How to export a zone file from AWS Route 53 in BIND format

Ilias el Matani

Introduction

AWS Route 53 doesn't directly offer an option to export hosted zone files, but that doesn't mean you're out of options. This blog post will guide you through a simple workaround using the AWS CLI to manually export your DNS records in BIND format, ensuring you're ready for backups and migrations alike. Let's dive into how you can secure and transition your DNS settings with ease.

Access key

To create an access key for AWS, crucial for executing AWS CLI commands, follow these straightforward steps:

  1. Go to the AWS homepage and log in with your account details.
  2. After logging in, click on your account name at the top right corner of the console. From the drop-down menu, select "Security Credentials".
  3. On the Security Credentials page, scroll down to the "Access keys" section.
  4. Click on the "Create New Access Key" button. A pop-up will provide you with a new Access Key ID and Secret Access Key.
  5. Download or copy your keys: You'll have the option to download the keys as a .csv file or copy them directly. Remember to save these details securely, as the Secret Access Key can't be retrieved again after this step.
  6. These steps ensure you have a new access key ready for use with the AWS CLI, allowing secure management and interaction with AWS services.

Setting up AWS CLI

  1. Find the CloudShell service, typically available in the top menu or under the Services section.
  2. Click to open AWS CloudShell, which provides a browser-based shell that comes pre-authenticated with your console credentials.
  3. Configure AWS CLI: In the CloudShell environment, type the command aws configure and press Enter.

This command initiates the setup process for the AWS Command Line Interface (CLI), prompting you to enter your Access Key ID, Secret Access Key, default region name, and output format.

  • Access Key ID: Enter the Access Key ID you generated in the previous steps.
  • Secret Access Key: Enter the corresponding Secret Access Key.
  • Default region name: Specify the AWS region you’ll be working in most frequently (e.g., eu-central-1).
  • Output format: Choose json as the preferred output format.

Creating the export

Execute the the one-liner script below which efficiently iterates through all your AWS Route 53 hosted zones, extracting and displaying each domain's DNS records in a neatly formatted output, making it an invaluable tool for quick DNS audits and record management.

for ZONE in $(aws route53 list-hosted-zones | jq -r '.HostedZones[].Id');
do 
  ZONE_ID=$(echo $ZONE | sed 's|/hostedzone/||'); 
  DOMAIN_NAME=$(aws route53 get-hosted-zone --id $ZONE | jq -r '.HostedZone.Name'); 
  echo "Domain: $DOMAIN_NAME"; 
  aws route53 list-resource-record-sets --hosted-zone-id $ZONE_ID --output json | 
  jq -jr '.ResourceRecordSets[] | "\(.Name) \t\(.TTL) \t\(.Type) \t\(.ResourceRecords[].Value)\n"'; 
  echo "--------------------------------------------------"; 
done

Conclusion

While the AWS Management Console does not support exporting hosted zone files in BIND format or any other format from the UI, the steps outlined above can be followed to retrieve and format your DNS records using the AWS CLI.