Migrate Your Existing Domain’s DNS Management from Amazon Route 53 to Oracle Cloud Infrastructure
I have been using Amazon Route53 for the last few years as my Primary DNS service to manage my custom domain. I run most of my development instances and API Servers using that custom domain and manage the DNS with Route 53.
Last year I got my OCI Always Free resources and migrated most of my instances and databases to the Always free tier but I continued to use AWS DNS for my domain management. I was not brave enough to touch the DNS part of it and break my apps. While the services I was running were not a production app but it would be quite an inconvenience to reconfigure all the A-records. On top of that, I was barely make 10,000–12,000 DNS lookups a month and paying AWS $0.55 for something which would cost nothing on OCI (provided you stay below the 1 million queries per month limit).
So I decided it was time to migrate my hosted zone from AWS Route 53 to OCI Public DNS. I thought it would be a momentous task but it turned out to be super easy and took only a few hours. The domain was being actively used and had vanity URL’s for my Development environment for Oracle Apex Applications; but a brief outage was not a big issue. With the correct TTL settings the cutover can be seamless.
I’m documenting my journey to make it easier for others to migrate their DNS from AWS Route53 to OCI. If you are running your Enterprise Apps/DB Stack on OCI, then it is better to manage your DNS from the same place instead of another cloud provider.
Setup :
- Domain to be Migrated : awscloudserver.com
- Existing Registrar & DNS Service of the Domain : Amazon Web Services Route 53
- New DNS Service Provider : Oracle Cloud Infrastructure
Some Important Points before we begin :
- This is not transfer of registration of the domain but transfer of the Route 53 Hosted zone for the Domain from AWS to Oracle. The domain is still registered on AWS. This process would still be the same, even if your domain registration was on Crazydomains, GoDaddy or any other Domain provider. As long as you can update the NS records there you can migrate the domain to OCI.
- This is a simple migration of a Public DNS with a few A records as a POC. But for a production domain migration it would be recommended to involve your Network team.
- The TTL (time to live) settings in my case was already low but if your TTL settings are high, ensure you lower the TTL settings on the NS record of your existing DNS Service provider. Also lower the TTL settings on OCI NS records. TTL setting for a record determine how long you want the DNS resolvers to cache the record and keep using the cached information. When the TTL expires, the resolver will send another query to the DNS provider for a particular domain to get the latest name resolution.
- OCI does not support Domain Name System Security Extensions (DNSSEC) as of 07' April 2021.
Workflow for DNS Migration to OCI in 6 Easy Steps
You can follow the below steps to migrate a Public hosted zone on AWS Route 53 to OCI. This would work for any domain registrar as long as your registrar allows you to update the NS servers for your domain.
Step 1. Get a list of all the records in your hosted zone in AWS.
The records on Route 53 will have to be recreated/imported on OCI. AWS allows you to export a Zone file using AWS command line tool.
eg: aws route53 list-resource-record-sets --hosted-zone-id hosted-zone-id > path-to-output-file
Since I have a few records only in my hosted zone I will add them to OCI manually. Go to AWS Console > Hosted Zones > Domain Name and get a list of the records.
Step 2. Create a public zone with Zone name ‘awscloudserver.com’ on OCI
Login to your OCI tenancy and create a Public Zone from ‘DNS Management’. Your user should have the required policy and permission for DNS.
This will create 4 NS records for DNS and 1 Start of Authority (SOA) record. Copy the 4 NS records in a notepad file as we will use these to change the NS servers in AWS later.
Step 3. Change NS Servers on AWS
Go to AWS Console > Registered Domains > Domain Name
ADD OR EDIT Name Servers
Add the OCI NS Servers which you copied earlier in a Notepad to the name servers list here and click update
ns2.p68.dns.oraclecloud.net.
ns4.p68.dns.oraclecloud.net.
ns1.p68.dns.oraclecloud.net.
ns3.p68.dns.oraclecloud.net.
Once your request to update nameserver is completed. You will receive an email when it is done.
Step 4. Add the Records from your Route 53 to OCI Public DNS Zone Records
Records to be Migrated :
Record name Record type Value TTL (seconds)
oracleapex.awscloudserver.com A 168.138.109.140 30
ordsprimordial.awscloudserver.com A 140.238.196.118 300
ordssecondary.awscloudserver.com A 152.67.98.41 300
Make sure your publish the changes once all records are added
Step 5. Verify the DNS server has change for the Domain by doing dig on NS record for the domain.
NS Record Before Updating Route53 Domain NS Servers
$ dig oracleapex.awscloudserver.com
NS Record After Updating Route53 Domain NS Servers to OCI
$ dig @8.8.8.8 +short NS awscloudserver.com
Important Note : It can take a few hours to few days for the NS servers to be updated and propagated depending on your Domain Registrar. In case of AWS it was pretty quick and did not take more than a few hours.
Once the domain is resolving to the Oracle DNS Servers you can then delete the hosted zone from Route 53. (Make sure to delete all the records before deleting the AWS Hosted Zone)
Summary
I was easily able to transfer my DNS service from AWS Route53 to OCI Public DNS and it was quite seamless. OCI is more cost-effective compared to Amazon Route53 as you do not have to pay per hosting of a Public Zone.
References
- Oracle DNS — https://www.oracle.com/au/cloud/networking/dns/
- Oracle Cloud Infrastructure DNS Pricing — https://www.oracle.com/cloud/networking/edge-services-pricing.html
