It was documented on https://sigs.centos.org/guide/dns/ and I see there is even a template on this tracker for such dns request :)
https://pagure.io/centos-infra/new_issue/?template=sig-dns

Feel free to just resubmit needed info in this ticket and I'll take care of creating the sub-zone and redirect wildcard to your openshift cluster

I was more wondering what you need for wildcard redirect like these? Just an IP address as well?

yes, the ip of the load-balancer in front of that ocp cluster

so IIUC this way it doesn't delegate the queries to AWS's Route53, i.e. not allowing to use OCP IPI deployment that adds the cluster's domain and other entries on its own.i.e. basically a bare metal deployment using AWS infra. Is my understanding correct?

Is it possible to delegate the subdomain?
IIUC then following https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/CreatingNewSubdomain.html that would allow the OCP installer to control the api and apps endpoints and cluster autoscaling.

@mskrivanek : yes, correct but then the request is different than just a wildcard entry pointing to existing openshift cluster :)
That's also how we dealt with our own ocp cluster in aws for CI :

dig -t ns +short cloud.ci.centos.org
ns-1702.awsdns-20.co.uk.
ns-1393.awsdns-46.org.
ns-775.awsdns-32.net.
ns-89.awsdns-11.com.

The CentOS board agreed initially to create CNAME in a way of <sig_name>.unmanaged-by.centos.org to reflect that , while under centos.org , it was not managed/maintained by centos project (infra). Let me see if delegating a whole sub-domain (easy to do, as we that ourselves for our own sub-domain/ocp cluster) is something they are ok with.

Tagging here some board members here would be the way to go to speed up the answer :
@dcavalca , @jcpunk , @jwboyer , @hughesjr , @mikem , @alphacc , @bex , @spotz

None of this looks objectionable to me...

Let's just wait for at least another +1 from another board member and in parallel, @pingou and/or @mskrivanek can already create the zone at the route53 side.
After that, it's matter or communicating us the NS records for the delegation and ansible will apply the change

ack.
so for route53 delegation - ocp.automotive.sig.centos.org would be ideal. (we probably want automotive.sig.centos.org to be kept here for other potential purposes) @pingou fine with you?

@mskrivanek fine for me :)

Thanks!

@arrfab ocp.automotive.sig.centos.org created on AWS side with:
ns-553.awsdns-05.net.
ns-1316.awsdns-36.org.
ns-18.awsdns-02.com.
ns-1842.awsdns-38.co.uk.

I agree with @jcpunk. As long as the domain is suffixed with .sig.centos.org to clearly delineate it as stemming from a SIG, I think this is fine.

Done and live :

dig @ns1.centos.org -t ns ocp.automotive.sig.centos.org

; <<>> DiG 9.16.23-RH <<>> @ns1.centos.org -t ns ocp.automotive.sig.centos.org
; (1 server found)
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 16134
;; flags: qr rd; QUERY: 1, ANSWER: 0, AUTHORITY: 4, ADDITIONAL: 1
;; WARNING: recursion requested but not available

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 1232
; COOKIE: 2e4e45e2855836c21b865e3e65b20fac55c886c7b03a5ca0 (good)
;; QUESTION SECTION:
;ocp.automotive.sig.centos.org. IN  NS

;; AUTHORITY SECTION:
ocp.automotive.sig.centos.org. 600 IN   NS  ns-1316.awsdns-36.org.
ocp.automotive.sig.centos.org. 600 IN   NS  ns-553.awsdns-05.net.
ocp.automotive.sig.centos.org. 600 IN   NS  ns-1842.awsdns-38.co.uk.
ocp.automotive.sig.centos.org. 600 IN   NS  ns-18.awsdns-02.com.

;; Query time: 117 msec
;; SERVER: 8.43.84.215#53(8.43.84.215)
;; WHEN: Thu Jan 25 08:37:16 CET 2024
;; MSG SIZE  rcvd: 222