Domain by GoDaddy, DNS by Route53

Just because GoDaddy registered your domain doesn’t mean they have to manage your DNS.

I had a neat little web adventure recently. It started with an email from Pingdom stating that my personal site was unreachable over https. I hosted my personal website, jryancanty.com on DigitalOcean along with a few other sites for my family and friends behind Nginx using Certbot from EFF for free TLS certificates. This is all well and good except that for reasons I still have yet to figure out, every now and again (probably due to my crappy configuration) the Certbot would fail to renew the certificate and I’d have to stop what I was doing and go manually fix it. I finally decided I didn’t care enough to keep fixing this dumb host so I chose to update my site to use S3, Cloudfront and a certificate from AWS Certificate Manager (ACM). But My DNS is managed by GoDaddy.

After a bit of Googling to understand how everything hooks up I came across this article https://medium.com/@brodartec/hosting-a-static-site-with-https-enabled-using-aws-s3-cloudfront-and-godaddy-826dae41fdc6 by Benjamin Rodarte who did a fantastic job explaining how to do almost exactly what I wanted. So to learn how to setup an S3 site with ACM please go to his post first.


Problems with GoDaddy

For some background as to what I was trying to do. I have a Pingdom alert on https://jryancanty.com notice the https and no www. Now when you create a Cloudfront distribution with a TLS certificate, it gives you a url with a cloudfront.net domain. When you go to GoDaddy and try to manage your DNS pointing the Root of your site (they use the @ symbol) using a CNAME instead of an A record, you get a big fat error. Not using an A record for DNS should be totally allowed in a zone file, but for whatever reason GoDaddy doesn’t support that. I called tech support to verify that as well and got a confused rep who didn’t really know how DNS worked explaining that you must have an A record. The recommended approach was to set www.jryancanty.com as a CNAME pointing to my Cloudfront distribution. Then create a redirect to www from the root domain (jryancanty.com).

This will probably work just fine for most sites but we can do better than that. What if we want the root of our site to point directly to Cloudfront. Scratch that. What if we don’t want to use GoDaddy to manage our DNS at all?!

Enter Route53

Just because GoDaddy registered your domain doesn’t mean they have to manage your DNS.

Domain registration is a process by which a registrar such as GoDaddy negotiates with ICANN to register a domain name on your behalf. DNS services are offered by GoDaddy, but you don’t have to use them. If you want more flexibility, scalability, etc. you could use another DNS service such as AWS Route53, Google Cloud DNS, NS1, etc. I picked Route53 since I’m hosting things on Cloudfront.

First I needed to go to Route53 and create a Hosted Zone

Create a hosted zone at https://console.aws.amazon.com/route53/home

If you look closely you can see the list of name servers on the right. These are the servers that actually do the DNS resolution. You’ll notice that they all have awsdns in their domain name since they are owned by AWS. If you’re like me and used GoDaddy DNS your name servers will look something like:

Default Nameservers on GoDaddy

Take a look at that big ol’ Change button! You can in fact change who manages your DNS by clicking change and setting the name servers to the ones owned by AWS (Or Google or whoever). This process is not isolated to GoDaddy. Almost every domain name registrar and DNS provider gives you the ability to change who manages your DNS. Once you change your nameservers in this list, it should look like:

This can take up to 24 hours to propagate fully. In that time, why don’t we switch over to Route53 again and actually setup how we want our DNS to resolve our requests. Go ahead and click Create Record Set with the name of your domain name (jryancanty.com in my case) and type of A record. This is the kind of record that would typically point to an IP address. Click the Yes radio button for Alias. Assuming you already have a Cloudfront distribution setup with a valid ACM certificate, you should see your distribution in the dropdown for Alias Target. Select that and hit Save Record Set and you’re off to the races.

Setup an A record as an Alias to Cloudfront

Now that you have this all setup, you can add whatever other CNAMEs, MX records or whatever you want. If you already have a bunch of these records setup in GoDaddy or whatever your other DNS service is you can simply export a Zone file from that service and Import Zone File in Route53.


Now I have a website hosted on S3, where DNS is managed by Route53, and secured with TLS via a free certificate from AWS. I’m protected from DDoS, etc. with Cloudfront and most importantly I don’t have to think about GoDaddy’s terrible DNS service anymore. I can also access my site directly from https://jryancanty.com and my Pingdom alerts have cleared.