Skip to content

Route 53

  • only service provide : 100% availability
  • fact:: 53 is reference tradition DNS port

A. Key concept

DNS

  • registrar : dns record stores in zone file
  • Naming Server : resolve dns queries
    • img_1.png

TTL

  • client cache the result from DNS server, for that that period locally.
  • hence wont query again till TTl expire.
  • eg: 24 hr, 60 sec
  • Domain/subdomain Name (example.com) + value (11.22.33.44)

namespace:

  • root domain .
  • top level domain TLD
  • second level domain SLD
  • sub domain
  • FQDN
  • URL
    • img_2.png
    • SLD/TLD === zone apex (eg: covid19survey.com)
    • cannot create CNAME for covid19survey.com 🎯

DNS Records

  • A : domain -> IPv4
  • AAAA : domain -> Ipv6
  • CNAME : domain -> doanother Domain (except root/TLD)
  • eg: xxxx.us-east-1.alb.com --> my-elb.com
  • NS : domain -> Name Server
  • Alias (AWS specific)
  • benefit : free + native health-check
  • eg:
    • domain --> aws resources 🎯
    • domain --> root domain + TLD (works)
    • domain --> another record in same hosted zone
    • domain --> CAN NOT : ec2-instance-DN ❌
    • domain --> CAN NOT :www.google.com (not aws resource) ❌
  • Configuring TTL not allowed, set bt R53 👈
  • Alias === [ A or AAAA + flag:alias=True ]
  • img_4.png
  • advanced: [ CAA / DS / MX / NAPTR / PTR / SOA / TXT / SPF / SRV ] - skip
  • PTR: resolves IP address to FQDN

AWS :: Hosted Zone

  • cost : .50/m
  • Container for DNS Record/s
  • define traffic routing for its domain, its sub-domains 👈
  • Type
  • public
    • internet traffic, resolves to public IP

  • private ( domainName eg: internal.example.com)

    • internal traffic within VPC, resolves to private IP
    • internal DNS management, secured, scalable.
    • if associated (1-2-M) it with non-default VPC/s, then need to enable (disabled by default): 🎯
    • DNS hostnames / enable DnsHostnames
    • DNS resolution / enable DnsSupport

  • img_3.png

  • img.png

C. R53::Routing policy

  • simple : domain -> [ip-1, domain-2, ...] multiple target,
  • randomly choose 1

  • irrespective of health 👈

  • weighted : domain -> [ip-1::Weight10, domain-2::Weight70, ...]

  • choose by weight

  • Latency : domain -> [ip-1::region-1, domain-2:region-2, ...] multiple target,

  • AWS will look for latency and pick one with low value.

  • img_1.png

  • failover : domain -> [ip-1::Primary, domain-2::Seconday, ...] multiple target,

  • primary until healthy, else secondary.

  • Geolocation : domain -> [ip-1::Country-1, domain-2::Country-2, domain-3::default,...] multiple target,

  • from client get Country.

  • Geo-proximity : domain -> [ip-1::bais-0, domain-2::bais-50, ...] multiple target,

  • shift more traffic to domain-2
  • Route traffic to your resources based on the geographic location of users and resources
  • img_1.png
  • create with UI for better visuality.

  • baise: -99 to 99

  • IP based : domain -> [ip-1::Client-IP-range/CIDR-1, domain-2::Client-IP-range/CIDR-2, ...]

  • choose by client_IP

  • Multi value : domain -> [ip-1, domain-2, ...] multiple target, randomly choose 1 (healthy)

  • similar to simple.

  • randomly choose 1 but healthy only 👈

  • 3rd party: route by goDaddy policy.

  • link goDaddy with R53,
  • just by updating NS record in R53 hosted-zone(public), with goDaddy DNs.
  • can use R53 then.
  • img.png

hands on

  • https://us-east-1.console.aws.amazon.com/route53/trafficflow/home?region=us-east-2#/
  • create from UI, :) 
    - launch Ec2-i1, i2, and i3  (in az1, az2,az3), with simple webapp
- create ALB
    - `alb-1-dns` : hostname/domainname
    - choose az1, az2, az3
    - create TG (tg-1)
        - sg : allow all HTTPs traffic
        - AZ1, az2, az3
        - regsister Ec2-i1, i2, and i3
    - routing and filter: 
        - Listener-1::No-contion : outside traffic on `http:80`  --> forward to --> `tg-1` 

- create hosted Zone  [Zone : hz.com ]
  - NS hz.com -> *****, ****, ****, **** some entry comes automatically once HZ created : alrady present
  - A + alias:F, ec2-1.com ->   ec2-1 public IP  
  - A + alias:F, ec2-2.com ->   ec2-2 public IP  
  - A + alias:F, ec2-3.com ->   ec2-3 public IP  
  - CNAME        abl.com --> alb-1-dns
  - A + alias:T, abl-alias.com --> now can provide another domain --> alb-1-dns ; FREE
  - CNAME        hz.com -->   alb-1-dns : ERROR
  - A + alias:T, hz.com --> alb-1-dns : WORKS

  // Rourting policies
  // SIMPLE
  -  record-id-1, A + alias:F, webapp1.com ->   ec2-1 public IP  SIMPLE 
  -  record-id-2, A + alias:F, webapp1.com ->   ec2-2 public IP  SIMPLE 
  -  record-id-3, A + alias:F, webapp1.com ->   ec2-3 public IP  SIMPLE
  // WEIGHTED
  -  record-id-11, A + alias:F, webapp2.com ->   ec2-1 public IP  WEIGHTED 10
  -  record-id-21, A + alias:F, webapp2.com ->   ec2-2 public IP  WEIGHTED 20
  -  record-id-33, A + alias:F, webapp2.com ->   ec2-3 public IP  WEIGHTED 70
  // LATENCY
  -  record-id-111, A + alias:F, webapp3.com ->   ec2-1 public IP  LATENCY us-east-1
  -  record-id-222, A + alias:F, webapp3.com ->   ec2-2 public IP  LATENCY us-east-1
  -  record-id-333, A + alias:F, webapp3.com ->   ec2-3 public IP  LATENCY us-west-2
  // failover
  -  record-id-1111, A + alias:F, webapp4.com ->   ec2-1 public IP  failover "primary",  R53:healthCheck-1
  -  record-id-2222, A + alias:F, webapp4.com ->   ec2-2 public IP  failover "seconday", R53:healthCheck-2 (optional)
  // Geolocation
  -  record-id-1111, A + alias:F, webapp5.com ->   ec2-1 public IP  Geolocation "ASIA",  
  -  record-id-2222, A + alias:F, webapp5.com ->   ec2-2 public IP  Geolocation "EUROPE"
  // Geo-proximity
  -  record-id-1111, A + alias:F, webapp6.com ->   ec2-1 public IP  Geo-proximity Bias-10  
  -  record-id-2222, A + alias:F, webapp6.com ->   ec2-2 public IP  Geo-proximity Bias-50
  // Multi-value
  -  record-id-1111, A + alias:F, webapp7.com ->   ec2-1 public IP Multi-value  R53:healthCheck-1 
  -  record-id-2222, A + alias:F, webapp7.com ->   ec2-2 public IP Multi-value  R53:healthCheck-1

- acess webapp:
  - diectly from ec2-i public IPS
  - add (A + alias:F) record and access
  - via ELB 
    - alb-1-dns
    - abl-alias.com
  - hz.com
  - Rourting policies demo : webapp[1,2,3,...7].com

D. R53 :: health Check

  • create health heck and use in DNS entries.

a. health checker : Endpoint

  • update sg to allow: runs outside private VPC
  • provide health endpoints.
  • set interval : 10 sec or 30 sec
  • img_7.png
  • eg: R53 alais record
  • point to ALB
  • health check point to ALB (Evaluated Health Check = True) 🎯

b. health checker : Caculated

  • choose : state of other health checks
  • AND OR NOT, etc. mix amd match.

c. health checker : CW Alarm state

  • create CW alarm, first.

  • select it. while creating R53 health check

  • img.png

  • img_1.png
  • img_2.png

E. Scenario

1. resolve Outside AWS dns 🎯

  • A retail company has connected its on-premises data center to the AWS Cloud via AWS Direct Connect.
  • The company wants to be able to resolve DNS queries
  • for any resources in the on-premises from the AWS VPC
  • for any resources in the AWS VPC from the on-premises
  • solution:
  • Create an outbound endpoint on Route 53 Resolver
    • and then Amazon Route 53 Resolver
    • can conditionally forward DNS queries to on-premises resolvers, via this endpoint.
  • Create an inbound endpoint on Route 53 Resolver
    • and then on-premises DNS resolvers
    • can conditionally forward DNS queries to Route 53 Resolver, via this endpoint.