How to Migrate from Windows DNS Active Directory-Integrated to AWS Route53 Safely in 3 Commands
Migrating your DNS to a cloud-based service like Amazon’s Route53 service can be a daunting task.
With dns-tools, you can test your DNS records before and after the migration to ensure that everything made it across in one piece. If you are migrating from a BIND DNS server, see our blog post here.
Follow these four steps to migrate from a Windows DNS Active-Directory integrated server to Route53:
- Generate zone data,
- Assess your current zone data,
- Migrate (via the API!), and
- Verify by resolving against the AWS name servers before cutting over.
1. Generate
First, generate a zonefile for your zone because with Active Directory-integrated zones there are no zonefiles that are directly accessible.
dnscmd /ZoneExport dnstools.ninja dnstools.ninja
This command will generate a file called dnstools.ninja (for the zone dnstools.ninja, that is why it is listed twice) in the directory C:\Windows\System32\dns. (Note: “C:\Windows” will be whatever your %SystemRoot% is set to). You can now copy this file to your present working directory to simplify the next steps.
mv C:\Windows\System32\dns\dnstools.ninja
2. Assess
The first step to a successful migration is to resolve each of your records and save a snapshot of how they resolve. You can output this to your console, TSV, or in this case, JSON as it is easy to compare with diff
.
dns-tools resolver -f .\dnstools.ninja -o json > before_migration.json
3. Migrate
With your current status saved, you can easily migrate to AWS’s Route53 DNS service, via the AWS API, in one command:
dns-tools migrate -f .\dnstools.ninja -c aws
Hint: Dry-runs are possible. See --help
for more.
4. Verify
After the migration has completed, can check that all of records resolve against any newly assigned AWS nameservers. In this example, we have ns-369.awsdns-46.com:
dns-tools resolver -f .\dnstools.ninja -dn ns-369.awsdns-46.com -o json > after_migration.json
With this, compare your original resolved results against the results from your newly migrated service.
diff (cat before_migration.json) (cat after_migration.json)
Now, you can see that all of your records are the same. The only difference here is the date and server you ran these against.
Congratulations, you have now safely migrated your Windows DNS AD server to Amazon Web Service’s Route53 cloud-based service in less than 3 minutes!