvo.resource_record_value
type = dvo.resource_record_type
}
}
allow_overwrite = true
name = each.value.name
records = [each.value.record]
ttl = 60
type = each.value.type
zone_id = data.aws_route53_zone.host_domain.zone_id
}
resource "aws_route53_record" "cert_alb" {
for_each = {
for dvo in aws_acm_certificate.cert.domain_validation_options : dvo.domain_name => {
name = dvo.resource_record_name
record = dvo.resource_record_value
type = dvo.resource_record_type
} if length(regexall("^\\*\\.", dvo.domain_name)) == 0
}
allow_overwrite = true
name = each.value.name
records = [each.value.record]
ttl = 60
type = each.value.type
zone_id = data.aws_route53_zone.alb.zone_id
}
resource "aws_acm_certificate" "cert" {
domain_name = local.host_domain
subject_alternative_names = ["alb.${local.host_domain}"]
validation_method = "DNS"
tags = {
Environment = var.app_environment
}
lifecycle {
create_before_destroy = true
}
}
resource "aws_acm_certificate_validation" "cert" {
certificate_arn = aws_acm_certificate.cert.arn
validation_record_fqdns = [for record in aws_route53_record.cert_validation : record.fqdn]
}
resource "aws_acm_certificate_validation" "alb" {
certificate_arn = aws_acm_certificate.cert.arn
validation_record_fqdns = [for dvo in aws_acm_certificate.cert.domain_validation_options : dvo.resource_record_name]
}
resource "aws_route53_record" "site" {
zone_id = data.aws_route53_zone.host_domain.zone_id
name = local.host_domain
type = "A"
alias {
name = aws_cloudfront_distribution.static-skhole.domain_name
zone_id = aws_cloudfront_distribution.static-skhole.hosted_zone_id
evaluate_target_health = false
}
}
resource "aws_route53_record" "alb" {
zone_id = data.aws_route53_zone.alb.zone_id
name = "alb.${local.host_domain}"
type = "A"
alias {
name = aws_lb.application_load_balancer.dns_name
zone_id = aws_lb.application_load_balancer.zone_id
evaluate_target_health = false
}
}
Route 53 Console
skhole.club
alb.skhole.club
dig command response
dig skhole.club
> dig skhole.club ns +short
ns-306.awsdns-38.com.
ns-1898.awsdns-45.co.uk.
ns-1111.awsdns-10.org.
ns-526.awsdns-01.net.
dig alb.skhole.club (no response)
> dig alb.skhole.club ns +short
Solved
The subdomain should be in the main domain host zone.
Solution
Do not create a separate Hosted Zone for the subdomain.
Instead, simply create the Alias=Yes A-record in the original Hosted Zone with a record name of alb.skhole.club.