Post

AWS Router 53

Posted
By Leo đẹp trai 9 min read

Route 53 Section

What is DNS

  • Domain Name System which translates the human friendly hostnames into the machine IP address
  • www.google.com => 172.2.17.18.36
  • DNS is the backbone of the internet
  • DNS uses hierachical naming structure

    DNS Terminologies

  • Domain Registrar: Amazon Route 53, GoDaddy, …
  • DNS Records: A, AAAA, CNAME, NS, …
  • Zone file: contains DNS records
  • Name Server: resolves DNS queries (Authoritative or Non- Authoritative)
  • Top Level Domain (TLD): .com, .us, .in, .gov, .org, …
  • Second Level Domain (SLD): amazon.com, google.com, …

    How DNS works

  • Web browser -> Local DNS Server:
    • Root DNS Server managed by ICANN (res: .com NS 1.2.3.4)
    • TLD DNS Server managed by IANA (res: domain NS 5.6.7.8)
    • SLD DNS Server managed by Domain Registrar (res: domain IP) How DNS Work

      Amazon Route 53

  • A highly available, scalable, fully managed and Authoritative DNS
    • Authoritative = the customer (you) can update the DNS records
  • Route 53 is also a Domain Registrar
  • Ability to check the health of your resources
  • The only AWS service which provide 100% availability SLA
  • Why Route 53? 53 is a reference to the traditional DNS port

    Route53 - Records

  • How you want to route traffic for a domain
  • Each record contains:
    • Domain/subdomain Name: example.com
    • RecordType: e.g A or AAAA
    • Value: 12.34.56.78
    • Routing Policy: How Route 53 responds to queries
    • TTL: amount of time the record cached at DNS resolvers
  • Route 53 supports the following DNS record types:
    • A / AAAA / CNAME / NS
    • CAA / DS / MX / NAPTR / PTR / SOA / TXT / SPF / SRV

      Route 53 - Record Types

  • A: maps a hostname to Ipv4
  • AAAA: maps a hostname to IPv6
  • CNAME: maps a hostname to another hostname
    • The target is a domain name which must have an A or AAAA record
    • Can’t create a CNAME record for the top node of a DNS namespace (Zone Apex)
    • Exmaple: you can’t create for example.com but you create for www.example.com
  • NS: name Server for the hosted zone
    • Control how traffic is routed for a domain

      Route 53 - Hosted Zones

  • A container for records that define how to route traffic to a domain and its subdomains
  • Public Hosted Zone: contains records that specfy how to route traffic on the Internet (public domain names)
  • Private Hosted Zones: contain records that specify how you route traffic within one or more VPCs (private domain names) application 1.company.internal
  • You pay $0.50 per month per hosted zone

    Route 53: Public vs. Private Hosted Zone

  • Public Hosted Zone: internet access
  • Private Hosted Zone: unable to access from internet: EC2 instances, RDS instance

    Route 53 - Records TTL (Time To Live)

  • High TTL - e.g 24 hr
    • less traffic on Route 53
    • Possibily outdated records
  • Low TTL - e.g 60 sec
    • More traffics on Route 53 ($$)
    • Records are outdated for less time
    • Easy to change records
  • Except for Alias records, TTL is mandatory for each DNS record

    CNAME vs Alias

  • AWS Resources (Load Balancer, CloudFront…) expose an AWS hostname:
    • b1-1234.us-east-2.elb.amazonaws.com and you want myapp.mydomain.com
  • CNAME:
    • Points a hostname to any other hostname. (app.mydomain.com => bla.bla.anything.com)
    • Only for non root domain (aka. something.mydomain.com)
  • Alias:
    • Points a hostname to an AWS Resource
    • Works for Root domain and non root domain (aka mydomain.com)
    • Free of charge
    • Native health check

      Route 53 - Alias Records

  • Maps a hostname to an AWS resource
  • An extension to DNS functionality
  • Automatically recognizes changes in the resource’s IP addresses
  • Unlike CNAME, it can be used for the top node of a DNS namespace (zone Apex), e.g: example.com
  • Alias Record is always of type A/AAAA for AWS resources (IPv4/IPv6)
  • You can’t set the TTL

    Route 53 - Alias REcords target

  • Elastic Load Balancers
  • CloudFront Distributions
  • API Gateway
  • Elastic Beantalk environments
  • S3 Websites
  • VPC Interface Endpoints
  • Global Accelerator accelerator
  • Route 53 record in the same hosted zone
  • You cannot set an ALIAS record for an EC2 DNS name Alias Record target

    Route 53 - Routing policies

  • Define how Route 53 responds to DNS queries
  • Don’t get confused by the word “Routing”
    • It’s not the same as load balancer routing which routes the traffic
    • DNS does not route any traffic, it only responds to the DNS queries
  • Route 53 support the following Routing policies
    • Simple
    • Weighted
    • Failover
    • Latency based
    • GeoLocation
    • Multi-Value Answer
    • Geoproximity (using Route 53 Traffic Flow feature)

      Routing Policies - Simple

  • Typically route traffic to a single resource
  • Can specify multiple values in the same record
  • If multiple values are returned, a random one is chosen be the client
  • When Alias enabled, specify only one AWS resource
  • Can’t be associated with Health Checks Routing policices

    Routing Policies – Weighted

  • Control the % of the requests that go to each specific resource
  • Assign each record a relative weight
    • traffic(%) = Weight for a specific record / sum all the weights for all records
    • Weights don’t need to sum up to 100
  • DNS records must have the same name and type
  • Can be associated with Health Checks
  • Use cases: Load balancing between regions, testing new application versions…
  • Assign a weight of 0 to a record to stop sending traffic to a resource
  • If all records have weight of 0, then all records will be returned equally Routing Policies Weighted

    Routing Policies - Latency based

  • Redirected to the resource that has the least latency close to us
  • Super helpful when latency for users is a priority
  • Latency is based on traffic betwwen users and AWS Regions
  • Germany users may be directed to be the US (if that’s the lowest latency)
  • Can be associated with Health Checks (has a failover capability)

    Route 53 - Health Checks

  • HTTP Health Checks are only for public resources
  • Health Check => Automated DNS Failover:
    • Health checks that monitor an endpoint (application, server, other AWS resource)
    • Health checks that monitor other health checks (Calculated Health Checks)
    • Health checks that monitor CloudWatch Alarms (full control !!) - e.g throttles of DynamoDB, alarms on RDS, custom metrics, … (helpful for private resources)
  • Health Checks are integrated with CW metrics

    Health Checks – Monitor an Endpoint

  • About 15 global health checkers will check the endpoint health
    • Health/Unhealthy Threshold - 3 (default)
    • Interval - 30 sec (can set to 10 sec - higher cost)
    • Supported protocol: HTTP, HTTPS and TCP
    • If > 18% of health checkers report the endpoint is health, Route 53 considers it Health. Otherwise, it’s Unhealty
    • Ability to choose which locations you want Route 53 to use
  • Health Checks pass only when the endpoint respond with the 2xx and 3xx status codes
  • Health Checks can be setup to pass / fail based on the text in the first 5120 bytes of the response
  • Configure you router/firewall to allow incoming requests from Route 53 Health Checkers

    Route 53 - Calculated health checks

  • Combine the results of multiple Health Checks into a single Health Check
  • You can use Or, AND, or NOT
  • Can monitor up to 256 Child Health Checks
  • Specify how many of the health checks need to pass to make the parent pass
  • Usage: perform maintenance to your website without causing all health check to fail Calculate health checks

    Health Checks – Private Hosted Zones

  • Route 53 health checkers are outside the VPC
  • They can’t access private endpoints (private VPC or on-premises resource)
  • You can create a CloudWatch Metric and associate a CloudWatch Alarm, then create a Health Check that checks the alarm itself Privated Hosted Zones

    Routing Policies - Failover (Active - Passive)

    Routing Policies – Failover

    Routing Policies Geolocation

  • Different from latency-based!
  • This routing is based on user location
  • Specify location by COntinent, Country or by US State (if there’s overlaping, most precise location selected)
  • Should create a “Default” record (in case there’s no match on location)
  • Use cases: website localization, restrict content distribution, load balancing, …
  • Can be associated with Health Checks

    Routing Policies – Geoproximity

  • Route traffic to your resources based on the geographic location of users and resources
  • Ability to shift more traffic to resources based on the defined bias
  • To change the size of the geographic region, specify bias values
    • To expand ( 1 to 99): more traffic to resource
    • To shrink (-1 to -99): less traffic to the resource
  • Resources can be:
    • AWS resources (specify AWS region)
    • Non-AWS resources (specify latitude and longitude)
  • You must use Route 53 traffic flow to use this feature

    Routing Policies - Geoproximity

    Geoproximity Geoproximity

    Routing 53 - Traffic flow

  • Simplify the process of creating and maintaining records in large and complex configurations
  • Visual editor to manage complex routing decision trees
  • Configurations can be saved as TRaffic Flow Policy
    • Can be applied to different Route 53 Hosted Zones (different domain names)
    • Supports versioning

      Routing Policies - Multi value

  • Use when routing traffic to multiple resources
  • Route 53 return multiple value/resources
  • Can be associated with Health Checks (return only values for healthy resources)
  • Up to 8 healthy records are returned for each Multi-Value query
  • Multi-value is not a substitude for having an ELB

    Domain Registar vs DNS Service

  • You buy or register you domain name with a Domain Registar typically by paying annual charges (e.g GoDaddy, Amazone Registar Inc, …)
  • The Domain Registar ussually provides you with a DNS service to manage your DNS records
  • But you can use another DNS service to manage your DNS records
  • Example: purchase the domain from GoDaddy and use Route 53 manage your DNS records AWS DNS

    GoDaddy as Registrar & Route 53 as DNS Service

    3rd Party Registrar with Amazon Route 53

  • If you buy your domain on a 3rd party registrar, you can still use Route 53 as the DNS Service provider
    1. Create a Hosted Zone in Route 53
    2. Update NS Records on 3rd party website to use Route 53 Name Servers
    3. Domain Registar != DNS Service
    4. But every Domain Registrar usually comes with some DNS features
  • A record mapping to IPv4
  • AAAA record mapping to IPv6
  • CNAME records shortcuts to hostname
  • CNAME ftp
  • CNAME mail
  • CNAME wwww google.com zone
  • MX records how email work
  • MX 10 mail
  • MX 20 mail.other.domain
  • TXT records — query txt, spam
  • TTL 3600 Time to live , numeric value in seconds authoritative
  • TTL 3600 Non-Authoritative
  • TTL The time for which a DNS resolver caches a response is set by a value called the time to live (TTL) associated with every record. Amazon Route 53 does not have a default TTL for any record type.
  • NS: how the root zone delegates control of .org to the .org registry
Fullstack, Blogging, AWS
aws router53 DNS A AA CNAME MX TXT TTL NS Hosted Zones Geoproximity Traffic flow Routing Policies Geolocation Failover(Active - Passive) PrivateHosted Zones Health Checks
This post is licensed under CC BY 4.0 by the author.