Recently I’ve been notified that we need to move our operations away from AWS to Azure. One of the steps I found interesting (and never did before) was migrating the DNS provider from AWS Route 53 to Azure DNS Zone.
There are steps we need to take before we export the AWS DNS records. Since AWS has a lot of built in services, there are DNS records that aren’t proper DNS records. They work like proper records, but they are A type records, pointing to various AWS services. Those services can be load balancers, CloudFront distributions, S3 static websites and other services you aliased under your domain.
Cleaning up these records is pretty easy. You have to edit the mappings to be readable by any other DNS service. In these cases you will have to create CNAME records for those AWS aliases. ALB/ELB and CloudFront mappings stay the same but you have to change them from A records to CNAME and update the values. The mappings are in the table below:
|DNS entry before||DNS entry after|
Be sure to set the TTL (Time to live) on these entries to a value you feel comfortable (300 seconds should be okay for DNS records).
After you cleaned up your Route53 from AWS specific aliases, you can export the bind file with this awesome cli53 tool.
After you have installed the tool and set the AWS credentials, you can run it with:
cli53 export acme.inc > acme.inc.txt. This will export all your domain’s DNS records into a BIND file format, readable by other DNS services.
Next thing we need to set up is the Azure CLI following the installation instructions for your OS. After you have set it up and authenticated, you can create a new DNS zone using this CLI.
az network dns zone import -g resourceGroup -n acme.inc -f acme.inc.txt
The whole procedure for creating a resource group and importing/verifying the DNS at Azure is described here
After you import all your DNS records, you have to verify that they resolve to the correct place. You will need to fetch your domain’s NS records with
az network dns record-set ns list -g resourceGroup -z acme.inc --output json
and take one of the
nsRecords > nsdname values to test using
You should test multiple entries to make sure they get resolved to the correct place.
After you have verified the records resolve properly, you can update the DNS delegation in your domain registrar. Since you have the name servers you fetched in the previous step, you can use those in the specific domain registrar you are using. Here is an example of how it looks like on the domain.com registrar. After they have been propagated (give it 5-10 minutes), you can verify them in your DNS Zone page on Azure.