aws_route53_zone needs to enable insertion of NS record in parent zone. #305
Comments
delitescere
changed the title
|
@delitescere I spent some time working through this and have (tentatively) concluded that doing this automatically is not something we'd want to do from Terraform. Given an example like yours: I would say the best thing for someone to do would be to create the NS record manually: If we create it magically due to a parent reference, it won't show up the same way on the dependency graph and break some important assumptions Terraform makes. I agree this isn't a great UX, but I've updated the documentation in c21c766 to help people figure this out. |
|
Check out http://www.www.who.is/dns/sucuridns.com |
|
@pearkes in the example you added to the docs there is a Was that just accidentally included from the initial example in this ticket, or am I missing something? As far as I can tell there is still a missing link here in that the Route53 zone resource doesn't expose the create zone's nameservers as an output attribute, so there isn't enough information to create the necessary delegation record in the parent zone. It looks like there is a "nameservers" key in the Route53 API response that could be used to populate this. |
|
Looks like my final point in my earlier comment will be addressed by PR #1525. |
|
I'm going to lock this issue because it has been closed for 30 days ⏳. This helps our maintainers find and focus on the active issues. If you have found a problem that seems similar to this, please open a new issue and complete the issue template so we can capture all the details necessary to investigate further. |
ghost
locked and limited conversation to collaborators
When creating a subdomain, it is not sufficient to merely create a hosted zone.
The list of nameservers in the NS record in the zone for the subdomain needs to be duplicated in an NS record for the subdomain in the parent zone to allow requests for the subdomain to be referred to the nameservers which hold the zone records for the subdomain's zone.
An example Terraform file follows the AWS Route53 API information.
dev.example.com's zone:
{ "ResourceRecordSets": [ { "ResourceRecords": [ { "Value": "ns-115.awsdns-14.com." }, { "Value": "ns-754.awsdns-30.net." }, { "Value": "ns-1443.awsdns-52.org." }, { "Value": "ns-1899.awsdns-45.co.uk." } ], "Type": "NS", "Name": "dev.example.com.", "TTL": 172800 }, { "ResourceRecords": [ { "Value": "ns-115.awsdns-14.com. awsdns-hostmaster.amazon.com. 1 7200 900 1209600 86400" } ], "Type": "SOA", "Name": "dev.example.com.", "TTL": 900 } ] }example.com's zone:
{ "ResourceRecordSets": [ { "ResourceRecords": [ { "Value": "ns-1065.awsdns-05.org." }, { "Value": "ns-1695.awsdns-19.co.uk." }, { "Value": "ns-293.awsdns-36.com." }, { "Value": "ns-920.awsdns-51.net." } ], "Type": "NS", "Name": "example.com.", "TTL": 172800 }, { "ResourceRecords": [ { "Value": "ns-1065.awsdns-05.org. awsdns-hostmaster.amazon.com. 1 7200 900 1209600 86400" } ], "Type": "SOA", "Name": "example.com.", "TTL": 900 }, { "ResourceRecords": [ { "Value": "ns-115.awsdns-14.com" }, { "Value": "ns-754.awsdns-30.net" }, { "Value": "ns-1899.awsdns-45.co.uk" }, { "Value": "ns-1443.awsdns-52.org" } ], "Type": "NS", "Name": "dev.example.com.", "TTL": 60 } ] }Example Terraform file:
Add a simple abstraction in the "aws_route53_zone" resource, which is an attribute to insert an NS record in the parent zone if the parent zone is managed by Route53. I have used the "parent_route53_zone" attribute in the example above. The AWS Provider simply adds the same NS record it added to the new zone to the parent zone. In this case, the commented-out "aws_route53_record" is not needed in the example above.
Additionally, the delegate set is exported by the "aws_route53_zone" resource to be usable by a Provisioner, most likely a command to add a NS record for the new zone to a parent zone which is not managed by Route53.
The text was updated successfully, but these errors were encountered: