Can I separate production app entries from email entries?

Question

I'm on the way migrating from one big "console configured" AWS account to multiple accounts configured with CloudFormation and now I'm learning capabilities for Route 53. I have already learned that I can put new NS records for subdomains and handle staging.example.com and dev.example.com in different hosted zones in different accounts. But I'm asking can I separate production app (zone apex) entries from external entries, which are not related to production app. I mean MX record, DKIMs, SPF, DMARC and so on...  
  
We have not separate consistent common subdomain for production app, only api.example.com, app.example.com and so on. Because NS records for main domain can't be changed and NS records doesn't support any wildcards, is there any easy and/or reasonable way to separate those concerns? If not, what is your advice? Is it better to put production app entries to shared services account or "email entries" into production app account?

Answer

Yep, that was the thing I was asking and answer was same what I thought. Thank you for suggestions, I will also be using production app account for hosted zone...

Answer

If I'm understanding the question correctly, then you're asking if your production app at  
  
A example.com  
A api.example.com  
A www.example.com  
etc.  
  
can be maintained in a different zone than your email related records  
  
MX example.com  
etc.  
  
then the answer is usually no, the exceptions being weird edge cases such as one set can be in a private zone and one set in a public zone.  But if the world needs to see all of them, no...  
  
I'd generally be tempted to put the domain in the production account, so that you can easily utilize all the spiffy AWS automation for load balancers, health checks, etc., etc., on the production instances.   The email entries are more likely to remain relatively static entries.

Can I separate production app entries from email entries?

相关内容