How to create sub-domain with AWS Route53?

Let’s assume you have all needed knowledge about domains and you need to create sub-domain of existing domain on AWS Route53.

Some software like Cloud Foundry require sub-domains in order to setup things properly. In their setup, there are records in format *.apps.env_name.domain.com, then ssh.sys.env_name.example.com . Silly, right?

DNS hierarchy

Create Domain and Sub-domain Hosted Zones

• Go to Route53 service menu
• Create Hosted zone with Second Level Domain, eg. susie.com

Create Second Level Domain

• Newly created susie.com automatically has SOA (Start Of Authority) and NS (Name Server) records.

SOA and NS records for susie.com

• Now create another Public Hosted Zone,dusan.susie.com on the same way as susie.com

Create Sub-domain of susie.com

Same as susie.com it has SOA and NS records.

Doesn’t work?

If you create record inside dusan.susie.com eg. hey.dusan.susie.com you won’t be able to resolve record.

A record in sub-domain zone

Querying: nslookup hello.dusan.susie.com won’t five any result:

susie@xps:~$ nslookup hello.dusan.susie.com
Server:  127.0.0.53
Address: 127.0.0.53#53
** server can't find hello.dusan.susie.com: NXDOMAIN

Make it work!

To make this working as expected, you must to create additional NS record in SLD (susie.com). New NS record must have the same values as subdomain’s NS record.

• Select NS values from dusan.susie.com
• Go to susie.com and create new NS record, eg. ns.susie.com

Copy Sub-domain NS values to additional NS record in SLD

Let’s try to resolve hello.dusan.susie.com:

susie@xps:~$ nslookup hello.dusan.susie.com
Server:  127.0.0.53
Address: 127.0.0.53#53
Non-authoritative answer:
Name: hello.dusan.susie.com
Address: 10.10.10.10

What if you create even more cascading here, like:

hey.hello.dusan.susie.com:

Even longer record

susie@xps:~$ nslookup hey.hello.dusan.susie.com
Server:  127.0.0.53
Address: 127.0.0.53#53
Non-authoritative answer:
Name: hey.hello.dusan.susie.com
Address: 10.10.10.20

As you can see, it works!

A few tips

• If your domain isn’t registered at AWS but some other provider, you have to login to your domain provider, find console and domain name and update NS record. Replace existing values with AWS Route53 NS record values.
• Give enough time to propagate DNS changes, otherwise you can specify which nameserver your nslookup or dig are querying. Try with 8.8.8.8 or 1.1.1.1
• Above examples are shown and they are not working in real world because I don’t own susie.com domain. Shown procedure works with real domain names.