AWS Route 53 - How to delegate a subdomain to a different hosted zone?

Terraform
1

I’m using the route53 module to create hosted zones for a domain and a subdomain. I wish to manage the domain and the subdomain in separate hosted zones because they will be in separate AWS accounts, though they’re in the same Terraform config for now.

After I create the hosted zones with

provider "aws" {
  region = "us-west-2"
}
module "zones" {
  source = "terraform-aws-modules/route53/aws//modules/zones"
  zones = {
    "dom.ain"     = {}
    "sub.dom.ain" = {}
  }
}

I can create resource records like

module "text_top" {
  source  = "terraform-aws-modules/route53/aws//modules/records"
  zone_id = module.zones.route53_zone_zone_id["dom.ain"]
  records = [{
    name    = ""
    type    = "TXT"
    ttl     = 60
    records = ["this is the top domain dom.ain"]
  }]
}

module "text_sub" {
  source  = "terraform-aws-modules/route53/aws//modules/records"
  zone_id = module.zones.route53_zone_zone_id["sub.dom.ain"]
  records = [{
    name    = ""
    type    = "TXT"
    ttl     = 60
    records = ["this is the subdomain sub.dom.ain"]
  }]
}

which yield the expected results:

$ dig +short -t txt dom.ain. @ns-1749.awsdns-26.co.uk.
"this is the top domain dom.ain"
$ dig +short -t txt sub.dom.ain. @ns-1295.awsdns-33.org.
"this is the subdomain sub.dom.ain"
$

I create glue NS records for the subdomain:

module "glue_NS" {
  source  = "terraform-aws-modules/route53/aws//modules/records"
  zone_id = module.zones.route53_zone_zone_id["dom.ain"]
  records = [{
    name    = "sub"
    type    = "NS"
    ttl     = 172800
    records = module.zones.route53_zone_name_servers["sub.dom.ain"]
  }]
}

The glue NS records are created:

$ aws route53 list-resource-record-sets \
      --hosted-zone-id Z036547736CNNGE0WKQ95 \
      --query 'ResourceRecordSets[?(Type==`NS` && Name==`sub.dom.ain.`)].[Name,Type,ResourceRecords[].Value]' \
      --output text
sub.dom.ain.    NS
ns-981.awsdns-58.net    ns-217.awsdns-27.com    ns-1295.awsdns-33.org   ns-1940.awsdns-50.co.uk
$

But the glue NS records aren’t returned for a normal query:

$ dig +short -t ns sub.dom.ain. @ns-1749.awsdns-26.co.uk.
$ dig +short -t txt sub.dom.ain.  @ns-1749.awsdns-26.co.uk.
$

How can I delegate a subdomain to a different HZ?
Thanks for any suggestions!

1 Like