Route 53 Section

What is DNS

• Domain Name System which translates the human friendly hostnames into the machine IP address
• www.google.com => 172.2.17.18.36
• DNS is the backbone of the internet
• DNS uses hierachical naming structure

  DNS Terminologies

• Domain Registrar: Amazon Route 53, GoDaddy, …
• DNS Records: A, AAAA, CNAME, NS, …
• Zone file: contains DNS records
• Name Server: resolves DNS queries (Authoritative or Non- Authoritative)
• Top Level Domain (TLD): .com, .us, .in, .gov, .org, …
• Second Level Domain (SLD): amazon.com, google.com, …

  How DNS works

• Web browser -> Local DNS Server:
  • Root DNS Server managed by ICANN (res: .com NS 1.2.3.4)
  • TLD DNS Server managed by IANA (res: domain NS 5.6.7.8)
  • SLD DNS Server managed by Domain Registrar (res: domain IP)

    Amazon Route 53

• A highly available, scalable, fully managed and Authoritative DNS
  • Authoritative = the customer (you) can update the DNS records
• Route 53 is also a Domain Registrar
• Ability to check the health of your resources
• The only AWS service which provide 100% availability SLA
• Why Route 53? 53 is a reference to the traditional DNS port

  Route53 - Records

• How you want to route traffic for a domain
• Each record contains:
  • Domain/subdomain Name: example.com
  • RecordType: e.g A or AAAA
  • Value: 12.34.56.78
  • Routing Policy: How Route 53 responds to queries
  • TTL: amount of time the record cached at DNS resolvers
• Route 53 supports the following DNS record types:
  • A / AAAA / CNAME / NS
  • CAA / DS / MX / NAPTR / PTR / SOA / TXT / SPF / SRV

    Route 53 - Record Types

• A: maps a hostname to Ipv4
• AAAA: maps a hostname to IPv6
• CNAME: maps a hostname to another hostname
  • The target is a domain name which must have an A or AAAA record
  • Can’t create a CNAME record for the top node of a DNS namespace (Zone Apex)
  • Exmaple: you can’t create for example.com but you create for www.example.com
• NS: name Server for the hosted zone
  • Control how traffic is routed for a domain

    Route 53 - Hosted Zones

• A container for records that define how to route traffic to a domain and its subdomains
• Public Hosted Zone: contains records that specfy how to route traffic on the Internet (public domain names)
• Private Hosted Zones: contain records that specify how you route traffic within one or more VPCs (private domain names) application 1.company.internal
• You pay $0.50 per month per hosted zone

  Route 53: Public vs. Private Hosted Zone

• Public Hosted Zone: internet access
• Private Hosted Zone: unable to access from internet: EC2 instances, RDS instance

  Route 53 - Records TTL (Time To Live)

• High TTL - e.g 24 hr
  • less traffic on Route 53
  • Possibily outdated records
• Low TTL - e.g 60 sec
  • More traffics on Route 53 ($$)
  • Records are outdated for less time
  • Easy to change records
• Except for Alias records, TTL is mandatory for each DNS record

  CNAME vs Alias

• AWS Resources (Load Balancer, CloudFront…) expose an AWS hostname:
  • b1-1234.us-east-2.elb.amazonaws.com and you want myapp.mydomain.com
• CNAME:
  • Points a hostname to any other hostname. (app.mydomain.com => bla.bla.anything.com)
  • Only for non root domain (aka. something.mydomain.com)
• Alias:
  • Points a hostname to an AWS Resource
  • Works for Root domain and non root domain (aka mydomain.com)
  • Free of charge
  • Native health check

    Route 53 - Alias Records

• Maps a hostname to an AWS resource
• An extension to DNS functionality
• Automatically recognizes changes in the resource’s IP addresses
• Unlike CNAME, it can be used for the top node of a DNS namespace (zone Apex), e.g: example.com
• Alias Record is always of type A/AAAA for AWS resources (IPv4/IPv6)
• You can’t set the TTL

  Route 53 - Alias REcords target

• Elastic Load Balancers
• CloudFront Distributions
• API Gateway
• Elastic Beantalk environments
• S3 Websites
• VPC Interface Endpoints
• Global Accelerator accelerator
• Route 53 record in the same hosted zone
• You cannot set an ALIAS record for an EC2 DNS name

  Route 53 - Routing policies

• Define how Route 53 responds to DNS queries
• Don’t get confused by the word “Routing”
  • It’s not the same as load balancer routing which routes the traffic
  • DNS does not route any traffic, it only responds to the DNS queries
• Route 53 support the following Routing policies
  • Simple
  • Weighted
  • Failover
  • Latency based
  • GeoLocation
  • Multi-Value Answer
  • Geoproximity (using Route 53 Traffic Flow feature)

    Routing Policies - Simple

• Typically route traffic to a single resource
• Can specify multiple values in the same record
• If multiple values are returned, a random one is chosen be the client
• When Alias enabled, specify only one AWS resource
• Can’t be associated with Health Checks

  Routing Policies – Weighted

• Control the % of the requests that go to each specific resource
• Assign each record a relative weight
  • traffic(%) = Weight for a specific record / sum all the weights for all records
  • Weights don’t need to sum up to 100
• DNS records must have the same name and type
• Can be associated with Health Checks
• Use cases: Load balancing between regions, testing new application versions…
• Assign a weight of 0 to a record to stop sending traffic to a resource
• If all records have weight of 0, then all records will be returned equally

  Routing Policies - Latency based

• Redirected to the resource that has the least latency close to us
• Super helpful when latency for users is a priority
• Latency is based on traffic betwwen users and AWS Regions
• Germany users may be directed to be the US (if that’s the lowest latency)
• Can be associated with Health Checks (has a failover capability)

  Route 53 - Health Checks

• HTTP Health Checks are only for public resources
• Health Check => Automated DNS Failover:
  • Health checks that monitor an endpoint (application, server, other AWS resource)
  • Health checks that monitor other health checks (Calculated Health Checks)
  • Health checks that monitor CloudWatch Alarms (full control !!) - e.g throttles of DynamoDB, alarms on RDS, custom metrics, … (helpful for private resources)
• Health Checks are integrated with CW metrics

  Health Checks – Monitor an Endpoint

• About 15 global health checkers will check the endpoint health
  • Health/Unhealthy Threshold - 3 (default)
  • Interval - 30 sec (can set to 10 sec - higher cost)
  • Supported protocol: HTTP, HTTPS and TCP
  • If > 18% of health checkers report the endpoint is health, Route 53 considers it Health. Otherwise, it’s Unhealty
  • Ability to choose which locations you want Route 53 to use
• Health Checks pass only when the endpoint respond with the 2xx and 3xx status codes
• Health Checks can be setup to pass / fail based on the text in the first 5120 bytes of the response
• Configure you router/firewall to allow incoming requests from Route 53 Health Checkers

  Route 53 - Calculated health checks

• Combine the results of multiple Health Checks into a single Health Check
• You can use Or, AND, or NOT
• Can monitor up to 256 Child Health Checks
• Specify how many of the health checks need to pass to make the parent pass
• Usage: perform maintenance to your website without causing all health check to fail

  Health Checks – Private Hosted Zones

• Route 53 health checkers are outside the VPC
• They can’t access private endpoints (private VPC or on-premises resource)
• You can create a CloudWatch Metric and associate a CloudWatch Alarm, then create a Health Check that checks the alarm itself

  Routing Policies - Failover (Active - Passive)

  

  Routing Policies Geolocation

• Different from latency-based!
• This routing is based on user location
• Specify location by COntinent, Country or by US State (if there’s overlaping, most precise location selected)
• Should create a “Default” record (in case there’s no match on location)
• Use cases: website localization, restrict content distribution, load balancing, …
• Can be associated with Health Checks

  Routing Policies – Geoproximity

• Route traffic to your resources based on the geographic location of users and resources
• Ability to shift more traffic to resources based on the defined bias
• To change the size of the geographic region, specify bias values
  • To expand ( 1 to 99): more traffic to resource
  • To shrink (-1 to -99): less traffic to the resource
• Resources can be:
  • AWS resources (specify AWS region)
  • Non-AWS resources (specify latitude and longitude)
• You must use Route 53 traffic flow to use this feature

  Routing Policies - Geoproximity

  

  Routing 53 - Traffic flow

• Simplify the process of creating and maintaining records in large and complex configurations
• Visual editor to manage complex routing decision trees
• Configurations can be saved as TRaffic Flow Policy
  • Can be applied to different Route 53 Hosted Zones (different domain names)
  • Supports versioning

    Routing Policies - Multi value

• Use when routing traffic to multiple resources
• Route 53 return multiple value/resources
• Can be associated with Health Checks (return only values for healthy resources)
• Up to 8 healthy records are returned for each Multi-Value query
• Multi-value is not a substitude for having an ELB

  Domain Registar vs DNS Service

• You buy or register you domain name with a Domain Registar typically by paying annual charges (e.g GoDaddy, Amazone Registar Inc, …)
• The Domain Registar ussually provides you with a DNS service to manage your DNS records
• But you can use another DNS service to manage your DNS records
• Example: purchase the domain from GoDaddy and use Route 53 manage your DNS records

  GoDaddy as Registrar & Route 53 as DNS Service

  

  3rd Party Registrar with Amazon Route 53

• If you buy your domain on a 3rd party registrar, you can still use Route 53 as the DNS Service provider
  1. Create a Hosted Zone in Route 53
  2. Update NS Records on 3rd party website to use Route 53 Name Servers
  3. Domain Registar != DNS Service
  4. But every Domain Registrar usually comes with some DNS features
• A record mapping to IPv4
• AAAA record mapping to IPv6
• CNAME records shortcuts to hostname
• CNAME ftp
• CNAME mail
• CNAME wwww google.com zone
• MX records how email work
• MX 10 mail
• MX 20 mail.other.domain
• TXT records — query txt, spam
• TTL 3600 Time to live , numeric value in seconds authoritative
• TTL 3600 Non-Authoritative
• TTL The time for which a DNS resolver caches a response is set by a value called the time to live (TTL) associated with every record. Amazon Route 53 does not have a default TTL for any record type.
• NS: how the root zone delegates control of .org to the .org registry