Thoughtfully Migrating Route 53 to Netlify - Preferred Order-of-Operations?

SiteA.com is live, hosted in AWS, and SiteA.com's primary nameservers point to Route 53. All DNS management for SiteA.com is done in Route 53. There are 114 records in total, a mix of A, CNAME, and TXT records., as well a unique SOA, MX and NS record.

SiteB.com is also live, hosted in Netlify, and SiteB.com's primary nameservers point to Netlify. All DNS management for SiteB.com is done in Netlify’s admin. There are only 3 records at present:

  • www.SiteB.com,
  • SiteB.com, and
  • dev.SiteB.com

which (I believe) follows Netlify’s recommended setup for domains.

Long term goal: cut everything over to Netlify (so an eventual migration of all records is likely in order)

Shorter, more important goal: Cut SiteA.com traffic over to SiteB.com (as well as www.SiteA.com to www.SiteB.com, respectively) in the least invasive way possible; that is, disrupt as few of the previous 114 records as possible, so that:

  • subdomains (that aren’t www.) continue to point to existing AWS resources,
  • mail isn’t disrupted (MX, SPF, DKIM),
  • CNAMEs to external sources (eg. SendGrid.net) don’t have to be changed (yet) and continue to function.

I understand there are multiple ways to do this, but I’m curious if Netlify has a recommended order-of-operations, knowing AWS is involved, there are many subdomains that don’t necessarily have to be touched (yet), etc.

Note: If it wasn’t clear by this point, it’s probably important to point out that SiteB.com is v2 of SiteA.com, even though the domain names are (presently) different…and SiteB.com is a throwaway domain name.

@Wrapmate Welcome to the Netlify community.

I thought I was following you until that last paragraph. If you want to keep Route 53, then get SiteB ready and make the DNS changes with Route 53 when you’re ready. If you want to delegate DNS to Netlify, then someone will have to transfer most of those 114 DNS entries from Route 53 to Netlify and then when ready, change your DNS delegation. The big problem is that your biggest disruption will come from switching to SiteB, and THEN changing its domain name.

At any rate, I refer you to this source:

1 Like

Thanks! I did see that and have it bookmarked.

It sounds like it is possible just to point sitea.com and www.sitea.com directly over to Netlify while still retaining the majority of DNS in Route 53 (to start), so perhaps this can be a staggered migration (unless anyone can think of a reason why that wouldn’t work).

@Wrapmate It depends on what you mean by “staggered.” You can delegate only one set of name servers per custom domain, so whichever set of name servers you delegate are the ones in control … until you delegate to different name servers and those changes have to propagate.

“Staggered” in the sense that there is a possible phased path forward that looks something like:

P1

  • Nameservers continue to point to AWS
  • In R53, SiteA.com and www.SiteA.com are CNAMEs that can be pointed to a Netlify resource: SiteB.com
  • All remaining subdomains continue to behave as normal.

P2

  • Nameservers are updated to point to Netlify
  • The remaining 112 records are recreated in Netlify, but (in most of the entries) point back to AWS resources (which is basically the reverse of P1)

…if this is possible.

@Wrapmate Yep, that should work.

As this is still a project-in-motion, an interesting (concerning?) issue arose.

I cut the DNS management over to Netlify on Monday and have migrated all the records over, pointing them back to their respective AWS endpoints. I also tried experimenting by setting up beta.SiteA.com and simply pointing it to the new www.SiteB.com site that is being built in Netlify.

Initially, there was an SSL security violation – but now there isn’t…and I feel like there should be, so I’m not exactly clear what I’m missing. To review:

  • SiteB.com has a valid wildcard cert issued to it (by Netlify)
  • SiteA.com has a valid wildcard cert issued to it (by AWS)
  • beta.SiteA.com is just a CNAME to www.SiteB.com

…so, if I created a subdomain on SiteA.com…and pointed it to SiteB.com…shouldn’t the browser warn me that the cert is valid, but it doesn’t match the apex domain typed into the location bar?

Why does this work? What am I missing here…

Without knowing specifics about your site, if you’re using Netlify DNS, we may have grabbed a wildcard SSL cert.

A utility like SSL Certificate Checker - Diagnostic Tool | DigiCert.com should tell you how it thinks it’s working :slight_smile: