DNS Migration: Cloudflare (Kajabi) → Route53¶
Overview¶
Current State:
- Domain: vell.ai
- Nameservers: Cloudflare (jermaine.ns.cloudflare.com, joyce.ns.cloudflare.com)
- Management: Kajabi interface → Cloudflare backend
- Homepage (vell.ai, www.vell.ai): Kajabi hosted
Target State:
- Nameservers: AWS Route53
- Homepage: Laravel app (same as app.vell.ai)
- Full DNS control in AWS console
Pre-Migration Checklist¶
1. Verify AWS Resources¶
| Subdomain | Type | Target | Status |
|---|---|---|---|
app.vell.ai |
ALB | dualstack.prod-c-loadb-2j2vzccrfpmp-207866001.us-east-1.elb.amazonaws.com |
✅ Active |
dev.vell.ai |
ALB | dualstack.dev-co-loadb-w0pnpffp5bkj-2032461823.us-east-1.elb.amazonaws.com |
✅ Active |
demo.vell.ai |
ALB | dualstack.demo-c-loadb-ctwuglocmc5d-1899769558.us-east-1.elb.amazonaws.com |
✅ Active |
docs.vell.ai |
CloudFront | d75e5c5rcdxz9.cloudfront.net |
✅ Active |
templates.vell.ai |
CloudFront | d2s1me9tauxpal.cloudfront.net |
✅ Active |
2. Verify ACM Certificate¶
- Certificate ARN:
arn:aws:acm:us-east-1:253265132499:certificate/1776d484-5e23-40bb-b84f-f42568574d1f - Covers:
*.vell.ai(wildcard) - Status: Must remain valid during migration
3. Verify Google Workspace Email¶
Test email delivery to @vell.ai addresses before and after migration.
Route53 Hosted Zone Records¶
Hosted Zone ID: Z03310081OFYKR4PREURF
AWS Nameservers (use these):
Complete Record Set to Create in Route53¶
A Records (Alias)¶
# Homepage - Point to production ALB
vell.ai A ALIAS dualstack.prod-c-loadb-2j2vzccrfpmp-207866001.us-east-1.elb.amazonaws.com (Z35SXDOTRQ7X7K)
# App environments
app.vell.ai A ALIAS dualstack.prod-c-loadb-2j2vzccrfpmp-207866001.us-east-1.elb.amazonaws.com (Z35SXDOTRQ7X7K)
dev.vell.ai A ALIAS dualstack.dev-co-loadb-w0pnpffp5bkj-2032461823.us-east-1.elb.amazonaws.com (Z35SXDOTRQ7X7K)
demo.vell.ai A ALIAS dualstack.demo-c-loadb-ctwuglocmc5d-1899769558.us-east-1.elb.amazonaws.com (Z35SXDOTRQ7X7K)
CNAME Records¶
# WWW redirect
www.vell.ai CNAME vell.ai 300
# CloudFront distributions
docs.vell.ai CNAME d75e5c5rcdxz9.cloudfront.net 300
templates.vell.ai CNAME d2s1me9tauxpal.cloudfront.net 300
# ACM Validation (keep existing)
_d41b04043495d0e2788e5d93283cf803.vell.ai CNAME _ad2281a368109e49a20aaaa0deb56136.mhbtsbpdnt.acm-validations.aws 300
_f523bc5c502497008431c0b329aeb35f.www.vell.ai CNAME _29034740609e89ec88aadcc2e5d29fa0.mhbtsbpdnt.acm-validations.aws 300
# Amazon SES DKIM (vell.ai)
gt24mvcjrlvwnswk7qq3fujtn52ziy3w._domainkey.vell.ai CNAME gt24mvcjrlvwnswk7qq3fujtn52ziy3w.dkim.amazonses.com 300
rdxzhggd5tgqojccjeftmgnlxy57g6xb._domainkey.vell.ai CNAME rdxzhggd5tgqojccjeftmgnlxy57g6xb.dkim.amazonses.com 300
rszsxr46tov2bvyvkxcegpzjxyaz5yf5._domainkey.vell.ai CNAME rszsxr46tov2bvyvkxcegpzjxyaz5yf5.dkim.amazonses.com 300
# Amazon SES DKIM (email.vell.ai subdomain)
5jom4fld6ndco6ndosckgdvy2xbwkjsy._domainkey.email.vell.ai CNAME 5jom4fld6ndco6ndosckgdvy2xbwkjsy.dkim.amazonses.com 300
tvm4uwaljbqtd4kkpnjuq6xqtdzhhpvv._domainkey.email.vell.ai CNAME tvm4uwaljbqtd4kkpnjuq6xqtdzhhpvv.dkim.amazonses.com 300
vwxx2s45v567wxy4da5gl35d6pub5n3g._domainkey.email.vell.ai CNAME vwxx2s45v567wxy4da5gl35d6pub5n3g.dkim.amazonses.com 300
# Mailchimp DKIM
k2._domainkey.vell.ai CNAME dkim2.mcsv.net 300
k3._domainkey.vell.ai CNAME dkim3.mcsv.net 300
MX Records¶
# Google Workspace (Primary email)
vell.ai MX 1 aspmx.l.google.com
vell.ai MX 5 alt1.aspmx.l.google.com
vell.ai MX 5 alt2.aspmx.l.google.com
vell.ai MX 10 alt3.aspmx.l.google.com
vell.ai MX 10 alt4.aspmx.l.google.com
# Amazon SES (for bounces and transactional)
email.vell.ai MX 10 feedback-smtp.us-east-1.amazonses.com
bounce.email.vell.ai MX 10 feedback-smtp.us-east-1.amazonses.com
TXT Records¶
# SPF Records
vell.ai TXT "v=spf1 include:_spf.google.com include:amazonses.com ~all"
email.vell.ai TXT "v=spf1 include:amazonses.com -all"
bounce.email.vell.ai TXT "v=spf1 include:amazonses.com ~all"
# DMARC Records
_dmarc.vell.ai TXT "v=DMARC1; p=quarantine; pct=100; rua=mailto:dmarc-reports@vell.ai; ruf=mailto:dmarc-reports@vell.ai; fo=1"
_dmarc.email.vell.ai TXT "v=DMARC1; p=quarantine; pct=100; rua=mailto:dmarc-reports@vell.ai; ruf=mailto:dmarc-reports@vell.ai; fo=1"
# Amazon SES Verification
_amazonses.email.vell.ai TXT "4Lx5QefS6h+EPqqndsNurC5hmdh1zaKt3DzimWV+60k="
# Ahrefs Site Verification
vell.ai TXT "ahrefs-site-verification_8ea9066b619025833aec334e7d23fc91e97639e04ea215bb40f0e7d643d2f243"
# Amazon Business Verification (already in Route53)
@.vell.ai TXT "amazon-business-verification=093f9c121c25b5a3ac84f744673c9ba2fb6d4dd9c804a315132351bd9fa704ca3"
# Amazon Chime (already in Route53)
_amazonchime.vell.ai TXT "9e637068-30b5-48ec-aa4d-9ccb108a4537"
Migration Steps¶
Phase 1: Prepare Route53 (Before Cutover)¶
Estimated Time: 30 minutes
-
Lower TTL in Cloudflare/Kajabi
-
Create all records in Route53 (see script below)
- Do NOT change nameservers yet
-
Records will exist but not resolve
-
Verify Route53 records
Phase 2: Update Laravel for Apex Domain¶
File: routes/web.php
// Add support for vell.ai apex domain
// The app should respond the same whether accessed via vell.ai or app.vell.ai
File: config/app.php or .env
Test locally:
Phase 3: Nameserver Cutover¶
Estimated Downtime: 5-30 minutes (DNS propagation)
- Schedule maintenance window
- Choose low-traffic time (e.g., Sunday 2-4 AM EST)
-
Notify team
-
Update nameservers at registrar
- Login to domain registrar (where vell.ai was purchased)
- Change nameservers FROM:
-
Change nameservers TO:
-
Monitor propagation
-
Verify all services
- https://vell.ai loads (homepage)
- https://app.vell.ai loads (app)
- https://dev.vell.ai loads (dev)
- https://demo.vell.ai loads (demo)
- https://docs.vell.ai loads (documentation)
- https://templates.vell.ai/templates/ loads (templates)
- Email to @vell.ai addresses works
- Transactional emails send correctly
Phase 4: Post-Migration Cleanup¶
- Restore TTLs
-
Set important records to 3600 (1 hour) or higher
-
Remove Kajabi custom domain
- In Kajabi, remove vell.ai as custom domain
-
Cancel Kajabi subscription if no longer needed
-
Update documentation
- Update runbooks with new DNS location
- Document Route53 as authoritative DNS
AWS CLI Commands¶
Create Records via CLI¶
# Set variables
HOSTED_ZONE_ID="Z03310081OFYKR4PREURF"
# Create apex domain A record (alias to ALB)
aws route53 change-resource-record-sets --hosted-zone-id $HOSTED_ZONE_ID --change-batch '{
"Changes": [{
"Action": "UPSERT",
"ResourceRecordSet": {
"Name": "vell.ai",
"Type": "A",
"AliasTarget": {
"HostedZoneId": "Z35SXDOTRQ7X7K",
"DNSName": "dualstack.prod-c-loadb-2j2vzccrfpmp-207866001.us-east-1.elb.amazonaws.com",
"EvaluateTargetHealth": true
}
}
}]
}'
# Create www CNAME
aws route53 change-resource-record-sets --hosted-zone-id $HOSTED_ZONE_ID --change-batch '{
"Changes": [{
"Action": "UPSERT",
"ResourceRecordSet": {
"Name": "www.vell.ai",
"Type": "CNAME",
"TTL": 300,
"ResourceRecords": [{"Value": "vell.ai"}]
}
}]
}'
# Create dev.vell.ai A record (alias to dev ALB)
aws route53 change-resource-record-sets --hosted-zone-id $HOSTED_ZONE_ID --change-batch '{
"Changes": [{
"Action": "UPSERT",
"ResourceRecordSet": {
"Name": "dev.vell.ai",
"Type": "A",
"AliasTarget": {
"HostedZoneId": "Z35SXDOTRQ7X7K",
"DNSName": "dualstack.dev-co-loadb-w0pnpffp5bkj-2032461823.us-east-1.elb.amazonaws.com",
"EvaluateTargetHealth": true
}
}
}]
}'
# Create demo.vell.ai A record (alias to demo ALB)
aws route53 change-resource-record-sets --hosted-zone-id $HOSTED_ZONE_ID --change-batch '{
"Changes": [{
"Action": "UPSERT",
"ResourceRecordSet": {
"Name": "demo.vell.ai",
"Type": "A",
"AliasTarget": {
"HostedZoneId": "Z35SXDOTRQ7X7K",
"DNSName": "dualstack.demo-c-loadb-ctwuglocmc5d-1899769558.us-east-1.elb.amazonaws.com",
"EvaluateTargetHealth": true
}
}
}]
}'
# Create docs.vell.ai CNAME
aws route53 change-resource-record-sets --hosted-zone-id $HOSTED_ZONE_ID --change-batch '{
"Changes": [{
"Action": "UPSERT",
"ResourceRecordSet": {
"Name": "docs.vell.ai",
"Type": "CNAME",
"TTL": 300,
"ResourceRecords": [{"Value": "d75e5c5rcdxz9.cloudfront.net"}]
}
}]
}'
# Create templates.vell.ai CNAME
aws route53 change-resource-record-sets --hosted-zone-id $HOSTED_ZONE_ID --change-batch '{
"Changes": [{
"Action": "UPSERT",
"ResourceRecordSet": {
"Name": "templates.vell.ai",
"Type": "CNAME",
"TTL": 300,
"ResourceRecords": [{"Value": "d2s1me9tauxpal.cloudfront.net"}]
}
}]
}'
Verify Records¶
# List all records in zone
aws route53 list-resource-record-sets --hosted-zone-id Z03310081OFYKR4PREURF
# Test specific record
aws route53 test-dns-answer --hosted-zone-id Z03310081OFYKR4PREURF --record-name vell.ai --record-type A
Rollback Plan¶
If issues occur after nameserver change:
-
Immediate (< 5 min): Change nameservers back to Cloudflare
-
Wait for propagation (5-30 minutes)
-
Verify Kajabi/Cloudflare is serving again
Records NOT Being Migrated¶
| Record | Reason |
|---|---|
blue.vell.ai |
Test record - deprecated |
| Kajabi-specific records | No longer needed |
Cost Impact¶
| Service | Before | After |
|---|---|---|
| Kajabi | ~$199-399/mo | $0 (if cancelled) |
| Route53 Hosted Zone | $0.50/mo | $0.50/mo (already exists) |
| Route53 Queries | ~$0.40/mo | ~$0.40/mo |
| Net Savings | ~$199-399/mo |
Support Contacts¶
- AWS Support: Console → Support Center
- Domain Registrar: (where vell.ai was registered)
- Google Workspace: Admin console for email issues
Appendix: Full Route53 Zone File Import¶
Save as vell.ai.zone for Route53 import:
$ORIGIN vell.ai.
$TTL 300
; SOA and NS records managed by Route53
; A Records (Alias - must be created via console/CLI, not zone import)
; vell.ai. IN A ALIAS prod-alb
; app.vell.ai. IN A ALIAS prod-alb
; dev.vell.ai. IN A ALIAS dev-alb
; demo.vell.ai. IN A ALIAS demo-alb
; CNAME Records
www IN CNAME vell.ai.
docs IN CNAME d75e5c5rcdxz9.cloudfront.net.
templates IN CNAME d2s1me9tauxpal.cloudfront.net.
; ACM Validation
_d41b04043495d0e2788e5d93283cf803 IN CNAME _ad2281a368109e49a20aaaa0deb56136.mhbtsbpdnt.acm-validations.aws.
_f523bc5c502497008431c0b329aeb35f.www IN CNAME _29034740609e89ec88aadcc2e5d29fa0.mhbtsbpdnt.acm-validations.aws.
; SES DKIM (vell.ai)
gt24mvcjrlvwnswk7qq3fujtn52ziy3w._domainkey IN CNAME gt24mvcjrlvwnswk7qq3fujtn52ziy3w.dkim.amazonses.com.
rdxzhggd5tgqojccjeftmgnlxy57g6xb._domainkey IN CNAME rdxzhggd5tgqojccjeftmgnlxy57g6xb.dkim.amazonses.com.
rszsxr46tov2bvyvkxcegpzjxyaz5yf5._domainkey IN CNAME rszsxr46tov2bvyvkxcegpzjxyaz5yf5.dkim.amazonses.com.
; SES DKIM (email.vell.ai)
5jom4fld6ndco6ndosckgdvy2xbwkjsy._domainkey.email IN CNAME 5jom4fld6ndco6ndosckgdvy2xbwkjsy.dkim.amazonses.com.
tvm4uwaljbqtd4kkpnjuq6xqtdzhhpvv._domainkey.email IN CNAME tvm4uwaljbqtd4kkpnjuq6xqtdzhhpvv.dkim.amazonses.com.
vwxx2s45v567wxy4da5gl35d6pub5n3g._domainkey.email IN CNAME vwxx2s45v567wxy4da5gl35d6pub5n3g.dkim.amazonses.com.
; Mailchimp DKIM
k2._domainkey IN CNAME dkim2.mcsv.net.
k3._domainkey IN CNAME dkim3.mcsv.net.
; MX Records (Google Workspace)
@ IN MX 1 aspmx.l.google.com.
@ IN MX 5 alt1.aspmx.l.google.com.
@ IN MX 5 alt2.aspmx.l.google.com.
@ IN MX 10 alt3.aspmx.l.google.com.
@ IN MX 10 alt4.aspmx.l.google.com.
; MX Records (SES subdomains)
email IN MX 10 feedback-smtp.us-east-1.amazonses.com.
bounce.email IN MX 10 feedback-smtp.us-east-1.amazonses.com.
; TXT Records
@ IN TXT "v=spf1 include:_spf.google.com include:amazonses.com ~all"
@ IN TXT "ahrefs-site-verification_8ea9066b619025833aec334e7d23fc91e97639e04ea215bb40f0e7d643d2f243"
email IN TXT "v=spf1 include:amazonses.com -all"
bounce.email IN TXT "v=spf1 include:amazonses.com ~all"
_dmarc IN TXT "v=DMARC1; p=quarantine; pct=100; rua=mailto:dmarc-reports@vell.ai; ruf=mailto:dmarc-reports@vell.ai; fo=1"
_dmarc.email IN TXT "v=DMARC1; p=quarantine; pct=100; rua=mailto:dmarc-reports@vell.ai; ruf=mailto:dmarc-reports@vell.ai; fo=1"
_amazonses.email IN TXT "4Lx5QefS6h+EPqqndsNurC5hmdh1zaKt3DzimWV+60k="
Document Version: 1.0 Created: 2026-01-05 Author: Claude (Vell AI Assistant)