Route 53 Flashcards
Route 53
is a managed Domain Name System
DNS
collection of rules and records which helps clients understand how to reach a server through its domain name
the most common DNS records in AWS
- A: hostname to IPv4
- AAAA: hostname to IPv6
- CNAME: hostname to hostname
- Alias: hostname to AWS resource
how does Route 53 work
We have a web browser and it wants to access out application, which is on an application server with IPv4
32.45.67.85.
Web browser is going to make a DNS request to our DNS system which is Route 53 in this instance. In the request the browser will tell Route 53: tell me where this hostname is located - myapp.mydomain.com.
Route 53 will say: Here is the IP you should be looking at. It is 32.45.67.85. This is an A record because we have mapped a host name to a IP.
The web browser has finished the DNS request and knows the target IP, can do an HTTP request, and the server will then receive the request and say okay, here is your HTTP response.
Route 53 can use different kinds of domains.
- It can use public domain names that you own or buy.
2. private domain that can only be resolved by your instances within your VPC.
check IP for domain name
nslookup on Windows
dig on Linux
TTL
a way for web browsers and clients to cache the response of a DNS query, in order not to overload the DNS.
how TTL works
we’re going to make a DNS request to Route 53 for myapp.mydomain.com.
Route 53 will send back the IP: 32.45.67.85, which is a A record, because it’s domain to IP. And then, on top of it,
it’s going to also send back the TTL, for ex., 300 seconds
Web browser will cache that DNS request and the response for the TTL duration. And any time we request myapp.mydomain.com, the web browser will just look internally. If we have something changing on the Route 53 side, for example, the IP back is now 195.23.45.22,
then our cache will be updated, but only after the TTL has expired.
When you make a change on the Route 53 DNS Record
that doesn’t mean necessarily that all the clients will see that change right away. They have to wait for the TTL to expire before they can see that change.
high vs low TTL
high TTL is considered to be something like 24 hours. You get way less traffic on your DNS, so Route 53 will have less queries because records are cached for 24 hours. But there’s a possible chance of out-dated records, especially if you change them on Route 53.
Low TTL, for example, 60 seconds, will incur a lot more traffic on your DNS, but also, the records will be out-dated for less time. And it will be very easy to change the records.
TTL is something you have to make a decision on, based on what your application is and does.
each DNS record must specify
TTL
use case for a CNAME record and an Alias record
if you have an AWS Resource that could be a Load Balancer or CloudFront, it will expose a AWS hostname.
For example, if I have a Load Balancer, it could be lb1-1234.us-east-two.elb.amazonaws.com. So, this is your URL that Amazon Web Services controls, but you don’t.
What you want to do is to expose your application as myapp.mydomain.com, but you want it to point to your Load Balancer. This is why we need Alias or CNAME
CNAME
points a hostname to any other hostname, only work for non root domain, so it has to be something.mydomain.com. It cannot just be mydomain.com.
Alias
very similar to CNAME, but they point a hostname to an AWS Resource. It has to be app.mydomain.com to blabla.amazonaws.com.
It has to point to an AWS Resource, specifically, whereas CNAME could point to anything. The great thing about Aliases is that they work for both root domain and non root domain.
On top of it, Alias records are free of charge and have capability for native health checks.
Alias OR CNAME choice
if you have a root domain then you have to use an Alias. If it’s a non root domain, you can use either,
and usually it’s always going to be an Alias anyway,
because you point to an AWS Resource which will be free to charge and better.
Simple routing policy
We have a web browser and Route 53. We want to know where’s foo.example.com is. Route 53 will reply, it is an A record and the IP is 11.22.33.44.
So we just use it, when we need to redirect to a single resource with simple routing,
You can return multiple values to a client, in which case the client sees all the values and the clients will choose a value at random to use.
Simple routing policy restriction
you cannot attach health checks.
Weighted routing policy
controls the percentage of the requests that will go to specific endpoints.
We have Route 53, and we’re going to assign different IP addresses, and we’re going to assign weight, for ex., 70, 20, and 10. The sum does not have to be 100
Now our clients will send 70% of the traffic to the first instance, 20% of the traffic to the second instance and 10% of the traffic to the last instance.
Weighted routing policy Use case
To deploy a new application version and you wanted to test only 1% of the traffic on this new app version
where it’s helpful to split traffic between two regions
You can also associate this with health checks, so if one EC2 instance is not working properly, no traffic will be sent to it.
Latency routing policy
Latency will redirect the user to the server that has the least latency close to us. Helpful when latency for the users is your priority.
Latency is going to be evaluated in terms of the user’s proximity to the AWS region.
Latency routing policy example
Say we have two EC2 instances, one on the west of the United States and one in Sydney in Australia.
And we have all these users around the world. Based on the Latency Routing Policy, the four users on the left-hand side of the map will be redirected to the US,
while my users on the right-hand side of the map will be redirected to Australia.
health checks
if an instance is unhealthy, just like an ELB, Route 53 will not send traffic to that instance. An instance is an IP or URL, is deemed unhealthy if it fails three health checks in a row, and it’s deemed healthy if it passes
three health checks in a row.
default health check interval
30 second
fast health check
10 seconds, but those will lead to higher cost.
health check options
HTTP, TCP, HTTPS health checks.
when you use HTTPS health checks, you’d get no SSL certificate verification
health checks integration
you can intregrate these health checks with CloudWatch
failover routing policy
we have Route 53 in the middle, and we have two EC2 instances, for example.
One will be called a primary EC2 instance, and the other one will be a secondary EC2 instance meant to be used only if the primary fails. The second one is used then for disaster recovery.
Route 53 will have a health check associated with the primary record. In case that health check fails, automatically, Route 53 will failover to the secondary instance when there is a DNS query.
So when our web browser does a DNS request,
the answer that Route 53 will give it is either the primary if the health check works, but if the health check doesn’t pass, then automatically Route 53 is smart enough to send back the secondary disaster recovery response back to the web browser.
In the failover policy we must use
a health check.
mandatory
Geo location routing policy
routing based on user location
We can say: All the traffic that comes from the U.K.
should go to 11.22.33.44, whereas all the traffic
that comes from France should go to 22.33.44.55,
and the default says if the traffic is not originating from the U.K. or France, then the default response is going to be 33.44.55.66.
multi value routing policy
when you want to route traffic through multiple resources and you want to also associate Route 53 health checks with our records. So it’s some sort of improvement over simple routing policy. It will return up to eight healthy records for each multi value query, even if you have 50 records in the backend.
And although it looks like a good replacement for ELB,
it is not, it’s not a substitute, it’s different. But it really helps to do some kind of load balancing as well on the client side.
multi value routing policy example
we’ll have example.com, A Record, we’ll have three different values and all these values will be associated with a health check
And the idea is that if one of these instances stops serving traffic the Route 53 will not send back the value of that to the clients but the other two will still be happening.
Route53 is also a registrar
It’s an organization that manages the reservation of internet domain names.
So we can buy domain names on a registrar and on AWS.
DNS is not the same as domain registrar!!!
how to use a third party domain registrar with AWS Route53
if you buy your domain on another website, you are still able to use Route53 to define all the rules
- create a hosted zone in Route53
- update the name server, so NS records, on the third party website to use the Route53 name servers. For ex., on Google you use the Google Domain name servers, or I can use custom name servers.
You have purchased “mycoolcompany.com” on the AWS registrar and would like for it to point to lb1-1234.us-east-2.elb.amazonaws.com . What sort of Route 53 record is NOT POSSIBLE to set up for this?
CNAME
The DNS protocol does not allow you to create a CNAME record for the top node of a DNS namespace (mycoolcompany.com), also known as the zone apex
You have deployed a new Elastic Beanstalk environment and would like to direct 5% of your production traffic to this new environment, in order to monitor for CloudWatch metrics and ensuring no bugs exist. What type of Route 53 records allows you to do so?
Weighted allows you to redirect a part of the traffic based on a weight (hence a percentage). It’s common to use to send a part of a traffic to a new application you’re deploying
After updating a Route 53 record to point “myapp.mydomain.com” from an old Load Balancer to a new load balancer, it looks like the users are still not redirected to your new load balancer. You are wondering why…
DNS records have a TTL (Time to Live) in order for clients to know for how long to caches these values and not overload the DNS with DNS requests. TTL should be set to strike a balance between how long the value should be cached vs how much pressure should go on the DNS.
You want your users to get the best possible user experience and that means minimizing the response time from your servers to your users. Which routing policy will help?
Latency will evaluate the latency results and help your users get a DNS response that will minimize their latency (e.g. response time)
You have a legal requirement that people in any country but France should not be able to access your website. Which Route 53 record helps you in achieving this?
Geo Location
You have purchased a domain on Godaddy and would like to use it with Route 53. What do you need to change to make this work?
Create a public hosted zone and update the 3rd party registrar NS records
Private hosted zones are meant to be used for internal network queries and are not publicly accessible. Public Hosted Zones are meant to be used for people requesting your website through the public internet. Finally, NS records must be updated on the 3rd party registrar.
