Amazon Route 53 is a highly available and scalable Domain Name System (DNS) web service. We can use Route 53 to perform three main functions in any combination,
- Domain registration
- DNS routing
- Health checking
We have to understand what is DNS, before go into details of Route 53. Let’s look at what is DNS.
DNS – Domain Name System
From wikipedia,
The Domain Name System is the hierarchical and decentralized naming system used to identify computers, services, and other resources reachable through the Internet or other Internet Protocol networks.
In simple words, DNS translates human-readable domain names(www.google.com) to machine-readable IP addresses(172.217.194.105). We have to register our domain name with a domain registrar. GoDaddy, namecheap, Bluehost, domain.com are some of the domain registrars. Route 53 is also a domain registrar, we can register our domain names in Route 53. Below are some of the DNS terminologies we should know,
Top Level Domain: In the hierarchy, Top level domain is at the highest level. For example, .com, .gov, .sg, .in, .org, .info are the TLD.
Second Level Domain: SLD is a domain that is directly below a TLD. For example, tailenders.info, example.com, google.com, amazon.com.
Fully Qualified Domain name: FQDN is the complete domain name. For example, http://shop.www.tailenders.com.
Subdomain
Since DNS is a hierarchical naming system, any domain can have many domains under it. For example, if we take tailenders.info, .info is the TLD. tailenders is the subdomain of .info.
Similarly, if we take tailenders.info, it can have many subdomains under it like shop or API. So the actual domain is shop .tailenders.info & api.tailenders.info
If we take www.tailenders.com, www is the subdomain of tailenders.info
Difference between a hostname and a subdomain
Host defines a computer or resource. Subdomain extends the parent domain. A subdomain is a method of subdividing the domain itself.
Root domain
IN DNS hierarchy, the Root domain is on the top. It does not have a name like the top-level domain(ex: .com). It is just an empty String. So all FQDN will have a full stop at the end to represent the empty string(ex: https://www.google.com.). But we don’t need to explicitly provide this.
- Root DNS server is managed by ICANN.
- TLD DNS server managed by IANA (Branch of ICANN).
- SLD domain server is the one managed by the domain registrar.
****************Add the hierarchy Diagram*********************
How DNS works?
Once we hit the domain name from our machine, it will be routed to the local DNS resolver that can be the servers located in our (ISP) Internet service provider or a local DNS server managed by our own organization. If the DNS resolver already cached the IP address of the domain, it will just return the IP.
Otherwise, it will send a request to Root DNS Server. Root DNS Server will give the IP address of the TLD server.
Then the local DNS resolver will reach out to TLD DNS server & get the IP address of the SLD server.
Now the local DNS resolver reaches out to SLD domain server & get the IP address of the domain which is the actual IP address of the server we are trying to reach out to.
Once the local DNS server knows the IP address of the FQDN, it will cache the results & share the IP address with our machine. At last, our machine will reach out to the actual server, which we are trying to access.
********** *ADD a diagram which explains how DNS servers work*****
Route 53
Route 53 is Amazon’s DNS service. As mentioned above, Amazon Route 53 is a highly available and scalable Domain Name System (DNS) web service. We can use Route 53 to perform three main functions in any combination,
- Domain registration
- DNS routing
- Health checking
DNS record types – supported by Route 53
Once the DNS registration is successful, we will be informed by amazon that it also created a hosted zone for the domain and recommend us to add records to the hosted zone. These records contain information about how to route traffic for your domain and any subdomains.To create record, we have to provide the below details,
- Record Name (Domain/Subdomain name)
- Record Type (Ex: A, AAAA, CNAME)
- Value (IP address) or Alias(AWS resource)
- TTL (record cached at DNS resolver)
- Routing Policy (Ex: Simeple location / Geolocation)
Record Types
There are many record types. Listed down some of them which I thought, it is necessary to know.
A: record to route traffic to a resource, such as a web server, using an IPv4 address in dotted decimal notation. Ex: 192.0.2.1
AAAA: record to route traffic to a resource, such as a web server, using an IPv6 address in colon-separated hexadecimal format. Ex: 2001:0db8:85a3:0:0:8a2e:0370:7334
CAA: record specifies which certificate authorities (CAs) are allowed to issue certificates for a domain or subdomain. Creating a CAA record helps to prevent the wrong CAs from issuing certificates for our domains.
NS: record identifies the name servers for the hosted zone.
CNAME: record maps DNS queries for the name of the current record, such as acme.example.com, to another domain (example.com or example.net) or subdomain (acme.example.com or zenith.example.org).
IMPORTANT NOTE
The DNS protocol does not allow you to create a CNAME record for the top node of a DNS namespace, also known as the zone apex. For example, if you register the DNS name example.com, the zone apex is example.com. You cannot create a CNAME record for example.com, but you can create CNAME records for www.example.com, newproduct.example.com, and so on.
In addition, if you create a CNAME record for a subdomain, you cannot create any other records for that subdomain. For example, if you create a CNAME for www.example.com, you cannot create any other records for which the value of the Name field is www.example.com.
***** Alias*****
******* Public vs private hosted zones*****
Routing Policy
We have to choose a routing policy when creating a record in our hosted zone. This is to define how Route 53 responds to DNS queries. Below are the routing policies we can choose,
- Simple
- Weighted
- Failover
- Latency based
- Geolocation
- Multi-Value
- Geoproximity (using Route 53 traffic flow feature)
This is not the same as Load Balancer routing which routes the traffic.DNS does not route any traffic, it only responds to the DNS queries.
Simple Routing Policy
Use for a single resource that performs a given function for our domain, for example, a web server that serves content for the example.com website. We can specify multiple values in the same record. If multiple values are returned, a random one will be chosen by the client. When Alias is enabled, specify only one AWS resource
Weighted Routing Policy
Use to route traffic to multiple resources in proportions that you specify. For example, we can send 50% of the request to the first instance, 30% to the second instance, 20% of the request to the third instance.
We can enter an integer between 0 and 255 for the value of weight. DNS records much have the same name & type. We have the option to add health check details. We can use this routing policy if we need to load balance between the regions or to test a newer version of the application.
Latency Routing Policy
Use when you have resources in multiple AWS Regions and you want to route traffic to the Region that provides the best latency with less round-trip time. Let’s assume that we have instances running in 2 regions that is Singapore & US. If we set the latency routing policy, requests from India will always to Singapore & requests from Canada will always go to US.
Failover Routing Policy (Active-Passive)
If Primary instance health check failed, failover to secondary instance ready for disaster recovery.
Geolocation Routing Policy
Use when we want to route traffic based on the location of your users. This is not the same as the latency routing policy. In the policy we can specify, if the request comes from India, go to instance 1 or if the request comes from Singapore, go to the second instance or if the request comes from Europe, go to the third instance & all other countries go to another instance.
Multivalue Routing Policy
Use when you want Route 53 to respond to DNS queries with up to eight healthy records selected at random. If the health check of a record fails, that record will not be responded to the client.
Geoproximity Routing Policy
Use when you want to route traffic based on the location of your resources and, optionally, shift traffic from resources in one location to resources in another. For example, if we have 2 instances running in 2 different locations. We can set more traffic to go to one location & less to other location.
Traffic flow to route DNS traffic
Traffic flow greatly simplifies the process of creating and maintaining records in large and complex configurations.
Note: We can use traffic flow to create records only in public hosted zones.
Visual editor: To create & manage complex routing decision trees
Versioning: We can create multiple versions of a traffic policy. Old versions continue to exist until we delete them. We can have up to 1000 versions per traffic policy.
Geoproximity routing policy: available only if you use traffic flow.
Configurations can be saved as Traffic Flow Policy & can be applied to different Route 53 Hosted Zones(different domain names).
Route 53 Health checks
We can create the following types of Route 53 health checks. For more details, please visit AWS documentation pages & read more,
- Health checks that monitor an endpoint
- Health checks that monitor other health checks (calculated health checks)
- Health checks that monitor CloudWatch alarms
- Amazon Route 53 Application Recovery Controller
Health checks are integrated with CloudWatch metrics as well. If we want to receive a notification when the status of a health check changes, you can configure an Amazon CloudWatch alarm for each health check.
Health Checks – Private Hosted Zones: Route 53 health checkers are outside the VPC.They can’t access private endpoints. So we can create a CloudWatch Metric and associate a CloudWatch Alarm, then create a health check that checks the alarm.