Upload
amazon-web-services
View
142
Download
6
Embed Size (px)
Citation preview
© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved.
November 30, 2016
NET202
DNS DemystifiedGetting Started with Amazon Route 53,
Featuring Warner Bros. Entertainment
Sean Meckley, Sr. Product Manager, Amazon Route 53
Vahram Sukyas, Vice President, Application Infrastructure & Operations, Warner Bros. Entertainment
What to expect from the session
• What is DNS? (in under 5 minutes)
• Step-by-step: setting up DNS for a basic web application
• Improving availability and performance with advanced
DNS features
• Strategies for migrating multiple domains to Amazon
Route 53
• Real-world migration example: Warner Bros.
Entertainment
What is DNS? (in under 5 minutes)
ISP’s DNS
Resolver
Your web server
IP address: 1.2.3.4
www.example.com?
What is DNS? (in under 5 minutes)
ISP’s DNS
Resolver
Root name server
Your web server
IP address: 1.2.3.4
www.example.com?
www.example.com?
What is DNS? (in under 5 minutes)
ISP’s DNS
Resolver
Root name server
Name server for .com
Your web server
IP address: 1.2.3.4
www.example.com?
this name server knows about .comwww.example.com?
What is DNS? (in under 5 minutes)
ISP’s DNS
Resolver
Root name server
Name server for .com
Your web server
IP address: 1.2.3.4
www.example.com?
this name server knows about .com
www.example.com?
www.example.com?
What is DNS? (in under 5 minutes)
ISP’s DNS
Resolver
Root name server
Name server for .com
Your web server
IP address: 1.2.3.4
Name server for
example.com
www.example.com?
this name server knows about .com
www.example.com?
this name server knows about
example.com
www.example.com?
What is DNS? (in under 5 minutes)
ISP’s DNS
Resolver
Root name server
Name server for .com
Your web server
IP address: 1.2.3.4
Name server for
example.com
www.example.com?
this name server knows about .com
www.example.com?
this name server knows about
example.com
www.example.com?
Q: How does .com name server know?
What is DNS? (in under 5 minutes)
ISP’s DNS
Resolver
Root name server
Name server for .com
Your web server
IP address: 1.2.3.4
Name server for
example.com
www.example.com?
this name server knows about .com
www.example.com?
this name server knows about
example.com
www.example.com?
Q: How does .com name server know?
A: Your domain name registrar updates
this info on your behalf
What is DNS? (in under 5 minutes)
ISP’s DNS
Resolver
Root name server
Name server for .com
Your web server
IP address: 1.2.3.4
Name server for
example.com
www.example.com?
this name server knows about .com
www.example.com?
this name server knows about
example.com
www.example.com?
www.example.com?
What is DNS? (in under 5 minutes)
ISP’s DNS
Resolver
Root name server
Name server for .com
Your web server
IP address: 1.2.3.4
Name server for
example.com
www.example.com?
this name server knows about .com
www.example.com?
this name server knows about
example.com
www.example.com?
I know about www.example.com!
IP address 1.2.3.4
www.example.com?
What is DNS? (in under 5 minutes)
ISP’s DNS
Resolver
Root name server
Name server for .com
Your web server
IP address: 1.2.3.4
Name server for
example.com
www.example.com?
this name server knows about .com
www.example.com?
this name server knows about
example.com
www.example.com?
I know about www.example.com!
IP address 1.2.3.4
www.example.com?
Q: How does Route 53 know?
What is DNS? (in under 5 minutes)
ISP’s DNS
Resolver
Root name server
Name server for .com
Your web server
IP address: 1.2.3.4
Name server for
example.com
www.example.com?
this name server knows about .com
www.example.com?
this name server knows about
example.com
www.example.com?
I know about www.example.com!
IP address 1.2.3.4
www.example.com?
Q: How does Route 53 know?
A: You’ve created a hosted zone for
example.com in Route 53
What is DNS? (in under 5 minutes)
ISP’s DNS
Resolver
Root name server
Name server for .com
Your web server
IP address: 1.2.3.4
Name server for
example.com
www.example.com?
this name server knows about .com
www.example.com?
this name server knows about
example.com
www.example.com?
I know about www.example.com!
IP address 1.2.3.4
www.example.com?
IP: 1.2.3.4
I found an answer!
www.example.com is at the
IP address 1.2.3.4
What is DNS? (in under 5 minutes)
ISP’s DNS
Resolver
Root name server
Name server for .com
Your web server
IP address: 1.2.3.4
Name server for
example.com
www.example.com?
this name server knows about .com
www.example.com?
this name server knows about
example.com
www.example.com?
I know about www.example.com!
IP address 1.2.3.4
www.example.com?
IP: 1.2.3.4
HTTP request:
IP: 1.2.3.4
http://www.example.com
What is DNS? (in under 5 minutes)
ISP’s DNS
Resolver
Root name server
Name server for .com
Your web server
IP address: 1.2.3.4
Name server for
example.com
www.example.com?
this name server knows about .com
www.example.com?
this name server knows about
example.com
www.example.com?
I know about www.example.com!
IP address 1.2.3.4
www.example.com?
IP: 1.2.3.4
HTTP request:
IP: 1.2.3.4
http://www.example.com
Success!
What is DNS? Advantages of managed DNS
• Worldwide anycast network with redundant locations
• 100% availability SLA
• Advanced routing: LBR, Geo, WRR, Failover
• AWS integrations: Alias
• Manage via API, CLI, SDKs, AWS tools, third-party tools
Step by step: DNS for a basic website
ISP’s DNS
Resolver
Root name server
Name server for .com
Your web server
Name server for
example.com
Step by step: DNS for a basic website
ISP’s DNS
Resolver
Name server for .com
Your web server
Name server for
example.com
Root name server
Register a domain name
Step by step: DNS for a basic website
ISP’s DNS
Resolver
Name server for .com
Your web server
Root name server
Name server for
example.com
Register a domain name
Create a hosted zone
Step by step: DNS for a basic website
ISP’s DNS
Resolver
Name server for .com
Your web server
Root name server
Register a domain name
Name server for
example.com
Create a hosted zone
Create DNS records in your hosted
zone
Step by step: DNS for a basic website
ISP’s DNS
Resolver
Your web server
Name server for
example.com
Root name server
Name server for .com
“Delegate” to Route 53
Register a domain name
Create a hosted zone
Create DNS records in your hosted
zone
Step by step: domain name registration
ISP’s DNS
Resolver
Root name server
Your web server
Name server for
example.com
Name server for .com
Register a domain name
Step by step: domain name registration
You can do it in Route 53
You can do it elsewhere (another registrar)
We’ll show both:
• New domain name in Route 53
• Existing domain name in another registrar
Step by step: domain name registration
Steps to register domain name in Route 53
Console screenshots
Step by step: domain name registration
If you’ve already registered a domain name using another
registrar:
• We’ll create a hosted zone in Route 53 and create
records in the hosted zone
• Then we’ll come back to your registrar to update name
servers to point to your Route 53 hosted zone
Domain Name: example.com
Step by step: domain name registration
Some Other Registrar
Domain Name: example.com
Registrant Contact Info Domain Settings Optional Extras
Name Servers DNS Other Stuff
ns1.someexampleregistrar.com
ns2.someexampleregistrar.com
ns3.someexampleregistrar.com
example.com
*.example.com
foo.example.com
www.example.com
…
…
…
…
A
CNAME
A
A
1.2.3.4
example.com
3.4.5.6
1.2.3.4
…
…
…
…
…
…
…
…
…
…
…
…
Step by step: domain name registration
Some Other Registrar
Domain Name: example.com
Registrant Contact Info Domain Settings Optional Extras
Name Servers DNS Other Stuff
ns1.someexampleregistrar.com
ns2.someexampleregistrar.com
ns3.someexampleregistrar.com
example.com
*.example.com
foo.example.com
www.example.com
…
…
…
…
A
CNAME
A
A
1.2.3.4
example.com
3.4.5.6
1.2.3.4
…
…
…
…
…
…
…
…
…
…
…
…
Step by step: create a hosted zone
ISP’s DNS
Resolver
Root name server
Name server for .com
Your web server
Name server for
example.com
Create a hosted zone
Create DNS records in your hosted
zone
Step by step: create a hosted zone
If you registered a new domain name in Route 53, we’ve
created a hosted zone for you.
Here’s how to find it in the console.
Step by step: point records at your server
Root domain (example.com) vs. subdomain
(www.example.com)
Wildcard record – will respond to any unmatched subdomains
Let’s create records for example.com and www.example.com
and point them both at your web server
Step by step: point records at your server
AWS resources you can create alias records for:
• Elastic Load Balancing
• AWS Elastic Beanstalk
• Amazon CloudFront*
• Amazon S3 website*
* DNS name must exactly match CloudFront alternate domain name or
S3 bucket name
Step by step: create more records
MX record: for your email service
TXT records for email validation, web analytics, certificates
Step by step: delegate to the hosted zone
ISP’s DNS
Resolver
Root name server
Your web server
Name server for
example.com
Name server for .com
Delegate to Route 53
Step by step: delegate to the hosted zone
This set of four name servers is called a delegation set.
For example:
• ns-1949.awsdns-51.co.uk
• ns-592.awsdns-09.net
• ns-317.awsdns-39.com
• ns-1158.awsdns-16.org
Step by step: delegate to the hosted zone
If your domain name is with another registrar, here’s how to
delegate to Route 53
Step by step: delegate to the hosted zone
Some Other Registrar
Domain Name: example.com
Registrant Contact Info Domain Settings Optional Extras
Name Servers DNS Other Stuff
ns1.someexampleregistrar.com
ns2.someexampleregistrar.com
ns3.someexampleregistrar.com
example.com
*.example.com
foo.example.com
www.example.com
…
…
…
…
A
CNAME
A
A
1.2.3.4
example.com
3.4.5.6
1.2.3.4
…
…
…
…
…
…
…
…
…
…
…
…
Step by step: delegate to the hosted zone
Some Other Registrar
Domain Name: example.com
Registrant Contact Info Domain Settings Optional Extras
Name Servers DNS Other Stuff
ns-1949.awsdns-51.co.uk
ns-592.awsdns-09.net
ns-317.awsdns-39.com
ns-1158.awsdns-16.org
example.com
*.example.com
foo.example.com
www.example.com
…
…
…
…
A
CNAME
A
A
1.2.3.4
example.com
3.4.5.6
1.2.3.4
…
…
…
…
…
…
…
…
…
…
…
…
Step by step: delegate to the hosted zone
When you migrate between DNS providers for an existing
domain, the change can take up to 48 hours to become
fully effective.
Why? Name server DNS records are typically cached
across the global DNS system for up to 48 hours.
Step by step: recap
ISP’s DNS
Resolver
Root name server
Name server for .com
Your web server
Name server for
example.com
Delegation: name servers for
example.com
Domain name: example.com
Hosted zone: example.com
DNS record:
www.example.com A 1.2.3.4
Step by step: recap
[[email protected]]$ dig example.com
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.37.rc1.45.amzn1 <<>> example.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47523
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;example.com. IN A
;; ANSWER SECTION:
example.com. 60 IN A 175.41.145.117
;; Query time: 80 msec
;; SERVER: 172.31.0.2#53(172.31.0.2)
;; WHEN: Fri Nov 11 01:48:40 2016
;; MSG SIZE rcvd: 51
Step by step: recap
[[email protected]$ dig NS example.com
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.37.rc1.45.amzn1 <<>> NS example.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15971
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;example.com. IN NS
;; ANSWER SECTION:
example.com. 3600 IN NS ns-1795.awsdns-32.co.uk.
example.com. 3600 IN NS ns-21.awsdns-02.com.
example.com. 3600 IN NS ns-678.awsdns-20.net.
example.com. 3600 IN NS ns-1456.awsdns-54.org.
Step by step: recap
[[email protected]$ dig NS example.com
; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.37.rc1.45.amzn1 <<>> NS example.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15971
;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 0
;; QUESTION SECTION:
;example.com. IN NS
;; ANSWER SECTION:
example.com. 3600 IN NS ns-1795.awsdns-32.co.uk.
example.com. 3600 IN NS ns-21.awsdns-02.com.
example.com. 3600 IN NS ns-678.awsdns-20.net.
example.com. 3600 IN NS ns-1456.awsdns-54.org.
Step by step: recap
[[email protected]$ dig example.com +trace
. 518400 IN NS B.ROOT-SERVERS.com.
...
;; Received 508 bytes from 172.31.0.2#53(172.31.0.2) in 6 ms
com. 172800 IN NS a.gtld-servers.com.
...
;; Received 492 bytes from 199.7.83.42#53(199.7.83.42) in 29 ms
example.com. 172800 IN NS ns-21.awsdns-02.com.
example.com. 172800 IN NS ns-678.awsdns-20.net.
example.com. 172800 IN NS ns-1795.awsdns-32.co.uk.
example.com. 172800 IN NS ns-1456.awsdns-54.org.
;; Received 203 bytes from 192.55.83.30#53(192.55.83.30) in 266 ms
example.com. 60 IN A 175.41.145.117
example.com. 172800 IN NS ns-1456.awsdns-54.org.
example.com. 172800 IN NS ns-1795.awsdns-32.co.uk.
example.com. 172800 IN NS ns-21.awsdns-02.com.
example.com. 172800 IN NS ns-678.awsdns-20.net.
;; Received 187 bytes from 205.251.197.176#53(205.251.197.176) in 25 ms
Getting a bit more advanced
• Private DNS in VPC
• Health checks and failover
• Multi-region scenarios: Geo and LBR
• Traffic flow
app-server-01.example.com?
IP: 10.0.1.2
Route 53 private DNS
Advanced: private DNS in VPC
Your app server
IP address: 10.0.3.4
virtual private cloud
Client: a server
in your VPC
Advanced: traffic flow
Visit Session NET302: Managing
Global Traffic with Amazon Route
53 Traffic Flow
Overview
• About Warner Bros.
• Warner Bros. & AWS
• DNS setup before Route 53
• The road to Route 53
• Our results
• Next steps
About Warner Bros.
• A global leader in the creation, production, distribution,
licensing, and marketing of all forms of entertainment:
• Movies
• TV shows
• Games
• Huge portfolio of websites and internal applications
• Thousands of domains
Warner Bros. & AWS
• Multiple active projects to move applications – and even
entire data centers – to AWS
• Primary drivers for moving to AWS
• Application isolation – 150+ Accounts!
• Billing clarity
• Security
• Agility
• Long history of applications running on AWS (TMZ.com,
DramaFever, Turbine, and more!)
DNS setup before Route 53
• On-premises solution
• Bind9
• No self-service
• Poor fault tolerance
• Poor geographic distribution = poor international DNS lookup
times
• 25,000+ domains
• Some zones have over 10,000 records
• DNS without an API is misery
The road to Route 53
Problems to solve:
• Domain registration process
• Devise a scheme for reusable (and WB branded!)
delegation sets
• Find a way to import (and validate) thousands of zones
• IAM and delegating access to specific zones
• Several Route 53 default limits needed to be raised…
The road to Route 53
• Upper limit on a delegation set is 2,000
• …which means we need to migrate zones in chunks of 2,000 domains
• Our goal was to migrate 2-3 batches a week
• Write a tool to validate entire zones in Route 53 vs. Bind
• Write a tool to easily setup new domains
• Lower TTLs
• Find a tool to handle the migration: cli53 (with some custom patches)
Our results
• Migrated 25,000+ zones in < 6 weeks
• Upfront investment in automation resulted in a smooth,
error-free migration
• Ability to self-serve on zones
• Greatly reduced risk of DDoS attacks taking down DNS
• Increased performance!
Next steps
• Enable full self-service at the individual record level
• Leverage Route 53 advanced traffic policies
• Leverage Route 53 health checks
• Cleanup “legacy” (invalid) records
Amazon Route 53 survey
Give us your feedback about Route 53’s features and
usability at http://amzn.to/Route53_200
Meet the Route 53 team and get Route 53 swag at the
Networking, Content Delivery, & Media Solutions booth.
Related Sessions
NET201 Creating Your Virtual Data Center: VPC Fundamentals and Connectivity Options
NET401 Another Day, Another Billion Packets
NET305 Extending Datacenters to the Cloud: Connectivity Options and Considerations for
Hybrid Environments
NET302 Global Traffic Management with Amazon Route 53 Traffic Flow
NET304 Moving Mountains: Netflix's Migration into VPC
NET402 Deep Dive: AWS Direct Connect and VPNs
NET403 Elastic Load Balancing Deep Dive and Best Practices
NET203 From EC2 to ECS: How Capital One uses Application Load Balancer Features to
Serve Traffic at Scale
NET303 NextGen Networking: New Capabilities for Amazon’s Virtual Private Cloud