DNS

how does dns work

Managing the Domains

The project uses two primary domains:

  • wiperinstall.rainx.com — main domain for API, infrastructure services (ArgoCD, Tekton, Grafana)
  • wiperinstall.click — customer-facing frontend domain

DNS management is handled via Amazon Route53. This means that DNS configurations—such as A records, CNAMEs, and other record types—are handled and stored in hosted zones within Route53.

The name servers (NS records) provided by Route53 were configured in the domain registrar settings. This delegates DNS resolution control to AWS Route53.

Kubernetes and ExternalDNS Integration

Inside the Kubernetes cluster where our applications are deployed, we use ExternalDNS, a tool that automatically synchronizes Kubernetes resources (like Ingress and Service objects) with DNS records in the DNS provider—in this case, Amazon Route53.

What is external-dns and How It Works

external-dns is a Kubernetes add-on that automatically manages DNS records for your services and ingress resources based on what’s running in cluster.

It enables you to automate the creation or update of DNS records in AWS Route53 — without manual zone updates.

How external-dns Works

  1. Monitors Kubernetes Resources external-dns watches resources like Ingress and Service in cluster.

  2. Extracts Hostnames Based on annotations or specific fields (e.g., spec.rules.host in Ingress), it determines which DNS records should exist.

  3. Syncs with DNS Provider Using your DNS provider’s API (e.g., AWS Route53), it creates or updates the corresponding DNS records (A, CNAME, etc.).

  4. Handles Updates and Deletions Automatically If the underlying resources are changed or deleted, external-dns will automatically update or remove the DNS records.

Example Use Case

Here’s a sample Ingress configuration:

apiVersion: networking.k8s.io/v1
kind: Ingress
metadata:
  name: backend
spec:
  rules:
    - host: api.wiperinstall.rainx.com
      http:
        paths:
          - path: /
            pathType: Prefix
            backend:
              service:
                name: backend
                port:
                  number: 8080

ExternalDNS Configuration

  • ExternalDNS has IAM access to Route53 hosted zones.
  • It is configured in upsert-only, meaning it does not delete DNS records that were created manually or by other tools.
  • It only creates records that are relevant to current Kubernetes objects.
  • Domain filters: wiperinstall.rainx.com, wiperinstall.click

See more instruction in the official documentation

Workflow: DNS Record Creation During Application Deployment

  1. When deploying a new application in the cluster, an Ingress object is created with a specified host, such as api.wiperinstall.rainx.com.
  2. ExternalDNS scans all Ingress and Service objects in the cluster, collecting host information.
  3. Upon detecting the new Ingress with the host api.wiperinstall.rainx.com, ExternalDNS interacts with the Route53 API and creates the corresponding DNS record (typically an A record with an ALIAS to a Load Balancer address).
  4. Once the record appears in Route53, the domain name begins resolving to the correct IP or ALIAS target, enabling access to the application via the specified URL.

Hosted Zones Overview

wiperinstall.rainx.com hosted zone

This is our main hosted zone, managing all production traffic, core and service applications, as well as infrastructure-related services. It includes DNS records for:

  • Backend API (api.wiperinstall.rainx.com)
  • Argo CD (argo-cd.teleport.wiperinstall.rainx.com)
  • Tekton Dashboard (tekton.wiperinstall.rainx.com)
  • Tekton Webhook (tekton-webhook.wiperinstall.rainx.com)
  • Teleport (teleport.wiperinstall.rainx.com)

wiperinstall.click hosted zone

This is the customer-facing hosted zone, used for the frontend application:

  • Frontend (wiperinstall.click)