AWS - Route 53

Posted on |

Rout53 Overview

It’s the entry point of distributed infra at backend.

DNS in nutshell

History,

  1. static DNS
  2. dynamic DNS
    • same domain name, based on user source or other properites, assign different resolving result
  3. Policy based

Terminology

Traffic Policy : Rules routing to points
Traffic Policy Record : domain name with an applied traffic policy version.

Hosted Zones:
DNS Records: route request to the correct endpoint address

Steps to use Route53

  1. Register your domain name with Route53 or other registra (needs some process to update)
  • WHOIS query privacy protect
  • Can transfer between aws account
  1. Create Hosted Zone
  • Option1: Create Public Hosted Zone
    • For domain registered with AWS, Hosted Zone is created automatically.
    • It means you bind your domain name with AWS name servers.
  • Option2: Create Private Hosted Zone
    • Benefit: 1) any name 2) hide your server ip address by refer the domain name

  1. DNS Records

    • Record Name
      • you can have root domain as one record (yoursite.com)
      • you can create subdomain as one record (www.yoursite.com)
      • you can create wildcard domain as record ( *.yourwebsite )
    • Record Type :
      • NS : name resolve
      • IP
      • CName (pointing to other record name)
      • Alias – used to pointing to other aws services; ELB, Elastic Beanstalk; CloudFront (alternative domain name must match route53 hosted domain name); S3 (bucketname must match route53 hosted domain name)
      • MX Record: email
      • TXT record: email validation, web analytics; certificates

  2. Delegate to Route53

    • For Route53 registered domain, automatically created record with
      • Record name = your domain Name
      • Record Type: NS
      • Value: delegation set list of AWS Route53 name servers specified for you (every customer has different set)
    • For name with other registra, change from other registra’s console to update name servers to AWS’s delegation Set

  3. Wait – for domain registered with other registra , wait 48 hours.

Useful tools to debug

1
2
3
4
5
6
7
8
# check if the domain can be correctly resolved
$ dig google.com

# Check if the name server is correctly configured
$ dig NS google.com

# trace the sequence of the name resolve result; from root to com to google.com
$ dig NS google.com +trace

Private DNS

Option1,

  • Set up unbound inside VPS as the forwarder
  • request from inside on-premise will go through forwarder to +2 resolver and routing to Route53 and then comming back

Option2,

  • Set up AWS Active Directory as the forwarder

Advanced features

Check health

  • check one endpoint ; check Cloudwatch alarms ; check other health checks;
  • by checking health to implement failover : Active/Active ; Active/Standby
  • New feature(2015): calculated health check, can combine multiple health check result (combine and, or calculation results).
    • also support latency

Dynamic Route

  • Routing internet trafic to your aws resources (Simple; Latency based; GEO based; Weighted Round Robin; Failover)

Traffic Flow

  • Graphic Tool to help define the Route53 policy

Bills

  • DNS service

    • Pays for hosted zones you configure and number of queries Route 53 answer

  • Route53 service limites (50 domain per account)

Use Cases

Warner Bros: they have a lot of domains (>25000), some zone has more than 10,000 records

  • Set up more than 150 account to isolate application & Bill and Security
  • Move from on-promise solution (Bind9). Suffer from HA, Failover,lack API (automation), lack Self Serice feature
  • Migrate key points
    • Upper some of Rout53 limite (hosted zone per account, etc)
    • Plan & Tools ; Tool to batch migrate, tool to validate
    • Lower the TTL during migration
    • Opensourced Tool : cli53
    • Upfront investment in automation result in a smooth, error free migration.
  • Review: Catchpoint DNS monitoring result, huge improvement

Migrate existing DNS to Route53

Correct Sequence to garantee availability

  1. import DNS to Route53
    • manually or use cli53
  2. Delegate to Route53
    • after import each zone will have unique nameserver, use command line (registar specifed) to apply delegate to Route53 name server
    • dig +trace to verify the delegation is successful
  3. Transfer Domain to AWS Route53
    • registar specific command to transfer the domain

Hybrid environment

https://youtu.be/XXUYbdbCb6Q

  • Option 1, make use of unbound service as DNS forwarder (linux yum install)
  • Option 2, make use of AWS Active Directory service as forwarder

References

  • 071.mp4 072.mp4 – Overview

https://youtu.be/QU7FQBgL0Po

  • DNS Demystified: Amazon Route 53

https://youtu.be/AAq-DDbFiIE

  • Migrate to Route53 (??? Resolver forwarder)

https://youtu.be/XXUYbdbCb6Q

Reward Makes Perfect
0%