top of page

Moving DNS wholesale to Amazon Route 53 – A Step Forward for Reliability, Security, and Email Deliverability

  • Writer: Jack Royle
    Jack Royle
  • Sep 8
  • 3 min read

Updated: Sep 9

At Dental IT / Tenacity IT we’re always looking for ways to improve the foundations of the services we provide to our clients. Over the past 20 years we’ve used the OpenSRS wholesale platform for managing customer domains. It’s served us well – but technology moves on, and so must we.

Over the course of September 2025 we’ll be migrating customer domains from OpenSRS to Amazon Route 53, Amazon Web Services’ enterprise-grade DNS service. This migration is being done gradually and carefully:

  • We’re copying current DNS settings across, and cross-checking against domain records, to ensure there is no disruption.

  • Once complete, all future DNS changes and management will run on Amazon’s global cloud platform.

Why We’re Moving to Route 53

1. Enterprise ReliabilityAmazon’s DNS runs on a global network of redundant servers. That means if a data centre fails, DNS requests are automatically answered from elsewhere. Your website, Microsoft 365, and cloud apps remain accessible worldwide.

2. Faster PerformanceWith latency-based routing, users are directed to the nearest Amazon server for quicker responses. This means faster website loads and smoother connectivity.

3. Enhanced SecurityRoute 53 ties into AWS Shield for DDoS protection and supports DNSSEC to prevent spoofing. It’s a stronger line of defence for your business.

4. Future-Proof IntegrationAs more businesses adopt cloud platforms, Route 53 integrates seamlessly with AWS services. That makes it easier for us to support your future growth.

5. Business ContinuityRoute 53 supports health checks and automatic failover. If one service endpoint goes down, traffic can be redirected elsewhere without interruption.

Email Security: SPF, DKIM, and DMARC

Alongside the DNS migration, we are tightening up SPF, DKIM, and DMARC records for every customer domain.

  • SPF (Sender Policy Framework): Confirms which mail servers are allowed to send emails on your behalf.

  • DKIM (DomainKeys Identified Mail): Adds a digital signature to outgoing messages so recipients know they’re genuine.

  • DMARC (Domain-based Message Authentication, Reporting & Conformance): Brings SPF and DKIM together with reporting, allowing us to block unauthorised use of your domain.

These measures are not just “nice to have”:

  • They improve deliverability (your emails are less likely to be filtered as spam).

  • They protect your brand reputation by preventing impersonation or spoofing.

  • They give us visibility into how your domain is being used – or abused – on the wider internet.

Domain Monitoring with Kevlarr

We’ve also implemented domain monitoring through Kevlarr, which allows us to see if anyone else is attempting to send email using your domain. This means we can step in quickly if there’s suspicious activity and protect your reputation before damage is done.

Why Now?

After almost 20 years with OpenSRS, the platform is beginning to show its age. While it has been stable and reliable, we believe our customers deserve the best possible foundation for their online services. By moving to Route 53, tightening email authentication, and adding monitoring, we’re giving you:

  • Greater reliability

  • Stronger security

  • Better email deliverability

  • Confidence that your domain is being actively monitored and protected

In Short

This migration is about future-proofing your business IT. The internet has changed a lot in the past two decades, and we’re making sure your domains, email, and online presence are running on a platform built for the next twenty years – not the last.

If you have any questions about the migration, or how SPF, DKIM, DMARC, or monitoring affects you, please get in touch with our team.

 
 
 

Comments

bottom of page