I'm working on a site that I'd like to serve from a naked domain like foo.com, and serve it from AWS S3'.
However, the documentation I can find with AWS gave me the impression that if I want to do this, I'll need to move move all my DNS over to Amazon's Route53.
I'd rather not do that, but as I can't use CNAMES for naked domains, nor point A-records point to a fixed IP (because they might change), I'm not sure what my options are.
Is it possible to only delegate the serving of a naked domain to another provider, without needing to move everything across?
I see snippets like this in the AWS docs, which I could add to my DNS with Gandi, but I understand this would delegate all domain handling to the Amazon Name servers, which I don't think I want.
foo.com. 172800 IN NS ns-9999.awsdns-99.com.
If my provider, Gandi doesn't support ALIAS or ANAME records, what are my options?
I understand I could spin an instance up at an IP I point to with an A record, then use it to bounce requests along from the naked domain to a static sited hosted at www.foo.com, but are there other options, but this feels like it would defeat the purpose of having static serving, so other than using a provider like Cloudflare, or wwwizer, who handle the naked domain japery for you, what else can you do?
DNS is a hierarchical system, and simply does not provide a mechanism for delegating only the apex record of a zone elsewhere.
The most straightforward solution is to move your DNS hosting to Route 53, because Alias records in Route 53 solve the issue by using Route 53's internal knowledge of the contents of S3's domains (as well as those for ELB and CloudFront) in order to return a correct A-record response to your query. (An Alias isn't a DNS record type, it's a configuration directive.)
There's little reason that I can think of to resist such a change -- you don't have to change your registrar to Route 53 (although you can), you only need to change your authoritative name servers with your current registrar. You can continue to use the current registrar for your annual renewals and any other bonus/bundle things they provide... just not for DNS hosting itself.
Other providers accomplish the appearance of similar functionality by proxying the incoming DNS request to a destination "out the back," looking up the target and returning the appropriate portions of the response to the original requester.
That's what Cloudflare does, with "CNAME flattening" --
Using a web proxy server, with a static IP address and an A record is a viable option -- and, in fact, is not a bad one if you want to serve your site with an SSL certificate (S3 doesn't support SSL for custom domains). If the proxy is in the same AWS region as the bucket, there aren't any additional data transport charges, and a proxy on a given piece of hardware can certainly serve up more content than an actual web server on the same hardware, since there's no disk access. (On one such setup, a t2 micro, running haproxy, I served 891,683 web requests yesterday without ever hitting 5% CPU on the one-minute CloudWatch graph). Of course, this introduces an additional cost and availability issues.
But there are no magic bullets.