Best Practices for AWS R53 Integration
- Sri Raghu
The following best practices are recommended for AWS Route 53 integration with Universal DDI:
Â
Be mindful of the AWS rate limits when configuring the Universal DDI Route53 integration. Universal DDIR53 does perform rate limiting to help protect an AWS tenant. However, the Universal DDI Route53 rate limiter does not account for API activity on the same AWS tenant that is not caused by Infoblox.
It is recommended to manage DNS zones and records from either the Infoblox Portal or AWS. Unexpected syncing results are possible if DNS data is managed from both sides regularly. Note that if the same object is changed in both Infoblox Portal and AWS during the same sync window, the change made in AWS will take precedence.
Should a Third Party DNS provider be deleted from the Infoblox Portal, the DNS data that was syncing to that provider will continue to exist in Infoblox Portal but will be disassociated from the deleted provider. Unless there is a specific need to do so, do not recover the deleted Third Party DNS Provider from the recycle bin. Instead, it is recommended to create a new Third Party Provider and select a different view to sync DNS data into. Â
Credential rotation
To rotate credentials, create a new set of credentials in Infoblox Portal with new Access Key ID and Secret Access Key. Edit the Third Party DNS Provider and select the newly created credentials.
Â
Auditing/Recovery
The Infoblox Portal audit logs can be utilized to a view, zone, and record operations.
Alternatively, AWS CloudTrail can be leveraged to track and view DNS zone and record management operations (additional costs may apply).
Additionally, the Infoblox Portal recycle bin feature can be used to recover zones and records that have been deleted through management actions performed on the Infoblox Portal. Zones and records that are deleted in AWS, where the deletion is synced into Infoblox Portal, cannot be recovered using the recycle bin in the Infoblox Portal.