Amazon Route 53 (AWS Certified Solutions Architect - Associate)

What is DNS?

• DNS = Domain Name System

• It translates human friendly hostnames into the machine IP address.

  ex: www.google.com => 172.17.18.36

• DNS is the backbone of the internet.

• DNS uses hierarchical naming structure

  .com

  example.com

  www.example.com

  api.example.com

DNS Terminologies

• Domain Registrar

  • This is where you are going to register your domain names.

  • Amazon Route 53, GoDaddy, etc.

• DNS Records

  • A, AAAA, CNAME, NS, etc.

• Zone File

  • It contains all DNS records.

  • This is how to match these hostnames to IPs or addresses.

• Name Servers

  • It resolves DNS queries (Authoritative or Non-Authoritative).

• Top Level Domain (TLD)

  • amazon.com, google.com

• 

How DNS works?

• Please refer this Udemy lecture.

---

Amazon Route 53

• A highly available, scalable, fully managed and Authoritative DNS

  • Authoritative = the customer (you) can update the DNS records

• Route 53 is also a Domain Registrar.

• It has ability to check the health of your resources.

• It is the only AWS service with 100% SLA.

• 53 in Route 53 refers to the traditional DNS port.

Route 53 - Records

• How you want to route traffic for a domain.

• Each record contains:

  • Domain/sub-domain name - ex: example.com

  • Record Type - ex: A, AAAA, etc.

  • Value - ex: 12.34.56.78

  • Routing Policy - how Route 53 responds to queries

  • TTL (Time To Live) - amount of time the record cached at DNS Resolvers

  • Route 53 supports the following DNS record types:

    • (must know) A / AAAA / CNAM / NS

    • (advanced) CAA / DS / MX / NAPTR / PTR / SOA / TXT / SPF / SRV

Route 53 - Record Types

• A - maps a hostname to IPv4

• AAAA - maps a hostname to IPv6

• CNAME - maps a hostname to another hostname

  • The target is a domain name which must have A or AAAA record

  • Can't create a CNAME record for top node of a DNS namespace (Zone Apex)

    ex: you can't create for example.com, but can create for www.example.com

• NS - Name Servers for the Hosted Zone

  • Control how traffic is routed for a domain

Route 53 - Hosted Zones

• A container for records that define how to route traffic to a domain and sub-domains.

• There are 2 types of Hosted Zones:

  • Public Hosted Zones - contains records that specify how to route traffic on the internet (public domain names)

    ex: application1.mypublicdomain.com

  • Private Hosted Zones - contains records that specify how you route traffic within one or more VPCs (private domain names)

    ex: application1.company.internal

• You pay $0.50 per month per hosted zone.

Route 53 - Records TTL

• High TTL - ex: 24hr

  • Less traffic on Route 53

  • Possibly outdated records

• Low TTL - ex: 60sec

  • More traffic on Route 53 (more cost)

  • Records are outdated for less time

  • Easy to change records

• Except for Alias records, TTL is mandatory for each DNS record

CNAME vs Alias

• AWS resource (Load Balancer, CloudFront, etc.) expose on AWS hostname:

  • lb1-1234.us-east-1.elb.amazonaws.com and we want myapp.mydomain.com

• We have 2 options:

  • CNAME

    • Points a hostname to any other hostname (app.mydomain.com => xyz.anything.com)

    • Only for non-root domain (app.mydomain.com and not for mydomain.com)

  • Alias

    • Points a hostname to an AWS resource (app.mydomain.com => xyz.amazonaws.com)

    • Works for root and non-root domain (mydomain.com)

    • Free of charge

    • Native health check

Route 53 - Alias Records

• Maps a hostname to an AWS resource.

• An extension to DNS functionality.

• Automatically recognizes changes in the resource's IP addresses.

• Unlike CNAME, it can be used for the top node of a DNS namespace (Zone Apex) ex: example.com

• Alias Record is always of type A/AAAA for AWS resources (IPv4/IPv6).

• You can't set the TTL.

Alias Records Targets

• Elastic Load Balancers

• CloudFront Distributions

• API Gateway

• Elastic Beanstalk environments

• S3 Websites

• VPC Interface Endpoints

• Global Accelerator

• Route 53 record in the same hosted zone

• Note:

  • You can not set an ALIAS record for an EC2 DNS name

Route 53 - Routing Policy

• Define how Route 53 responds to DNS queries.

• Don't get confused by the word 'Routing'.

  • It is not the same as Load Balancer routing which routes the traffic.

  • DNS does not route any traffic, it only responds to the DNS queries.

• Route 53 supports the following Routing Policies

  • Simple

  • Weighted

  • Failover

  • Latency based

  • Geolocation

  • Multi-Value Answer

  • Geoproximity (using Route 53 Traffic Flow feature)

Routing Policy - Simple

• Typically, route traffic to a single resource.

• Can specify multiple values in the same record.

• If multiple values are returned, a random one is chosen by the client.

• When Alias enabled, specify only one AWS resource.

• Can't be associated with Health Checks.

Routing Policy - Weighted

• Control the % of the requests that go to each specific resource.

• Assign each record a relative weight:

  • traffic (%) = Weight for a specific record / Sum of all the weights for all records

  • Weights don't need to sum up to 100

• DNS records must have the same name and type.

• Can be associated with Health Checks.

• Use cases: load balancing between regions, testing new application versions, etc.

• Assign a weight of 0 to a record to stop sending traffic to a resources.

• If all records have weight of 0, then all records will be returned equally.

Routing Policy - Latency based

• Redirect to the resource that has the least latency close to us.

• Super helpful when latency for users is a priority.

• Latency is based on traffic between users and AWS regions.

• Germany users may be directed to the US (if that's the lowest latency).

• Can be associated with Health Checks ( has a Failover capability).

Route 53 - Health Checks

• HTTP Health Checks are only for public resources.

• Health Check => Automated DNS Failover:

  • Health checks that monitor an endpoint (application, server, other AWS resource)

  • Health checks that monitor other health checks (Calculated Health Checks)

  • Health checks that monitor that monitor CloudWatch Alarms (full control) - ex: throttles of Dynamo DB, alarms on RDS, custom metrics, etc. (helpful for private resources)

• Health Checks are integrated with CloudWatch Metrics.

Health Checks - Monitor an Endpoint

• About 15 global health checkers will check the endpoint health

  • Healthy/Unhealthy Threshold - 3 (default)

  • Interval - 30 sec (can set to 10 sec - higher cost)

  • if >18% of health checkers report the endpoint is healthy, Route 53 considers it Healthy. Otherwise it's Unhealthy.

  • Ability to choose which locations you want Route 53 to use.

• Health Checks pass only when the endpoint responds with the 2xx and 3xx status codes.

• Health Checks can be setup to pass/fail based on the text in the first 5120 bytes of the response.

• Configure your router/firewall to allow incoming requests from Route 53 Health Checkers.

Health Checks - Calculated Health Checks

• Combine the results of multiple health checks into a single health check.

• You can use AND, OR or NOT.

• Can monitor up to 256 child health checks.

• Specify how many of the health checks need to pass to make the parent pass.

• Usage: performance maintenance to your website without causing all the health checks to fail.

Health Checks - Private Hosted Zones

• Route 53 health checkers are outside the VPC.

• They can't access private endpoints (private VPC or on-premises resource)

• You can create a CloudWatch Metric and associate a CloudWatch Alarm, then create a health check that checks the alarm itself.

Routing Policy - Failover

• Write it down from google (not there in video)

Routing Policy - Geolocation

• Different from Latency-based.

• This routing is based on user location.

• Specify location by Continent, Country or by US State (if there's overlapping, most precise location is selected).

• Should create a Default record (in case there's no match on location).

• Use cases: website localization, restrict content distribution, load balancing, etc.)

• Can be associated with Health Checks.

Routing Policy - Geoproximity

• Route traffic to your resources based on the geographic location of users and resources.

• Ability to shift more traffic to resources based on the defined bias.

• To change the size of the geographic region, specify bias values:

  • To expand (1 to 99) - more traffic to the resource

  • To shrink (-1 to -99) - less traffic to the resource

• Resources can be :

  • AWS resources (specify AWS region)

  • Non-AWS resources (specify Latitude and Longitude)

• You must use Route 53 Traffic Flow (advanced) to use this feature

Routing Policy - IP based

• Routing is based on clients IP addresses.

• You provide a list of CIDRs for your clients and the corresponding endpoints/locations (user-IP-to-endpoint mapping).

• Use cases: Optimize performance, reduce network costs, etc.

• Ex: route end users from a particular ISP to s specific endpoint.

Routing Policy - Multi Value

• Use when routing traffic to multiple resources.

• Route 53 return multiple values/resources.

• Can be associated with Health Checks (return only values for healthy resources).

• Up to 8 healthy records are returned for each Multi-Value query.

• Multi-Value is not a substitute for having an ALB.

Domain Registrar VS DNS Service

• You can buy or register your domain name with a Domain Registrar typically by paying annual charges (ex: GoDaddy, Amazon Registrar, etc.)

• The Domain Registrar usually provides you with a DNS Service to manage your DNS Records.

• But you can use another DNS service to manage your DNS records.

• Ex: Purchase the domain from GoDaddy and use Route53 to manage your DNS records.

3rd Party Registrar with Amazon Route 53

• If you buy your domain on a 3rd party registrar, you can still use Route 53 as the DNS service provider.

  • Create a public hosted zone in Route 53.

  • Update NS records on 3rd party website to use Route 53 Name Servers.

• Domain Registrar != DNS Service

• But every Domain Registrar usually comes with some DNS features.