Route53

 
I. What is DNS?
  • Domain Name System which translates the human friendly hostnames into the machine IP address
  • wwwgoogle.com => 172.217.18.36
  • DNS is the backbone of the internet
  • DNS uses hierarchical naming structure


DNS Terminologies
  • Domain Registrar: Amazon Route53, GoDaddy, ...
  • DNS Records: A, AAAA, CNAME, NS, ...
  • Zone file: contains DNS records
  • Name Server: resolves DNS queries ( Authoritative or Non-Authoritative)
  • Top Level Domain (TLD): .com, .us, .in, .gov, .org, ...
  • Second Level Domain (SLD): amazon.com, google.com

How DNS Works?


II. Route 53 Overview
Amazon Route 53
  • A hightly available, scalable, fully managed and Authoritative DNS
    • Authoritative = the customer (you) can update the DNS records
  • Route 53 is also a Domain Registrar
  • Ability to check the health of your resources
  • The only AWS service which provides 100% availability SLA
  • Why Route 53? 53 is a reference to the tranditional DNS port
Route 53 - Records
  • How you want to route traffic for a domain
  • Each record contains:
    • Domain/ suddomain Name - e.g., example.com
    • Record type - e.g., A or AAAA
    • Value - e.g., 12.34.56.78
    • Routing policy - how Route 53 responds to queries
    • TTL - amount of time the record cached at DNS Resolvers
  • Route 53 supports the following DNS record types:
    • (must know) A / AAAA / CNAME / NS
    • (advanced) CAA / DS / MX / NAPTR / PTR / SOA / TXT / SPF / SRV
Route 53 - Record Types
  • A - maps a hostname to IPv4
  • AAAA - maps a hostname to IPv6
  • CNAME - maps a hostname to another hostname
    • The target is domain name which must have an A or AAAA record
    • Can't create a CNAME record for the top node of a DNS namespace (Zone Apex)
    • Example: you can't create for example.com, but you can create for www.example.com
  • NS - Name Servers for the Hosted Zone
    • Control how traffic is routed for a domain
Route 53 - Hosted Zones
  • A container for records that define how to route traffic to a domain and its subdomains
  • Public Hosted Zones - contains records that specify how to route traffic on the internet (public domain names) application1.mypublicdomain.com
  • Private Hosted Zone - contain records that specify how you route traffic within one or more VPCs (private domain names) application1.company.internal
  • You pay 0.5$ per month per hosted zone
Route 53 - Public vs Private Hosted Zones

III. Route 53 - Registering a domain

IV. Route 53 - Creating our first records

V. Route 53 - EC2 Setup
VI. Route 53 - Records TTL (Time to Live)
  • Hight TTL  - e.g., 24hr 
    • Less traffic on Route 53
    • Possibly outdated records
  • Low TTL - e.g., 60s
    • More traffic on Route 53 ($$)
    • Records are outdated for less time
    • Easy to change records
  • Except for Alias records, TTL is mandatory for each DNS records
VI. Route 53 - CNAME vs Alias
CNAME vs Alias
  • AWS Resources (Load Balancer, CloudFront...) expose an AWS hostname:
    • ib1-1234.us-east-2.elb.amazonaws.com and you want myapp.mydomain.com 
  • CNAME:
    • Points a hostname to any other hostname (app.mydomain.com => blabla.anything.com)
    • ONLY FOR NON ROOT DOMAIN (aka: something.mydomain.com)
  • Alias:
    • Points a hostname to an AWS resource (app.mydomain.com => blabla.amazonaws.com)
    • Works for ROOT DOMAIN and NON ROOT DOMAIN (aka mydomain.com)
    • Free of charge
    • Native health check
Route 53 - Alias Records
  • Maps a hostname to an AWS resource
  • An extension to DNS functionality
  • Automatically recognizes changes in the resource's IP addresses
  • Unlike CNAME, it can be used for the top Node of a DNS namespace (Zone Apex), e.g.: example.com
  • Alias Record is always of type A/AAAA for AWS resources (IPv4 / IPv6)
  • You can't set the TTL


Route 53 - Alias Records Targets
  • Elastic Load Balancers
  • CloudFront Distributions
  • API Gateway
  • Elastic Beanstalk environments
  • S3 Websites
  • VPC Interface Endpoints
  • Global Accelerator accelerator 
  • Route 53 record in the same hosted zone
  • You cannot set an ALIAS for an EC2 DNS name
VII. Routing Policy
Route 53 - Routing Policies
  • Define how Route 53 responds to DNS queries
  • Don't get confused by word "Routing"
    • It's not the same as Load Balancer routing which routes the traffic
    • DNS does not route any traffic, it only responds to the DNS queries
  • Route 53 supports the following Routing Policies
    • Simple
    • Weighted
    • Latency based
    • Failover
    • Geolocation
    • Mutil-Value Answer
    • Geoproximity (using Route 53 Traffic Flow feature)
    • IP-based 
1. Routing Policy - Simple
  • Typically, route traffic to a single resource
  • Can specify multiple values in the same record
  • If multiple values are returned, a random one is chosen by the client
  • When Alias enabled, specify only one AWS resource
  • Can't be associated with Health Checks 
2. Routing Policy - Weighted
    • Control the % of the requests that go to each specific resource
    • Assign each record a relative weight


      • Weights don't need to sum up to 100
    • DNS records must have the sam name and type
    • Can be associated with Health Checks
    • Use cases: load balancing between regions, testing new application versions...
    • Assign a weight of 0 to a record to stop sending traffic to a resource
    • If all records have weight of 0, then all records will be returned equally
    3. Routing Policy - Latency-based
    • Redirect to the resource that has the least latency close to user
    • Super helpful when latency for users is a priority
    • Latency is based on traffic between users and AWS regions
    • Germany users may be directed to the US (if that's the lowest latency)
    • Can be associated with Health Checks (has a failover capability)
    4. Routing Policy - Failover

    5. Routing Policy - Geolocation
    • Different from Latency-based!
    • This routing is based on user location
    • Specify location by Continent, Country or by US State (if there's overlapping, most precise location selected)
    • Should create a "Default" record (in case there's no match on location)
    • Use cases: website localization, restrict content distribution, load balancing, ...
    • Can be associated with Health Checks
    6. Routing Policy - Geoproximity
    • Route traffic to your resources based on the geographic location of users and resources
    • Ability to shift more traffic to resources based on the defined bias
    • To change the size of the geographic region, specify bias values:
      • To expand ( 1 to 99 ) - more traffic to the resource
      • To shrink (-1 to -99) - less traffic to the resource
    • Resources can be:
      • AWS resources (specify AWS region)
      • Non-AWS resources (specify Latitude and Longitude)
    • You must use Route 53 Traffic Flow (advanced) to use this feature
    Geoproximity Routing Policy

    7. IP-based Routing
    • Routing is based on client' IP address
    • You provide a list of CIDRs for your client and corresponding endpoints/ locations (user-IP-to-endpoint mappings)
    • Use cases: Optimize performace, reduce network costs, ...
    • Example: route end users from a particular ISP to a specific endpoint

    8. Multi-Value
    • Use when routing traffic to multiple resources
    • Route 53 return multipe values/resources
    • Can be associated with Health Checks (return only values for healthy resouces)
    • Up to 8 healthy records are returned for each Multi-Value query
    • Multi-Value is not a substitute for having an ELB    
    VIII. Route 53 - Health Checks
    • HTTP Health Checks are only for public resources
    • Health Check => Automated DNS Failover:
      • Health Checks that monitor an endpoint (application, server, other AWS resource)
      • Health Checks  that monitor other health checks (Calculated Health Checks)
      • Health Checks tha monitor CloudWatch Alarms (full control!!) - e.g., throttles of DynamoDB, alarms on RDS, custom metrics, ... (helpful for private resources)
    • Health Checks are integrated with CW metrics

     Health Checks - Monitor an Endpoint
    • About 15 global health checkers will check the endpoin health
      • Healthy/ Unhealthy Threshold - 3 (default)
      • Interval - 30sec ( can set to 10 sec - higher cost)
      • Supported protocol: HTTP, HTTPS and TCP
      • if > 18% of health checkers report the endpoint is healthy, Route 53 considers it Healthy. Otherwise, it's Unhealthy.
      • Ability to choose which locations you want Route 53 to use
    • Health Checks pass only when the endpoint responds with the 2xx or 3xx http status codes
    • Health Checks can be setup to pass / fail based on the text in the first 5120bytes of the response
    • Config your Router/ firewall to allow incoming requests from Route 53 Health Checker

    Route 53 - Calculated Health Checks
    • Combine the results of multiple Health Checks into the single Health Check.
    • You can use OR, AND, or NOT
    • Can monitor upto 256 Child Health Checks
    • Specify how many of the health checks need to pass to make the parent pass
    • Usage: perform maintenance to your website without causing all health checks to fail
        Health Checks - Private Hosted Zones
        • Route 53 health checkers are outside the VPC
        • They can't access private endpoints (private VPC or on-premises resource)
        • You can create a CloudWatch Metric and associate a CloudWatch Alarm, then create a health check that checks the alarm itself
        IX. Route 53 - Health Checks hands on
          X. Route 53 - Traffic flow
          • Simplify process of creating and maintainng records in large and complex configurations
          • Visual editor to manage complex routing edcision trees
          • Configurations can be save as Traffic Flow Policy
            • Can be applied to different Route 53 Hosted Zones ( differen domain names)
            • Supports versioning


          XI. 3rd Party Domains & Route 53
          1. Domain Registar vs DNS service
          • You buy or register your domain name with a Domain Registrar typically by paying annual charges (e.g., GoDaddy, Amazon Registrar Inc, ...)
          • The Domain Registrar usually provides you with a DNS service to manage your DNS records
          • But you can use another DNS service to manage your DNS records
          • Example: purchase  the domain from GoDaddy and use Route 53 to manage your DNS records

          2. GoDaddy as Registrar & Route 53 as DNS service
          3. 3rd party Registrar with Amazon Route 53
          • If you buy your domain on a 3rd party registrar, you can still use Route53 as the DNS service provider
            • Create Hosted Zone in Route 53
            • Update NS Records on 3rd party website to use Route 53 Name Servers
          • Domain Registrar != DNS Service
          • But every Domain Registrar usually come with some DNS features

            Comments

            Post a Comment

            Popular posts from this blog

            IAM & AWS CLI

            Image
             I. IAM introduction: Users. Groups, Policies 1. IAM: Users & Groups IAM = indentity and Access Management, Global service. Root account create by default, shouldn't be used or shared (not best practice to use the root account) Users are people within organization, and can be grouped. Groups only contain users, not other groups. Users don't have to belong to a group, and user can belong to mutiple groups 2. IAM: Permissions Users or Groups can be assigned JSON ducuments called policies. These policies define the permissions of the users In AWS you apply the least privilege principle: don't give more permissions than a user needs. II. IAM Users & Groups Hands On create User  create or select one Group existed III. IAM Policies A policy is an object in AWS that, when associated with an identity or resource, defines their permissions. Permissions in the policies determine whether the request is allowed or denied. AWS Document :  Policies and permissions in IAM 1...
            Read more

            EC2 Fundamentals

            Image
              I. AWS Budget Setup Bills Free tier To get alerts about your upcomming costs, the best thing to do is to go into creating an AWS Budget. II. EC2 basics. 1. Amazon EC2. EC2 is one of the most popular of AWS's offering. EC2 = Elastic Compute Cloud = infrastructure as a service it mainly consists in the capbility of: Renting Virtual machines (EC2) Storing data on virtual drives (EBS) Distributing load across machines (ELB) Scaling the services using an auto-scaling group (ASG) Knowing EC2 is fundamental to understand how to Cloud works 2. EC2 rizing & and configuration options. Operation System (OS): Linux, MacOS, Window. How much compute power & cores (CPU)? How much ramdom-access memory(RAM) How much storage space: Network-attached (EBS &EFS) hardware  (EC2 instance storage) Network card: speed of the card, Public IP address. Firewall rules: security group Bootstrap script ( configure at the first launch): UC2 User Data 3. EC2 User Data it's possible to bootstrap ...
            Read more

            AWS Fundamentals: ELB + ASG

            Image
            I. Elastic Load Balacing overview 1. What is load balacing? Load Balances are servers that forward traffic to multiple servers(e.g., EC2 instances) downstream 2. Why use a load balacer? Spread load across multiple downstream instances Expose of single point of access (DNS) to your application Seamlessly hanle failures of downstream instances Do regular health checks to your instances Provide SSL termination (HTTPS) for your websites Enforce stickiness with cookies High availability across zones Separate public traffic from private traffic 3. Why use an Elastic load balancer? An Elastic load balancer is a managed load balancer AWS guarantees that it will be working AWS takes care of upgrades, maintenance, hight availability AWS provides only a few configuration knobs It costs less to setup your own load balancer but it will be a lot more effort on your end It's intergrated with many AWS offerings/ services EC2, EC2 Auto Scaling Groups, Amazon ECS AWS Certificate Manager (ACM), Cloud...
            Read more