DNS Management

What you get

• Route53 Setup — Complete hosted zone configuration with automatic ACM wildcard certificates
• Multi-Environment Architecture — Subdomain delegation (development.yourcompany.com, staging.yourcompany.com) with isolated management
• Infrastructure as Code — All DNS records managed via Terraform with version control and change history
• Self-Service Management — Team-friendly data structures for adding records without Terraform expertise
• CloudWatch Logging — DNS query analytics and debugging with integrated monitoring

Why in-house DNS matters

DNS is critical infrastructure. Managing it in-house with Terraform gives you complete control, audit trails, and integration with AWS services like CloudFront and API Gateway. No more third-party DNS dashboards, surprise renewal fees, or waiting on support tickets to add TXT records.

When DNS is infrastructure-as-code, changes are reviewable, reversible, and documented. Your team sees exactly what changed, when, and by whom—not just "DNS was updated last Tuesday."

Who this is for

Companies running AWS infrastructure who want DNS managed the same way as the rest of their platform—version-controlled, reviewable, and integrated with their deployment pipelines.

If you're still logging into a DNS provider's web UI to make changes, or your DNS records are tribal knowledge that only one person understands, it's time for proper DNS management.

DNS architecture

Multi-Environment Delegation

• Root domain (yourcompany.com) managed centrally
• Environment subdomains delegated to separate hosted zones
• development.yourcompany.com, staging.yourcompany.com, production.yourcompany.com
• Teams can manage their environment DNS independently

Wildcard Certificates

• Automatic ACM certificate provisioning for *.yourcompany.com
• DNS validation records managed via Terraform
• Certificate renewal handled automatically by AWS
• CloudFront and ALB integration with automatic cert attachment

Record Management

• A, AAAA, CNAME, MX, TXT, and SRV record support
• Alias records for AWS services (CloudFront, ALB, S3)
• Health checks and failover routing for high availability
• Weighted routing for canary deployments and A/B testing

Integration Patterns

• API Gateway custom domain integration
• CloudFront distribution DNS configuration
• Application Load Balancer DNS records
• S3 static website hosting with custom domains

Infrastructure-as-code benefits

All DNS records are defined in Terraform data structures that your team can edit without deep Terraform knowledge. Changes go through pull requests with review and CI validation before being applied to production.

• Version control: See complete history of DNS changes
• Code review: DNS changes reviewed like any other code
• Automated validation: CI checks for syntax errors and conflicts
• Rollback capability: Revert to previous DNS state if needed

Monitoring and observability

Route53 query logging sends DNS query data to CloudWatch Logs, enabling debugging and analytics. You can see which records are being queried, from where, and how often.

• CloudWatch Logs for query history and debugging
• Query volume metrics and alerting
• DNSSEC validation monitoring (if enabled)
• Health check status and uptime tracking

Migration support

We handle domain transfers from existing DNS providers with zero downtime. Your existing DNS records are imported into Terraform, validated, and then the nameserver cutover happens with proper TTL management to avoid disruption.

• DNS record audit and import from existing provider
• Terraform import of all existing records
• Validation of record accuracy before cutover
• Nameserver transition with minimal TTL impact

What you inherit

A fully documented DNS infrastructure with operational runbooks for common tasks. Your team gets self-service DNS management without needing to learn Terraform—just edit data files and open a pull request.

Complete audit trail of all DNS changes, making compliance and troubleshooting straightforward. No more "who changed this record and why?"

See our work for examples of DNS infrastructure implementations.