{"id":52677,"date":"2025-09-12T03:05:45","date_gmt":"2025-09-12T03:05:45","guid":{"rendered":"https:\/\/www.devopsschool.com\/blog\/?p=52677"},"modified":"2025-09-12T03:05:45","modified_gmt":"2025-09-12T03:05:45","slug":"aws-route53-a-complete-guide-for-domain-work","status":"publish","type":"post","link":"https:\/\/www.devopsschool.com\/blog\/aws-route53-a-complete-guide-for-domain-work\/","title":{"rendered":"AWS: Route53  a Complete Guide for Domain work"},"content":{"rendered":"\n<p><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li>creating a <strong>public Route 53 hosted zone<\/strong> for <code>rajesh.com<\/code><\/li>\n\n\n\n<li>adding <strong>every common DNS record type<\/strong> (incl. Route 53 <strong>ALIAS<\/strong>)<\/li>\n\n\n\n<li><strong>verifying<\/strong> each record with <code>dig<\/code>\/CLI so you know it\u2019s correct<\/li>\n<\/ul>\n\n\n\n<p>I\u2019ll show <strong>console + CLI<\/strong> where useful and give a quick <strong>troubleshooting<\/strong> section at the end.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h1 class=\"wp-block-heading\">0) Prereqs<\/h1>\n\n\n\n<ul class=\"wp-block-list\">\n<li>You own the domain <code>rajesh.com<\/code> (at any registrar).<\/li>\n\n\n\n<li>You have AWS CLI configured (<code>aws sts get-caller-identity<\/code> works).<\/li>\n\n\n\n<li>You\u2019ve chosen a region (Route 53 itself is global).<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h1 class=\"wp-block-heading\">1) Create a public hosted zone for <code>rajesh.com<\/code><\/h1>\n\n\n\n<h2 class=\"wp-block-heading\">Console<\/h2>\n\n\n\n<p>Route 53 \u2192 <strong>Hosted zones<\/strong> \u2192 <strong>Create hosted zone<\/strong><\/p>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Name:<\/strong> <code>rajesh.com<\/code><\/li>\n\n\n\n<li><strong>Type:<\/strong> <em>Public hosted zone<\/em> \u2192 <strong>Create<\/strong><br>You\u2019ll get an <strong>NS<\/strong> record (four name servers) and an <strong>SOA<\/strong> record automatically. (<a href=\"https:\/\/docs.aws.amazon.com\/Route53\/latest\/DeveloperGuide\/CreatingHostedZone.html?utm_source=chatgpt.com\" target=\"_blank\" rel=\"noopener\">AWS Documentation<\/a>)<\/li>\n<\/ul>\n\n\n\n<h2 class=\"wp-block-heading\">CLI<\/h2>\n\n\n<pre class=\"wp-block-code\" aria-describedby=\"shcb-language-1\" data-shcb-language-name=\"JavaScript\" data-shcb-language-slug=\"javascript\"><span><code class=\"hljs language-javascript\">aws route53 create-hosted-zone \\\n  --name rajesh.com \\\n  --caller-reference $(date +%s)\n<\/code><\/span><small class=\"shcb-language\" id=\"shcb-language-1\"><span class=\"shcb-language__label\">Code language:<\/span> <span class=\"shcb-language__name\">JavaScript<\/span> <span class=\"shcb-language__paren\">(<\/span><span class=\"shcb-language__slug\">javascript<\/span><span class=\"shcb-language__paren\">)<\/span><\/small><\/pre>\n\n\n<p>This returns a JSON with <code>\"Id\": \"\/hostedzone\/ZABCDEFGHIJKL\"<\/code>; save that ID. (<a href=\"https:\/\/docs.aws.amazon.com\/cli\/latest\/reference\/route53\/create-hosted-zone.html?utm_source=chatgpt.com\" target=\"_blank\" rel=\"noopener\">AWS Documentation<\/a>)<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h1 class=\"wp-block-heading\">2) Delegate the domain to Route 53<\/h1>\n\n\n\n<p>At your <strong>registrar<\/strong>, set the domain\u2019s name servers to the <strong>four NS<\/strong> values shown in the hosted zone. Until this is done (and propagated), public queries won\u2019t reach Route 53. Verify delegation:<\/p>\n\n\n<pre class=\"wp-block-code\" aria-describedby=\"shcb-language-2\" data-shcb-language-name=\"PHP\" data-shcb-language-slug=\"php\"><span><code class=\"hljs language-php\"><span class=\"hljs-comment\"># What the world sees:<\/span>\ndig +short NS rajesh.com\n\n<span class=\"hljs-comment\"># What Route 53 says for your zone:<\/span>\naws route53 get-hosted-zone --id ZABCDEFGHIJKL \\\n  --query <span class=\"hljs-string\">'DelegationSet.NameServers'<\/span>\n<\/code><\/span><small class=\"shcb-language\" id=\"shcb-language-2\"><span class=\"shcb-language__label\">Code language:<\/span> <span class=\"shcb-language__name\">PHP<\/span> <span class=\"shcb-language__paren\">(<\/span><span class=\"shcb-language__slug\">php<\/span><span class=\"shcb-language__paren\">)<\/span><\/small><\/pre>\n\n\n<p>The two lists must match. If not, update at the registrar and wait for propagation (can be minutes to 48h). (<a href=\"https:\/\/docs.aws.amazon.com\/Route53\/latest\/DeveloperGuide\/dns-configuring-new-domain.html?utm_source=chatgpt.com\" target=\"_blank\" rel=\"noopener\">AWS Documentation<\/a>)<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h1 class=\"wp-block-heading\">3) Quick <code>dig<\/code> primer (you\u2019ll use this a lot)<\/h1>\n\n\n<pre class=\"wp-block-code\" aria-describedby=\"shcb-language-3\" data-shcb-language-name=\"PHP\" data-shcb-language-slug=\"php\"><span><code class=\"hljs language-php\"><span class=\"hljs-comment\"># Ask Google\u2019s resolver:<\/span>\ndig @<span class=\"hljs-number\">8.8<\/span><span class=\"hljs-number\">.8<\/span><span class=\"hljs-number\">.8<\/span> A www.rajesh.com +short\n\n<span class=\"hljs-comment\"># Ask Cloudflare\u2019s:<\/span>\ndig @<span class=\"hljs-number\">1.1<\/span><span class=\"hljs-number\">.1<\/span><span class=\"hljs-number\">.1<\/span> AAAA www.rajesh.com +short\n\n<span class=\"hljs-comment\"># Ask the authoritative Route 53 server directly:<\/span>\ndig @ns<span class=\"hljs-number\">-1234.<\/span>awsdns<span class=\"hljs-number\">-56.<\/span>org A www.rajesh.com +short\n<\/code><\/span><small class=\"shcb-language\" id=\"shcb-language-3\"><span class=\"shcb-language__label\">Code language:<\/span> <span class=\"shcb-language__name\">PHP<\/span> <span class=\"shcb-language__paren\">(<\/span><span class=\"shcb-language__slug\">php<\/span><span class=\"shcb-language__paren\">)<\/span><\/small><\/pre>\n\n\n<p>Tip: prefer targeted queries over <code>ANY<\/code> (many DNS servers don\u2019t honor <code>ANY<\/code> consistently anymore).<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h1 class=\"wp-block-heading\">4) Add records (console &amp; CLI), then verify<\/h1>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p>Replace <code>ZABCDEFGHIJKL<\/code> with your hosted zone ID.<br>Replace IPs\/targets with your real values.<\/p>\n<\/blockquote>\n\n\n\n<h2 class=\"wp-block-heading\">A \u2014 IPv4 address<\/h2>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Console:<\/strong> Create record \u2192 <strong>Simple<\/strong> \u2192 <strong>Record name:<\/strong> <code>www<\/code> \u2192 <strong>Type:<\/strong> <code>A<\/code> \u2192 <strong>Value:<\/strong> <code>203.0.113.10<\/code><\/li>\n\n\n\n<li><strong>CLI:<\/strong><\/li>\n<\/ul>\n\n\n<pre class=\"wp-block-code\" aria-describedby=\"shcb-language-4\" data-shcb-language-name=\"JavaScript\" data-shcb-language-slug=\"javascript\"><span><code class=\"hljs language-javascript\">cat &gt; a-www.json &lt;&lt;<span class=\"hljs-string\">'JSON'<\/span>\n{\n  <span class=\"hljs-string\">\"Comment\"<\/span>: <span class=\"hljs-string\">\"A record for www\"<\/span>,\n  <span class=\"hljs-string\">\"Changes\"<\/span>: &#91;{\n    <span class=\"hljs-string\">\"Action\"<\/span>: <span class=\"hljs-string\">\"UPSERT\"<\/span>,\n    <span class=\"hljs-string\">\"ResourceRecordSet\"<\/span>: {\n      <span class=\"hljs-string\">\"Name\"<\/span>: <span class=\"hljs-string\">\"www.rajesh.com.\"<\/span>,\n      <span class=\"hljs-string\">\"Type\"<\/span>: <span class=\"hljs-string\">\"A\"<\/span>,\n      <span class=\"hljs-string\">\"TTL\"<\/span>: <span class=\"hljs-number\">300<\/span>,\n      <span class=\"hljs-string\">\"ResourceRecords\"<\/span>: &#91;{<span class=\"hljs-string\">\"Value\"<\/span>: <span class=\"hljs-string\">\"203.0.113.10\"<\/span>}]\n    }\n  }]\n}\n<span class=\"hljs-built_in\">JSON<\/span>\naws route53 change-resource-record-sets --hosted-zone-id ZABCDEFGHIJKL --change-batch file:<span class=\"hljs-comment\">\/\/a-www.json<\/span>\n<\/code><\/span><small class=\"shcb-language\" id=\"shcb-language-4\"><span class=\"shcb-language__label\">Code language:<\/span> <span class=\"shcb-language__name\">JavaScript<\/span> <span class=\"shcb-language__paren\">(<\/span><span class=\"shcb-language__slug\">javascript<\/span><span class=\"shcb-language__paren\">)<\/span><\/small><\/pre>\n\n\n<p><strong>Verify:<\/strong> <code>dig A www.rajesh.com +short<\/code> \u2192 should return <code>203.0.113.10<\/code>. (<a href=\"https:\/\/docs.aws.amazon.com\/Route53\/latest\/DeveloperGuide\/ResourceRecordTypes.html?utm_source=chatgpt.com\" target=\"_blank\" rel=\"noopener\">AWS Documentation<\/a>)<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">AAAA \u2014 IPv6 address<\/h2>\n\n\n<pre class=\"wp-block-code\" aria-describedby=\"shcb-language-5\" data-shcb-language-name=\"PHP\" data-shcb-language-slug=\"php\"><span><code class=\"hljs language-php\"><span class=\"hljs-comment\"># CLI (similar to A):<\/span>\ncat &gt; aaaa-www.json &lt;&lt;<span class=\"hljs-string\">'JSON'<\/span>\n{\n  <span class=\"hljs-string\">\"Comment\"<\/span>: <span class=\"hljs-string\">\"AAAA record for www\"<\/span>,\n  <span class=\"hljs-string\">\"Changes\"<\/span>: &#91;{\n    <span class=\"hljs-string\">\"Action\"<\/span>: <span class=\"hljs-string\">\"UPSERT\"<\/span>,\n    <span class=\"hljs-string\">\"ResourceRecordSet\"<\/span>: {\n      <span class=\"hljs-string\">\"Name\"<\/span>: <span class=\"hljs-string\">\"www.rajesh.com.\"<\/span>,\n      <span class=\"hljs-string\">\"Type\"<\/span>: <span class=\"hljs-string\">\"AAAA\"<\/span>,\n      <span class=\"hljs-string\">\"TTL\"<\/span>: <span class=\"hljs-number\">300<\/span>,\n      <span class=\"hljs-string\">\"ResourceRecords\"<\/span>: &#91;{<span class=\"hljs-string\">\"Value\"<\/span>: <span class=\"hljs-string\">\"2001:db8::10\"<\/span>}]\n    }\n  }]\n}\nJSON\naws route53 change-resource-record-sets --hosted-zone-id ZABCDEFGHIJKL --change-batch file:<span class=\"hljs-comment\">\/\/aaaa-www.json<\/span>\n<\/code><\/span><small class=\"shcb-language\" id=\"shcb-language-5\"><span class=\"shcb-language__label\">Code language:<\/span> <span class=\"shcb-language__name\">PHP<\/span> <span class=\"shcb-language__paren\">(<\/span><span class=\"shcb-language__slug\">php<\/span><span class=\"shcb-language__paren\">)<\/span><\/small><\/pre>\n\n\n<p><strong>Verify:<\/strong> <code>dig AAAA www.rajesh.com +short<\/code> \u2192 <code>2001:db8::10<\/code>. (<a href=\"https:\/\/docs.aws.amazon.com\/Route53\/latest\/DeveloperGuide\/ResourceRecordTypes.html?utm_source=chatgpt.com\" target=\"_blank\" rel=\"noopener\">AWS Documentation<\/a>)<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">CNAME \u2014 canonical name (for subdomains only)<\/h2>\n\n\n\n<p>Map <code>app.rajesh.com<\/code> to <code>app.example.net.<\/code><\/p>\n\n\n<pre class=\"wp-block-code\" aria-describedby=\"shcb-language-6\" data-shcb-language-name=\"JavaScript\" data-shcb-language-slug=\"javascript\"><span><code class=\"hljs language-javascript\">cat &gt; cname-app.json &lt;&lt;<span class=\"hljs-string\">'JSON'<\/span>\n{\n  <span class=\"hljs-string\">\"Changes\"<\/span>: &#91;{\n    <span class=\"hljs-string\">\"Action\"<\/span>: <span class=\"hljs-string\">\"UPSERT\"<\/span>,\n    <span class=\"hljs-string\">\"ResourceRecordSet\"<\/span>: {\n      <span class=\"hljs-string\">\"Name\"<\/span>: <span class=\"hljs-string\">\"app.rajesh.com.\"<\/span>,\n      <span class=\"hljs-string\">\"Type\"<\/span>: <span class=\"hljs-string\">\"CNAME\"<\/span>,\n      <span class=\"hljs-string\">\"TTL\"<\/span>: <span class=\"hljs-number\">300<\/span>,\n      <span class=\"hljs-string\">\"ResourceRecords\"<\/span>: &#91;{<span class=\"hljs-string\">\"Value\"<\/span>: <span class=\"hljs-string\">\"app.example.net.\"<\/span>}]\n    }\n  }]\n}\n<span class=\"hljs-built_in\">JSON<\/span>\naws route53 change-resource-record-sets --hosted-zone-id ZABCDEFGHIJKL --change-batch file:<span class=\"hljs-comment\">\/\/cname-app.json<\/span>\n<\/code><\/span><small class=\"shcb-language\" id=\"shcb-language-6\"><span class=\"shcb-language__label\">Code language:<\/span> <span class=\"shcb-language__name\">JavaScript<\/span> <span class=\"shcb-language__paren\">(<\/span><span class=\"shcb-language__slug\">javascript<\/span><span class=\"shcb-language__paren\">)<\/span><\/small><\/pre>\n\n\n<p><strong>Verify:<\/strong> <code>dig CNAME app.rajesh.com +short<\/code> \u2192 <code>app.example.net.<\/code><br>(Then <code>dig A app.example.net +short<\/code> to see the final IPs.) (<a href=\"https:\/\/docs.aws.amazon.com\/Route53\/latest\/DeveloperGuide\/ResourceRecordTypes.html?utm_source=chatgpt.com\" target=\"_blank\" rel=\"noopener\">AWS Documentation<\/a>)<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">TXT \u2014 text (SPF, DKIM, ACM validation, misc.)<\/h2>\n\n\n<pre class=\"wp-block-code\" aria-describedby=\"shcb-language-7\" data-shcb-language-name=\"PHP\" data-shcb-language-slug=\"php\"><span><code class=\"hljs language-php\"><span class=\"hljs-comment\"># Example: ownership proof \/ SPF-like<\/span>\ncat &gt; txt-root.json &lt;&lt;<span class=\"hljs-string\">'JSON'<\/span>\n{\n  <span class=\"hljs-string\">\"Changes\"<\/span>: &#91;{\n    <span class=\"hljs-string\">\"Action\"<\/span>: <span class=\"hljs-string\">\"UPSERT\"<\/span>,\n    <span class=\"hljs-string\">\"ResourceRecordSet\"<\/span>: {\n      <span class=\"hljs-string\">\"Name\"<\/span>: <span class=\"hljs-string\">\"rajesh.com.\"<\/span>,\n      <span class=\"hljs-string\">\"Type\"<\/span>: <span class=\"hljs-string\">\"TXT\"<\/span>,\n      <span class=\"hljs-string\">\"TTL\"<\/span>: <span class=\"hljs-number\">300<\/span>,\n      <span class=\"hljs-string\">\"ResourceRecords\"<\/span>: &#91;{<span class=\"hljs-string\">\"Value\"<\/span>: <span class=\"hljs-string\">\"\\\"v=spf1 -all\\\"\"<\/span>}]\n    }\n  }]\n}\nJSON\naws route53 change-resource-record-sets --hosted-zone-id ZABCDEFGHIJKL --change-batch file:<span class=\"hljs-comment\">\/\/txt-root.json<\/span>\n<\/code><\/span><small class=\"shcb-language\" id=\"shcb-language-7\"><span class=\"shcb-language__label\">Code language:<\/span> <span class=\"shcb-language__name\">PHP<\/span> <span class=\"shcb-language__paren\">(<\/span><span class=\"shcb-language__slug\">php<\/span><span class=\"shcb-language__paren\">)<\/span><\/small><\/pre>\n\n\n<p><strong>Verify:<\/strong> <code>dig TXT rajesh.com +short<\/code> \u2192 should show <code>\"v=spf1 -all\"<\/code>.<\/p>\n\n\n\n<blockquote class=\"wp-block-quote is-layout-flow wp-block-quote-is-layout-flow\">\n<p><strong>ACM DNS validation<\/strong> is a TXT-like workflow but uses a <strong>CNAME<\/strong> with a leading underscore that ACM gives you; always create <strong>exactly<\/strong> what ACM shows. <strong>Verify<\/strong> with <code>dig CNAME _&lt;token&gt;.rajesh.com +short<\/code> \u2192 should return <code>...acm-validations.aws.<\/code> (<a href=\"https:\/\/docs.aws.amazon.com\/acm\/latest\/userguide\/dns-validation.html?utm_source=chatgpt.com\" target=\"_blank\" rel=\"noopener\">AWS Documentation<\/a>)<\/p>\n<\/blockquote>\n\n\n\n<h2 class=\"wp-block-heading\">MX \u2014 mail exchangers<\/h2>\n\n\n<pre class=\"wp-block-code\" aria-describedby=\"shcb-language-8\" data-shcb-language-name=\"JavaScript\" data-shcb-language-slug=\"javascript\"><span><code class=\"hljs language-javascript\">cat &gt; mx.json &lt;&lt;<span class=\"hljs-string\">'JSON'<\/span>\n{\n  <span class=\"hljs-string\">\"Changes\"<\/span>: &#91;{\n    <span class=\"hljs-string\">\"Action\"<\/span>: <span class=\"hljs-string\">\"UPSERT\"<\/span>,\n    <span class=\"hljs-string\">\"ResourceRecordSet\"<\/span>: {\n      <span class=\"hljs-string\">\"Name\"<\/span>: <span class=\"hljs-string\">\"rajesh.com.\"<\/span>,\n      <span class=\"hljs-string\">\"Type\"<\/span>: <span class=\"hljs-string\">\"MX\"<\/span>,\n      <span class=\"hljs-string\">\"TTL\"<\/span>: <span class=\"hljs-number\">300<\/span>,\n      <span class=\"hljs-string\">\"ResourceRecords\"<\/span>: &#91;\n        {<span class=\"hljs-string\">\"Value\"<\/span>: <span class=\"hljs-string\">\"10 mail1.rajesh.com.\"<\/span>},\n        {<span class=\"hljs-string\">\"Value\"<\/span>: <span class=\"hljs-string\">\"20 mail2.rajesh.com.\"<\/span>}\n      ]\n    }\n  }]\n}\n<span class=\"hljs-built_in\">JSON<\/span>\naws route53 change-resource-record-sets --hosted-zone-id ZABCDEFGHIJKL --change-batch file:<span class=\"hljs-comment\">\/\/mx.json<\/span>\n<\/code><\/span><small class=\"shcb-language\" id=\"shcb-language-8\"><span class=\"shcb-language__label\">Code language:<\/span> <span class=\"shcb-language__name\">JavaScript<\/span> <span class=\"shcb-language__paren\">(<\/span><span class=\"shcb-language__slug\">javascript<\/span><span class=\"shcb-language__paren\">)<\/span><\/small><\/pre>\n\n\n<p><strong>Verify:<\/strong> <code>dig MX rajesh.com +short<\/code> \u2192 <code>10 mail1.rajesh.com.<\/code> etc. (<a href=\"https:\/\/docs.aws.amazon.com\/Route53\/latest\/DeveloperGuide\/ResourceRecordTypes.html?utm_source=chatgpt.com\" target=\"_blank\" rel=\"noopener\">AWS Documentation<\/a>)<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">SRV \u2014 service records (e.g., SIP, LDAP)<\/h2>\n\n\n<pre class=\"wp-block-code\" aria-describedby=\"shcb-language-9\" data-shcb-language-name=\"PHP\" data-shcb-language-slug=\"php\"><span><code class=\"hljs language-php\"><span class=\"hljs-comment\"># _service._proto.name  TTL  SRV priority weight port target<\/span>\ncat &gt; srv-sip.json &lt;&lt;<span class=\"hljs-string\">'JSON'<\/span>\n{\n  <span class=\"hljs-string\">\"Changes\"<\/span>: &#91;{\n    <span class=\"hljs-string\">\"Action\"<\/span>: <span class=\"hljs-string\">\"UPSERT\"<\/span>,\n    <span class=\"hljs-string\">\"ResourceRecordSet\"<\/span>: {\n      <span class=\"hljs-string\">\"Name\"<\/span>: <span class=\"hljs-string\">\"_sip._tcp.rajesh.com.\"<\/span>,\n      <span class=\"hljs-string\">\"Type\"<\/span>: <span class=\"hljs-string\">\"SRV\"<\/span>,\n      <span class=\"hljs-string\">\"TTL\"<\/span>: <span class=\"hljs-number\">300<\/span>,\n      <span class=\"hljs-string\">\"ResourceRecords\"<\/span>: &#91;{<span class=\"hljs-string\">\"Value\"<\/span>: <span class=\"hljs-string\">\"10 5 5060 sipserver.rajesh.com.\"<\/span>}]\n    }\n  }]\n}\nJSON\naws route53 change-resource-record-sets --hosted-zone-id ZABCDEFGHIJKL --change-batch file:<span class=\"hljs-comment\">\/\/srv-sip.json<\/span>\n<\/code><\/span><small class=\"shcb-language\" id=\"shcb-language-9\"><span class=\"shcb-language__label\">Code language:<\/span> <span class=\"shcb-language__name\">PHP<\/span> <span class=\"shcb-language__paren\">(<\/span><span class=\"shcb-language__slug\">php<\/span><span class=\"shcb-language__paren\">)<\/span><\/small><\/pre>\n\n\n<p><strong>Verify:<\/strong> <code>dig SRV _sip._tcp.rajesh.com +short<\/code> \u2192 <code>10 5 5060 sipserver.rajesh.com.<\/code> (<a href=\"https:\/\/docs.aws.amazon.com\/Route53\/latest\/DeveloperGuide\/ResourceRecordTypes.html?utm_source=chatgpt.com\" target=\"_blank\" rel=\"noopener\">AWS Documentation<\/a>)<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">CAA \u2014 certificate authority authorization<\/h2>\n\n\n\n<p>Only allow Amazon to issue certs for <code>rajesh.com<\/code>:<\/p>\n\n\n<pre class=\"wp-block-code\" aria-describedby=\"shcb-language-10\" data-shcb-language-name=\"JavaScript\" data-shcb-language-slug=\"javascript\"><span><code class=\"hljs language-javascript\">cat &gt; caa.json &lt;&lt;<span class=\"hljs-string\">'JSON'<\/span>\n{\n  <span class=\"hljs-string\">\"Changes\"<\/span>: &#91;{\n    <span class=\"hljs-string\">\"Action\"<\/span>: <span class=\"hljs-string\">\"UPSERT\"<\/span>,\n    <span class=\"hljs-string\">\"ResourceRecordSet\"<\/span>: {\n      <span class=\"hljs-string\">\"Name\"<\/span>: <span class=\"hljs-string\">\"rajesh.com.\"<\/span>,\n      <span class=\"hljs-string\">\"Type\"<\/span>: <span class=\"hljs-string\">\"CAA\"<\/span>,\n      <span class=\"hljs-string\">\"TTL\"<\/span>: <span class=\"hljs-number\">300<\/span>,\n      <span class=\"hljs-string\">\"ResourceRecords\"<\/span>: &#91;\n        {<span class=\"hljs-string\">\"Value\"<\/span>: <span class=\"hljs-string\">\"0 issue \\\"amazon.com\\\"\"<\/span>}\n      ]\n    }\n  }]\n}\n<span class=\"hljs-built_in\">JSON<\/span>\naws route53 change-resource-record-sets --hosted-zone-id ZABCDEFGHIJKL --change-batch file:<span class=\"hljs-comment\">\/\/caa.json<\/span>\n<\/code><\/span><small class=\"shcb-language\" id=\"shcb-language-10\"><span class=\"shcb-language__label\">Code language:<\/span> <span class=\"shcb-language__name\">JavaScript<\/span> <span class=\"shcb-language__paren\">(<\/span><span class=\"shcb-language__slug\">javascript<\/span><span class=\"shcb-language__paren\">)<\/span><\/small><\/pre>\n\n\n<p><strong>Verify:<\/strong> <code>dig CAA rajesh.com +short<\/code> \u2192 <code>0 issue \"amazon.com\"<\/code><br>(Useful to avoid unexpected CAs; ACM respects CAA.) (<a href=\"https:\/\/docs.aws.amazon.com\/Route53\/latest\/DeveloperGuide\/ResourceRecordTypes.html?utm_source=chatgpt.com\" target=\"_blank\" rel=\"noopener\">AWS Documentation<\/a>)<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">NS \u2014 delegate a <strong>subdomain<\/strong> (e.g., <code>dev.rajesh.com<\/code>)<\/h2>\n\n\n\n<p>Create another hosted zone <strong>dev.rajesh.com<\/strong> \u2192 copy its <strong>NS<\/strong> \u2192 add <strong>NS record<\/strong> in the parent zone:<\/p>\n\n\n<pre class=\"wp-block-code\" aria-describedby=\"shcb-language-11\" data-shcb-language-name=\"JavaScript\" data-shcb-language-slug=\"javascript\"><span><code class=\"hljs language-javascript\">cat &gt; ns-dev.json &lt;&lt;<span class=\"hljs-string\">'JSON'<\/span>\n{\n  <span class=\"hljs-string\">\"Changes\"<\/span>: &#91;{\n    <span class=\"hljs-string\">\"Action\"<\/span>: <span class=\"hljs-string\">\"UPSERT\"<\/span>,\n    <span class=\"hljs-string\">\"ResourceRecordSet\"<\/span>: {\n      <span class=\"hljs-string\">\"Name\"<\/span>: <span class=\"hljs-string\">\"dev.rajesh.com.\"<\/span>,\n      <span class=\"hljs-string\">\"Type\"<\/span>: <span class=\"hljs-string\">\"NS\"<\/span>,\n      <span class=\"hljs-string\">\"TTL\"<\/span>: <span class=\"hljs-number\">172800<\/span>,\n      <span class=\"hljs-string\">\"ResourceRecords\"<\/span>: &#91;\n        {<span class=\"hljs-string\">\"Value\"<\/span>: <span class=\"hljs-string\">\"ns-111.awsdns-22.com.\"<\/span>},\n        {<span class=\"hljs-string\">\"Value\"<\/span>: <span class=\"hljs-string\">\"ns-333.awsdns-44.net.\"<\/span>},\n        {<span class=\"hljs-string\">\"Value\"<\/span>: <span class=\"hljs-string\">\"ns-555.awsdns-66.org.\"<\/span>},\n        {<span class=\"hljs-string\">\"Value\"<\/span>: <span class=\"hljs-string\">\"ns-777.awsdns-88.co.uk.\"<\/span>}\n      ]\n    }\n  }]\n}\n<span class=\"hljs-built_in\">JSON<\/span>\naws route53 change-resource-record-sets --hosted-zone-id ZABCDEFGHIJKL --change-batch file:<span class=\"hljs-comment\">\/\/ns-dev.json<\/span>\n<\/code><\/span><small class=\"shcb-language\" id=\"shcb-language-11\"><span class=\"shcb-language__label\">Code language:<\/span> <span class=\"shcb-language__name\">JavaScript<\/span> <span class=\"shcb-language__paren\">(<\/span><span class=\"shcb-language__slug\">javascript<\/span><span class=\"shcb-language__paren\">)<\/span><\/small><\/pre>\n\n\n<p><strong>Verify:<\/strong> <code>dig NS dev.rajesh.com +short<\/code> \u2192 those four NS. (<a href=\"https:\/\/docs.aws.amazon.com\/Route53\/latest\/DeveloperGuide\/dns-configuring-new-domain.html?utm_source=chatgpt.com\" target=\"_blank\" rel=\"noopener\">AWS Documentation<\/a>)<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">SOA \u2014 start of authority<\/h2>\n\n\n\n<p>Created\/managed automatically by Route 53; you generally <strong>don\u2019t edit<\/strong> it. <strong>Verify:<\/strong> <code>dig SOA rajesh.com +short<\/code>. (<a href=\"https:\/\/docs.aws.amazon.com\/Route53\/latest\/DeveloperGuide\/Welcome.html?utm_source=chatgpt.com\" target=\"_blank\" rel=\"noopener\">AWS Documentation<\/a>)<\/p>\n\n\n\n<h2 class=\"wp-block-heading\">ALIAS (Route 53-specific) \u2014 apex &amp; AWS targets (CloudFront\/ALB\/S3\/etc.)<\/h2>\n\n\n\n<p>ALIAS behaves like a CNAME <strong>but works at the zone apex<\/strong> and returns A\/AAAA. Examples:<\/p>\n\n\n\n<h3 class=\"wp-block-heading\">ALIAS A \u2192 CloudFront (for <code>rajesh.com<\/code>)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Console:<\/strong> Create record \u2192 <strong>A \u2013 Routes traffic to an IPv4 address and some AWS resources<\/strong> \u2192 <strong>Alias:<\/strong> <em>Yes<\/em> \u2192 pick your <strong>CloudFront distribution<\/strong> \u2192 <strong>Create<\/strong>.<\/li>\n\n\n\n<li><strong>Verify:<\/strong> <code>dig A rajesh.com +short # returns CloudFront edge IPs dig CNAME rajesh.com +short # should be empty (ALIAS is not a CNAME)<\/code> (<a href=\"https:\/\/docs.aws.amazon.com\/Route53\/latest\/DeveloperGuide\/resource-record-sets-choosing-alias-non-alias.html?utm_source=chatgpt.com\" target=\"_blank\" rel=\"noopener\">AWS Documentation<\/a>)<\/li>\n<\/ul>\n\n\n\n<h3 class=\"wp-block-heading\">ALIAS A \u2192 Application Load Balancer (for <code>api.rajesh.com<\/code>)<\/h3>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Console:<\/strong> Create record \u2192 <strong>A<\/strong> \u2192 <strong>Alias: Yes<\/strong> \u2192 choose your <strong>ALB<\/strong> from the list \u2192 <strong>Create<\/strong>.<\/li>\n\n\n\n<li><strong>Verify:<\/strong> <code>dig A api.rajesh.com +short # returns ALB IPs (may vary)<\/code> (ALIAS lets you avoid hardcoding IPs and is the <strong>only way<\/strong> to point the <strong>apex<\/strong> at CloudFront\/ALB\/S3 website.) (<a href=\"https:\/\/docs.aws.amazon.com\/Route53\/latest\/DeveloperGuide\/resource-record-sets-choosing-alias-non-alias.html?utm_source=chatgpt.com\" target=\"_blank\" rel=\"noopener\">AWS Documentation<\/a>)<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h1 class=\"wp-block-heading\">5) View everything you\u2019ve created (CLI)<\/h1>\n\n\n<pre class=\"wp-block-code\" aria-describedby=\"shcb-language-12\" data-shcb-language-name=\"PHP\" data-shcb-language-slug=\"php\"><span><code class=\"hljs language-php\">aws route53 <span class=\"hljs-keyword\">list<\/span>-resource-record-sets --hosted-zone-id ZABCDEFGHIJKL \\\n  --query <span class=\"hljs-string\">'ResourceRecordSets&#91;].{Name:Name,Type:Type,TTL:TTL,AliasTarget:AliasTarget}'<\/span>\n<\/code><\/span><small class=\"shcb-language\" id=\"shcb-language-12\"><span class=\"shcb-language__label\">Code language:<\/span> <span class=\"shcb-language__name\">PHP<\/span> <span class=\"shcb-language__paren\">(<\/span><span class=\"shcb-language__slug\">php<\/span><span class=\"shcb-language__paren\">)<\/span><\/small><\/pre>\n\n\n<p>This is handy to confirm TTLs, targets, and names.<\/p>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h1 class=\"wp-block-heading\">6) Common validation commands (cheat sheet)<\/h1>\n\n\n<pre class=\"wp-block-code\" aria-describedby=\"shcb-language-13\" data-shcb-language-name=\"PHP\" data-shcb-language-slug=\"php\"><span><code class=\"hljs language-php\"><span class=\"hljs-comment\"># A \/ AAAA<\/span>\ndig A www.rajesh.com +short\ndig AAAA www.rajesh.com +short\n\n<span class=\"hljs-comment\"># CNAME<\/span>\ndig CNAME app.rajesh.com +short\ndig +short app.rajesh.com  <span class=\"hljs-comment\"># follows CNAME to show final IPs<\/span>\n\n<span class=\"hljs-comment\"># TXT (SPF\/ownership)<\/span>\ndig TXT rajesh.com +short\ndig TXT _github-challenge-rajesh.rajesh.com +short\n\n<span class=\"hljs-comment\"># MX<\/span>\ndig MX rajesh.com +short\n\n<span class=\"hljs-comment\"># SRV<\/span>\ndig SRV _sip._tcp.rajesh.com +short\n\n<span class=\"hljs-comment\"># CAA<\/span>\ndig CAA rajesh.com +short\n\n<span class=\"hljs-comment\"># NS (apex and delegated subdomain)<\/span>\ndig NS rajesh.com +short\ndig NS dev.rajesh.com +short\n\n<span class=\"hljs-comment\"># SOA<\/span>\ndig SOA rajesh.com +short\n\n<span class=\"hljs-comment\"># ALIAS sanity (apex to CloudFront \/ subdomain to ALB)<\/span>\ndig A rajesh.com +short\ndig A api.rajesh.com +short\n<\/code><\/span><small class=\"shcb-language\" id=\"shcb-language-13\"><span class=\"shcb-language__label\">Code language:<\/span> <span class=\"shcb-language__name\">PHP<\/span> <span class=\"shcb-language__paren\">(<\/span><span class=\"shcb-language__slug\">php<\/span><span class=\"shcb-language__paren\">)<\/span><\/small><\/pre>\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<h1 class=\"wp-block-heading\">7) Troubleshooting (fast)<\/h1>\n\n\n\n<ul class=\"wp-block-list\">\n<li><strong>Delegation not done:<\/strong> Public queries don\u2019t hit Route 53 until the <strong>registrar<\/strong> uses your Route 53 NS. Compare <code>dig +short NS rajesh.com<\/code> (public) vs the zone\u2019s NS list in Route 53. (<a href=\"https:\/\/docs.aws.amazon.com\/Route53\/latest\/DeveloperGuide\/dns-configuring-new-domain.html?utm_source=chatgpt.com\" target=\"_blank\" rel=\"noopener\">AWS Documentation<\/a>)<\/li>\n\n\n\n<li><strong>Wrong record type:<\/strong> ACM validation needs <strong>CNAME<\/strong> exactly as shown by ACM; TXT won\u2019t work for ACM\u2019s DNS method. (<a href=\"https:\/\/docs.aws.amazon.com\/acm\/latest\/userguide\/dns-validation.html?utm_source=chatgpt.com\" target=\"_blank\" rel=\"noopener\">AWS Documentation<\/a>)<\/li>\n\n\n\n<li><strong>Apex CNAME:<\/strong> Not allowed. Use <strong>ALIAS A\/AAAA<\/strong> for <code>rajesh.com<\/code> to CloudFront\/ALB\/S3 website, etc. (<a href=\"https:\/\/docs.aws.amazon.com\/Route53\/latest\/DeveloperGuide\/resource-record-sets-choosing-alias-non-alias.html?utm_source=chatgpt.com\" target=\"_blank\" rel=\"noopener\">AWS Documentation<\/a>)<\/li>\n\n\n\n<li><strong>IPv6 missing:<\/strong> Use <strong>AAAA<\/strong> (not A) for IPv6 targets. (<a href=\"https:\/\/docs.aws.amazon.com\/Route53\/latest\/DeveloperGuide\/ResourceRecordTypes.html?utm_source=chatgpt.com\" target=\"_blank\" rel=\"noopener\">AWS Documentation<\/a>)<\/li>\n\n\n\n<li><strong>Private vs Public hosted zones:<\/strong> Public internet must query a <strong>public<\/strong> hosted zone; ACM also requires public DNS visibility for validation. (<a href=\"https:\/\/docs.aws.amazon.com\/acm\/latest\/userguide\/troubleshooting-DNS-validation.html?utm_source=chatgpt.com\" target=\"_blank\" rel=\"noopener\">AWS Documentation<\/a>)<\/li>\n<\/ul>\n\n\n\n<hr class=\"wp-block-separator has-alpha-channel-opacity\"\/>\n\n\n\n<p><\/p>\n","protected":false},"excerpt":{"rendered":"<p>I\u2019ll show console + CLI where useful and give a quick troubleshooting section at the end. 0) Prereqs 1) Create a public hosted zone for rajesh.com Console Route 53 \u2192&#8230; <\/p>\n","protected":false},"author":1,"featured_media":0,"comment_status":"open","ping_status":"","sticky":false,"template":"","format":"standard","meta":{"_joinchat":[],"footnotes":""},"categories":[2],"tags":[],"class_list":["post-52677","post","type-post","status-publish","format-standard","hentry","category-uncategorised"],"_links":{"self":[{"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/posts\/52677","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/users\/1"}],"replies":[{"embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/comments?post=52677"}],"version-history":[{"count":1,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/posts\/52677\/revisions"}],"predecessor-version":[{"id":52678,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/posts\/52677\/revisions\/52678"}],"wp:attachment":[{"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/media?parent=52677"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/categories?post=52677"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.devopsschool.com\/blog\/wp-json\/wp\/v2\/tags?post=52677"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}