I want my own subdomain!

Often, when in a large organization, you want some more freedom than submitting a support-ticket for every DNS change or renewed certifictae. If you leverage the power of NS (name server) records and Route 53 hosted zones, you are just one support-ticket away from complete control of your subdomain. This blogpost will explain how.

It starts with your own Route 53 Hosted Zone

First, you will need a Route 53 Hosted Zone. The only thing you need to enter is your domain name. In this example the subdomain 'product' of the domain oslo.kommune.no.

create_hosted_zone

What you can see so far is a NS (Name Server) record with four values, and a SOA (start of authority) record.

records

At this point your hosted zone cannot be used to do much, since it is not yet connected to the global DNS lookup chain.

Connect to the DNS lookup chain

The magic happens when NS records above you in the DNS lookup chain points to your NS records.

In this example, assuming you have a ticket system for DNS changes to oslo.kommune.no, all you need to do is to ask for new NS that would look something like this:

product.oslo.kommune.no -> ns-219.awsdns-27.com.
product.oslo.kommune.no -> ns-1443.awsdns-52.org.
product.oslo.kommune.no -> ns-1679.awsdns-17.co.uk.
product.oslo.kommune.no -> ns-572.awsdns-07.net.

When these records are in place, any request done against product.oslo.kommune.no will see the NS records pointing at your NS records, and will in turn come looking for records in your hosted zone to resolve the final destination.

Voila

You are now the authority of your own subdomain, and may add and remove DNS whenever you want!

Bonus: Certificates

In AWS Certificate Manager (ACM), you may create certificates that validate through DNS. Remember that you now have full controll over your own subdomain? This means you can make your own auto-renewable certificates over at ACM.

Step 1: Request your certfificate

cert-1
Step 2: Create validation CNAME record with a push of a button

cert_record
Result:

created_cert_dns
In a matter of minutes (if set up correctly) the certifcate will be validated and ready to use.