I´ve configured a Load Balancer but when adding A record on Hosted Zone, the DNS is not propagating. Let me explain my current configuration (Let´s say the domain is 'something.com' and security groups are allowing traffic, also rules on LightSail):
- LightSail instance and VPC peered (AWS default VPC and LightSail VPC are in the same avaliability zones and currently peered). From now, this will be 'previous VPC' on followint points.
- A target group pointing to private IP addres of LightSail instance (Type: IP Addresses, Network 'Other private IP address', previous VPC, HTTPS protocol and Healty state).
- Load Balancer with certificate imported, Internet-Facing, IPv4, previous VPC, 2 subnets selected (including the one where the Light Sail instance belongs to).
- Hosted Zone for 'something.com' with a DNS A record for 'dummy.something.com' record pointing to Load Balancer DNS. With Alias that redirect traffic to 'Classic Load Balancer and applications', same region and previously created Load Balancer.
I´ve done this before to protect an OWASP JuiceShop and it worked perfectly. The difference with the current one are:
- DNS zone on LightSail with A record for 'dummy.something.com' pointing to the instance public IP (I´m deleting that record when creating the one Route 53, the one on previous point 4), between others records type for 'something.com' (for example A record apidummy.something.com)
- The hosted zone is NOT 'created by Route53 Registar'.
After all of this and after create the DNS A record of point 4, the DNS does not propagate and application hosted on 'dummy.something.com' is not accessible (DNS error returned).
What I´m doing wrong or missing? should I create a CNAME record on LightSail for 'dummy.something.com' resolving to Load Balancer DNS? should I register 'dummy.something.com' with route53? other completely different thing? Any help would be really appreciated.
AWS OFFICIALUpdated 2 years ago
Hello Matt,
Thanks for your answer, it actually works. I´ve modified the nameservers and I get it to work. Now I have I doubt regarding DNS records. Kindly let me explain. The application is using for authentication another app that is behind, let´s say, 'apidummy.something.com', but the A record for 'apidummy.something.com' is still on LightSail name servers, together with a bunch of others A records and some TXT records.
I guess that next step is to move all the records to Route 53, right? could it broke anything? apart from the downtime due to the time that would take the new name servers and the DNSs to fully propagate, once propagated, it should be working as usual, right? on the other hand, will the WAF works if instead of move the records to Route53, I create an A record for 'dummy.something.com' pointing to the DNS of the Load Balancer? documentation only talk about Route 53, so I´m not sure if WAF will work if it DNS is resolved by LightSail name servers.
Excuse me, probably a dumb question, but I have no much experience with DNS changes, but I´m worried about what could happen, specially for webmail A records.
BR.