Tags Archives: dns

AWS Route 53

Route 53 is the AWS DNS service.

 

Highly available
scalable
fully-managed
authoritative DNS – you the customer can update the dns records
is also a domain registrar

 

AWS provides 100% SLA guarantee availability

 

You define how you route traffic to a specific domain.

 

domain name
record type eg A or AAAA
value ie ip number
routing policy
TTl – time to live for the record caching time

 

different record types

 

A, AAA, CNAME, NS – essential to know

 

A – maps hostname to ipv4 address
AAAA – maps hostname to ipv6 address
CNAME – maps hostname to another hostname
you cannot create CNAMES for top record of domain eg example.com but you can for eg www.example.com

 

NS – the name servers for the hosted zone

 

Hosted Zones

 

are a container for dns records

 

 

public hosted zones

for internet available ips. Any client can request

 

private hosted zones

for not publicly available ips, within VPCs which can only be accessed within the subnet
this enables you to make ips resolvable within the private network ie internally, not publicly via internet.

 

 

otherwise they work the same way – public hosted and private hosted.

 

you pay 50c per month per hosted zone

 

 

from your CLI you can then check your domain registration and ip records with
nslookup or dig

 

do apt install bind-utils -y to install them if not installed yet on the machine.

 

dig <your domain name and machine>

 

nslookup <your domain name and machine>

 

 

 

TTL Time To Live

 

 

set in seconds

 

TTL: client will cache a lookup for the set TTL time period, this is to relieve DNS server from too much request and response traffic

 

high TTL:

 

less traffic, lower costs
but possibly not up-to-date records

 

low TTL:

 

more traffic, more costly
records more likely to be fully accurate

 

 

CNAME vs Alias

 

you need to use Alias for mapping to an alias hostname, not CNAME!

 

sometimes you may want to map a hostname to another hostname

 

CNAME does this, but only for non-root domains ie eg www.example.com not example.cmm
The CNAME maps to the root domain name only!

 

Alias: this works for both root and non-root domains
always either A for ipv4 or AAAA for ipv6

 

you cannot set the TTL for Alias, this is set by Route 53 automatically

 

you can use as aliases things like

 

elastic load balancers ELB
CloudFront
API Gateways
Elastic Beanstalk
S3 websites
VPC interface endpoints
Global accelerator
Route 53 record IN THE SAME HOSTED ZONE

 

Important: You *cannot* set an ALIAS for an EC2 DNS name!

 

 

 

Route 53 routing policies

 

simple
weighted
failover
latency-based
geolocation
multi-value
geoproximity

 

you set the routing policy in the Route 53 Dashboard for the dns record

 

 

simple policy

 

you can specify multiple records in the same record but then a random one is chosen by the client

 

can’t be associated with health checks

 

 

weighted policy

 

you set a % of requests to go to each resource you specify

 

eg to different EC2 instances

 

to do this you assign each record a relative weight

 

the weights don’t need to add up to 100

 

but the DNS records involved must have same name and type

CAN be associated with Health Checks

use cases: load balancing between regions, testing new application versions

 

NOTE if you assign a weight of 0 to a record then the resource will not receive any traffic!

 

Also, if ALL records have a weight of 0 then all records will be equal! ie balanced responses

 

 

 

Latency-based

 

you want to redirect to the resource with the least latency, ie closest to us in terms of SPEED of internet

latency based on traffic between users and AWS Regions

 

so depends on traffic speed, not necessarily same as geographical closeness

 

Can use Health Checks

 

 

 

 

Health Checks

 

HTTP Health Checks are only for PUBLIC resources

 

If one region is down, then we can use a Health Check in Route 53.

 

These provide for automated DNS failover

 

the check can be against:

an endpoint eg app server

an other health check eg calculated health checks

 

cloudwatch alarms eg for dynamodb, rds

 

To pass an HTTP health check the endpoint must respond with 2xx or 3xx status codes

 

you can combine up to 256 health checks into a single health check using OR, AND, or NOT 

 

and define how many must pass 

 

How to perform health checks for private hosted zones

use a CloudWatch Metric and Alarm then create a Health Check that monitors the alarm!

 

 

 

 

Failover Policy (Active-Passive Failover)

 

you associate your DNS record with a health check – essential for this

 

but you can only have one primary and one secondary record

 

so, you need to first set up your health check for each machine,

 

then you reference them in your dns records

 

policy: set to failover, and the type: primary or secondary

 

and then associate the respective health check you have defined.

 

then do the same for the secondary record and instance.

 

 

 

Geolocation

 

this is where user is physically based

 

use cases:

 

website localization
restrict content distribution
simple load balancing method

 

Geoproximity

 

enables you to specify “bias values” for specific geo regions

 

1- 99: more traffic to the resource
-1 to -99: less traffic to the resource

 

can be for AWS resources, specifying aws-region or non-AWS resources , specified by latitude/longitude

 

exam tip:

 

this can be useful when you need to shift traffic from one region to another

 

 

 

Multi-Value Policy

 

multi-value or multi-value answer is similar to an ELB but it is a client-side load balancer in effect.

 

used to route traffic to multiple resources but the client chooses which to use

 

can associate with Health Checks – up to 8 checks for each multi-value query

 

NOT a substitute though for an ELB!

 

 

 

Route 63 Traffic Policies

 

You can use these to define your DNS policy.

 

 

These make it easier to set policies.

 

Continue Reading