Whether you’re running a simple website, a mobile app, or a suite of business applications, DNS is a fundamental part of any architecture in the cloud. In this mid-level architecture session, we’ll cover everything you need to get started with Amazon Route 53, AWS’s highly-available DNS service. You’ll learn how to use public DNS, including routing techniques such as weighted round-robin, latency-based routing, and geo DNS; how to configure DNS failover using health checks; how and when to use private DNS within your Virtual Private Cloud (VPC); and how Amazon Route 53 interacts with Amazon EC2’s DNS for instance naming and DNS resolution across your network.
We will conclude the session with a real-world migration example. Warner Bros. Entertainment recently completed a full DNS migration to Route 53. Vahram Sukyas, Vice President, Application Infrastructure & Operations at Warner Bros. Entertainment, will share details on his team's architecture, migration strategy, and lessons learned which are useful for enterprises and startups alike.
2. What to expect from the session
• What is DNS? (in under 5 minutes)
• Step-by-step: setting up DNS for a basic web application
• Improving availability and performance with advanced
DNS features
• Strategies for migrating multiple domains to Amazon
Route 53
• Real-world migration example: Warner Bros.
Entertainment
4. What is DNS? (in under 5 minutes)
Your web server
5. What is DNS? (in under 5 minutes)
Your web server
IP address: 1.2.3.4
6. What is DNS? (in under 5 minutes)
Your web server
IP address: 1.2.3.4
www.example.com
7. What is DNS? (in under 5 minutes)
Your web server
IP address: 1.2.3.4
8. What is DNS? (in under 5 minutes)
Your web server
IP address: 1.2.3.4
9. What is DNS? (in under 5 minutes)
http://www.example.com
Your web server
IP address: 1.2.3.4
10. What is DNS? (in under 5 minutes)
ISP’s DNS
Resolver
Your web server
IP address: 1.2.3.4
www.example.com?
11. What is DNS? (in under 5 minutes)
ISP’s DNS
Resolver
Root name server
Your web server
IP address: 1.2.3.4
www.example.com?
www.example.com?
12. What is DNS? (in under 5 minutes)
ISP’s DNS
Resolver
Root name server
Name server for .com
Your web server
IP address: 1.2.3.4
www.example.com?
this name server knows about .com
www.example.com?
13. What is DNS? (in under 5 minutes)
ISP’s DNS
Resolver
Root name server
Name server for .com
Your web server
IP address: 1.2.3.4
www.example.com?
this name server knows about .com
www.example.com?
www.example.com?
14. What is DNS? (in under 5 minutes)
ISP’s DNS
Resolver
Root name server
Name server for .com
Your web server
IP address: 1.2.3.4
Name server for
example.com
www.example.com?
this name server knows about .com
www.example.com?
this name server knows about
example.com
www.example.com?
15. What is DNS? (in under 5 minutes)
ISP’s DNS
Resolver
Root name server
Name server for .com
Your web server
IP address: 1.2.3.4
Name server for
example.com
www.example.com?
this name server knows about .com
www.example.com?
this name server knows about
example.com
www.example.com?
Q: How does .com name server know?
16. What is DNS? (in under 5 minutes)
ISP’s DNS
Resolver
Root name server
Name server for .com
Your web server
IP address: 1.2.3.4
Name server for
example.com
www.example.com?
this name server knows about .com
www.example.com?
this name server knows about
example.com
www.example.com?
Q: How does .com name server know?
A: Your domain name registrar updates
this info on your behalf
17. What is DNS? (in under 5 minutes)
ISP’s DNS
Resolver
Root name server
Name server for .com
Your web server
IP address: 1.2.3.4
Name server for
example.com
www.example.com?
this name server knows about .com
www.example.com?
this name server knows about
example.com
www.example.com?
www.example.com?
18. What is DNS? (in under 5 minutes)
ISP’s DNS
Resolver
Root name server
Name server for .com
Your web server
IP address: 1.2.3.4
Name server for
example.com
www.example.com?
this name server knows about .com
www.example.com?
this name server knows about
example.com
www.example.com?
I know about www.example.com!
IP address 1.2.3.4
www.example.com?
19. What is DNS? (in under 5 minutes)
ISP’s DNS
Resolver
Root name server
Name server for .com
Your web server
IP address: 1.2.3.4
Name server for
example.com
www.example.com?
this name server knows about .com
www.example.com?
this name server knows about
example.com
www.example.com?
I know about www.example.com!
IP address 1.2.3.4
www.example.com?
Q: How does Route 53 know?
20. What is DNS? (in under 5 minutes)
ISP’s DNS
Resolver
Root name server
Name server for .com
Your web server
IP address: 1.2.3.4
Name server for
example.com
www.example.com?
this name server knows about .com
www.example.com?
this name server knows about
example.com
www.example.com?
I know about www.example.com!
IP address 1.2.3.4
www.example.com?
Q: How does Route 53 know?
A: You’ve created a hosted zone for
example.com in Route 53
21. What is DNS? (in under 5 minutes)
ISP’s DNS
Resolver
Root name server
Name server for .com
Your web server
IP address: 1.2.3.4
Name server for
example.com
www.example.com?
this name server knows about .com
www.example.com?
this name server knows about
example.com
www.example.com?
I know about www.example.com!
IP address 1.2.3.4
www.example.com?
IP: 1.2.3.4
I found an answer!
www.example.com is at the
IP address 1.2.3.4
22. What is DNS? (in under 5 minutes)
ISP’s DNS
Resolver
Root name server
Name server for .com
Your web server
IP address: 1.2.3.4
Name server for
example.com
www.example.com?
this name server knows about .com
www.example.com?
this name server knows about
example.com
www.example.com?
I know about www.example.com!
IP address 1.2.3.4
www.example.com?
IP: 1.2.3.4
HTTP request:
IP: 1.2.3.4
http://www.example.com
23. What is DNS? (in under 5 minutes)
ISP’s DNS
Resolver
Root name server
Name server for .com
Your web server
IP address: 1.2.3.4
Name server for
example.com
www.example.com?
this name server knows about .com
www.example.com?
this name server knows about
example.com
www.example.com?
I know about www.example.com!
IP address 1.2.3.4
www.example.com?
IP: 1.2.3.4
HTTP request:
IP: 1.2.3.4
http://www.example.com
Success!
24. What is DNS? Advantages of managed DNS
• Worldwide anycast network with redundant locations
• 100% availability SLA
• Advanced routing: LBR, Geo, WRR, Failover
• AWS integrations: Alias
• Manage via API, CLI, SDKs, AWS tools, third-party tools
26. Step by step: DNS for a basic website
ISP’s DNS
Resolver
Root name server
Name server for .com
Your web server
Name server for
example.com
27. Step by step: DNS for a basic website
ISP’s DNS
Resolver
Name server for .com
Your web server
Name server for
example.com
Root name server
Register a domain name
28. Step by step: DNS for a basic website
ISP’s DNS
Resolver
Name server for .com
Your web server
Root name server
Name server for
example.com
Register a domain name
Create a hosted zone
29. Step by step: DNS for a basic website
ISP’s DNS
Resolver
Name server for .com
Your web server
Root name server
Register a domain name
Name server for
example.com
Create a hosted zone
Create DNS records in your hosted
zone
30. Step by step: DNS for a basic website
ISP’s DNS
Resolver
Your web server
Name server for
example.com
Root name server
Name server for .com
“Delegate” to Route 53
Register a domain name
Create a hosted zone
Create DNS records in your hosted
zone
31. Step by step: domain name registration
ISP’s DNS
Resolver
Root name server
Your web server
Name server for
example.com
Name server for .com
Register a domain name
32. Step by step: domain name registration
You can do it in Route 53
You can do it elsewhere (another registrar)
We’ll show both:
• New domain name in Route 53
• Existing domain name in another registrar
33. Step by step: domain name registration
Steps to register domain name in Route 53
Console screenshots
37. Step by step: domain name registration
If you’ve already registered a domain name using another
registrar:
• We’ll create a hosted zone in Route 53 and create
records in the hosted zone
• Then we’ll come back to your registrar to update name
servers to point to your Route 53 hosted zone
38. Domain Name: example.com
Step by step: domain name registration
Some Other Registrar
Domain Name: example.com
Registrant Contact Info Domain Settings Optional Extras
Name Servers DNS Other Stuff
ns1.someexampleregistrar.com
ns2.someexampleregistrar.com
ns3.someexampleregistrar.com
example.com
*.example.com
foo.example.com
www.example.com
…
…
…
…
A
CNAME
A
A
1.2.3.4
example.com
3.4.5.6
1.2.3.4
…
…
…
…
…
…
…
…
…
…
…
…
39. Step by step: domain name registration
Some Other Registrar
Domain Name: example.com
Registrant Contact Info Domain Settings Optional Extras
Name Servers DNS Other Stuff
ns1.someexampleregistrar.com
ns2.someexampleregistrar.com
ns3.someexampleregistrar.com
example.com
*.example.com
foo.example.com
www.example.com
…
…
…
…
A
CNAME
A
A
1.2.3.4
example.com
3.4.5.6
1.2.3.4
…
…
…
…
…
…
…
…
…
…
…
…
40. Step by step: create a hosted zone
ISP’s DNS
Resolver
Root name server
Name server for .com
Your web server
Name server for
example.com
Create a hosted zone
Create DNS records in your hosted
zone
41. Step by step: create a hosted zone
If you registered a new domain name in Route 53, we’ve
created a hosted zone for you.
Here’s how to find it in the console.
52. Step by step: point records at your server
Root domain (example.com) vs. subdomain
(www.example.com)
Wildcard record – will respond to any unmatched subdomains
Let’s create records for example.com and www.example.com
and point them both at your web server
60. Step by step: point records at your server
AWS resources you can create alias records for:
• Elastic Load Balancing
• AWS Elastic Beanstalk
• Amazon CloudFront*
• Amazon S3 website*
* DNS name must exactly match CloudFront alternate domain name or
S3 bucket name
61. Step by step: create more records
MX record: for your email service
TXT records for email validation, web analytics, certificates
62. Step by step: delegate to the hosted zone
ISP’s DNS
Resolver
Root name server
Your web server
Name server for
example.com
Name server for .com
Delegate to Route 53
64. Step by step: delegate to the hosted zone
This set of four name servers is called a delegation set.
For example:
• ns-1949.awsdns-51.co.uk
• ns-592.awsdns-09.net
• ns-317.awsdns-39.com
• ns-1158.awsdns-16.org
66. Step by step: delegate to the hosted zone
If your domain name is with another registrar, here’s how to
delegate to Route 53
67. Step by step: delegate to the hosted zone
Some Other Registrar
Domain Name: example.com
Registrant Contact Info Domain Settings Optional Extras
Name Servers DNS Other Stuff
ns1.someexampleregistrar.com
ns2.someexampleregistrar.com
ns3.someexampleregistrar.com
example.com
*.example.com
foo.example.com
www.example.com
…
…
…
…
A
CNAME
A
A
1.2.3.4
example.com
3.4.5.6
1.2.3.4
…
…
…
…
…
…
…
…
…
…
…
…
68. Step by step: delegate to the hosted zone
Some Other Registrar
Domain Name: example.com
Registrant Contact Info Domain Settings Optional Extras
Name Servers DNS Other Stuff
ns-1949.awsdns-51.co.uk
ns-592.awsdns-09.net
ns-317.awsdns-39.com
ns-1158.awsdns-16.org
example.com
*.example.com
foo.example.com
www.example.com
…
…
…
…
A
CNAME
A
A
1.2.3.4
example.com
3.4.5.6
1.2.3.4
…
…
…
…
…
…
…
…
…
…
…
…
69. Step by step: delegate to the hosted zone
When you migrate between DNS providers for an existing
domain, the change can take up to 48 hours to become
fully effective.
Why? Name server DNS records are typically cached
across the global DNS system for up to 48 hours.
70. Step by step: recap
ISP’s DNS
Resolver
Root name server
Name server for .com
Your web server
Name server for
example.com
Delegation: name servers for
example.com
Domain name: example.com
Hosted zone: example.com
DNS record:
www.example.com A 1.2.3.4
71. Step by step: recap
Let’s trace a request from client to TLD to authority (r53) to
web server
73. Step by step: recap
[ec2-user@10.0.1.3]$ dig example.com
74. Step by step: recap
[ec2-user@10.0.1.3]$ dig example.com
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.37.rc1.45.amzn1 <<>> example.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47523
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;example.com. IN A
;; ANSWER SECTION:
example.com. 60 IN A 175.41.145.117
;; Query time: 80 msec
;; SERVER: 172.31.0.2#53(172.31.0.2)
;; WHEN: Fri Nov 11 01:48:40 2016
;; MSG SIZE rcvd: 51
75. Step by step: recap
[ec2-user@10.0.1.3$ dig NS example.com
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.37.rc1.45.amzn1 <<>> NS example.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15971
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;example.com. IN NS
;; ANSWER SECTION:
example.com. 3600 IN NS ns-1795.awsdns-32.co.uk.
example.com. 3600 IN NS ns-21.awsdns-02.com.
example.com. 3600 IN NS ns-678.awsdns-20.net.
example.com. 3600 IN NS ns-1456.awsdns-54.org.
76. Step by step: recap
[ec2-user@10.0.1.3$ dig NS example.com
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.37.rc1.45.amzn1 <<>> NS example.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15971
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;example.com. IN NS
;; ANSWER SECTION:
example.com. 3600 IN NS ns-1795.awsdns-32.co.uk.
example.com. 3600 IN NS ns-21.awsdns-02.com.
example.com. 3600 IN NS ns-678.awsdns-20.net.
example.com. 3600 IN NS ns-1456.awsdns-54.org.
77. Step by step: recap
[ec2-user@10.0.1.3$ dig example.com +trace
78. Step by step: recap
[ec2-user@10.0.1.3$ dig example.com +trace
. 518400 IN NS B.ROOT-SERVERS.com.
...
;; Received 508 bytes from 172.31.0.2#53(172.31.0.2) in 6 ms
com. 172800 IN NS a.gtld-servers.com.
...
;; Received 492 bytes from 199.7.83.42#53(199.7.83.42) in 29 ms
example.com. 172800 IN NS ns-21.awsdns-02.com.
example.com. 172800 IN NS ns-678.awsdns-20.net.
example.com. 172800 IN NS ns-1795.awsdns-32.co.uk.
example.com. 172800 IN NS ns-1456.awsdns-54.org.
;; Received 203 bytes from 192.55.83.30#53(192.55.83.30) in 266 ms
example.com. 60 IN A 175.41.145.117
example.com. 172800 IN NS ns-1456.awsdns-54.org.
example.com. 172800 IN NS ns-1795.awsdns-32.co.uk.
example.com. 172800 IN NS ns-21.awsdns-02.com.
example.com. 172800 IN NS ns-678.awsdns-20.net.
;; Received 187 bytes from 205.251.197.176#53(205.251.197.176) in 25 ms
79. Getting a bit more advanced
• Private DNS in VPC
• Health checks and failover
• Multi-region scenarios: Geo and LBR
• Traffic flow
89. Overview
• About Warner Bros.
• Warner Bros. & AWS
• DNS setup before Route 53
• The road to Route 53
• Our results
• Next steps
90. About Warner Bros.
• A global leader in the creation, production, distribution,
licensing, and marketing of all forms of entertainment:
• Movies
• TV shows
• Games
• Huge portfolio of websites and internal applications
• Thousands of domains
91. Warner Bros. & AWS
• Multiple active projects to move applications – and even
entire data centers – to AWS
• Primary drivers for moving to AWS
• Application isolation – 150+ Accounts!
• Billing clarity
• Security
• Agility
• Long history of applications running on AWS (TMZ.com,
DramaFever, Turbine, and more!)
92. DNS setup before Route 53
• On-premises solution
• Bind9
• No self-service
• Poor fault tolerance
• Poor geographic distribution = poor international DNS lookup
times
• 25,000+ domains
• Some zones have over 10,000 records
• DNS without an API is misery
93. The road to Route 53
Problems to solve:
• Domain registration process
• Devise a scheme for reusable (and WB branded!)
delegation sets
• Find a way to import (and validate) thousands of zones
• IAM and delegating access to specific zones
• Several Route 53 default limits needed to be raised…
95. The road to Route 53
• Upper limit on a delegation set is 2,000
• …which means we need to migrate zones in chunks of
2,000 domains
• Our goal was to migrate 2-3 batches a week
• Write a tool to validate entire zones in Route 53 vs. Bind
• Write a tool to easily setup new domains
• Lower TTLs
• Find a tool to handle the migration: cli53 (with some
custom patches)
98. Our results
• Migrated 25,000+ zones in < 6 weeks
• Upfront investment in automation resulted in a smooth,
error-free migration
• Ability to self-serve on zones
• Greatly reduced risk of DDoS attacks taking down DNS
• Increased performance!
99. Our results – DNS performance (before)
Latency in ms.
100. Our results – DNS performance (after)
Latency in ms.
102. Next steps
• Enable full self-service at the individual record level
• Leverage Route 53 advanced traffic policies
• Leverage Route 53 health checks
• Cleanup “legacy” (invalid) records
105. Amazon Route 53 survey
Give us your feedback about Route 53’s features and
usability at http://amzn.to/Route53_200
Meet the Route 53 team and get Route 53 swag at the
Networking, Content Delivery, & Media Solutions booth.
106. Related Sessions
NET201 Creating Your Virtual Data Center: VPC Fundamentals and Connectivity Options
NET401 Another Day, Another Billion Packets
NET305 Extending Datacenters to the Cloud: Connectivity Options and Considerations for
Hybrid Environments
NET302 Global Traffic Management with Amazon Route 53 Traffic Flow
NET304 Moving Mountains: Netflix's Migration into VPC
NET402 Deep Dive: AWS Direct Connect and VPNs
NET403 Elastic Load Balancing Deep Dive and Best Practices
NET203 From EC2 to ECS: How Capital One uses Application Load Balancer Features to
Serve Traffic at Scale
NET303 NextGen Networking: New Capabilities for Amazon’s Virtual Private Cloud