search

awslabs / route53-dynamic-dns-with-lambda

A Dynamic DNS system built with API Gateway, Lambda & Route 53.
Apache License 2.0
486 stars 167 forks source link

What is the reason of using a separate hosted zone? #17

Closed agherzan closed 6 years ago

agherzan commented 6 years ago

I see that the example uses a separate hosted zone as a subdomain delegated from the "main" hosted zone. Is there any reson why not to use the initial hosted zone? In the example why not use "example.com" hosted zone and avoid the 'dance' creating a new hosted zone and delegating a record?

seangreathouse commented 6 years ago

Hey Andrei, It's really just a precaution. If you create a subdomain dedicated to this system, then you can be sure you don't change or delete DNS records not used by the system. If you are careful or understand the risk in your environment, you can use your primary zone. I'm working on v2 of this BTW. Going to deprecate the instructions and instead provide a CloudFormation template to provision the system. I'll also support private DNS for local device discovery, and IPV6. If time allows I'll also switch the config from son in S3 to DynamoDB.

agherzan commented 6 years ago

I suspected something along these lines. It seems though a little bit of a extra care because you base the operations on the json configuration which only allows specific domains to be changed.

seangreathouse commented 6 years ago

A user could put a hostname into the json that caused an existing record to be overwritten. So if multiple people or groups were involved wires could get crossed.

IAM doesn't support record-level permissions for Route53, only zone level.

On Dec 20, 2017, at 3:49 PM, Andrei Gherzan <notifications@github.com mailto:notifications@github.com> wrote:

I suspected something along these lines. It seems though a little bit of a extra care because you base the operations on the json configuration which only allows specific domains to be changed.

— You are receiving this because you commented. Reply to this email directly, view it on GitHub https://github.com/awslabs/route53-dynamic-dns-with-lambda/issues/17#issuecomment-353216259, or mute the thread https://github.com/notifications/unsubscribe-auth/APBWQkftEOHh0pKGT-ImDaiIdVTbNmGpks5tCZ0CgaJpZM4RJGgQ.

https://cloud.githubusercontent.com/assets/143418/17495839/a5054eac-5d88-11e6-95fc-7290892c7bb5.png https://cloud.githubusercontent.com/assets/143418/15842166/7c72db34-2c0b-11e6-9aed-b52498112777.png https://github.com/awslabs/route53-dynamic-dns-with-lambda https://github.com/awslabs/route53-dynamic-dns-with-lambda/issues/17#issuecomment-353216259

agherzan commented 6 years ago

Got it. In the scenario it makes sense. Thanks for the information.