106
© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. November 30, 2016 NET202 DNS Demystified Getting Started with Amazon Route 53, Featuring Warner Bros. Entertainment Sean Meckley, Sr. Product Manager, Amazon Route 53 Vahram Sukyas, Vice President, Application Infrastructure & Operations, Warner Bros. Entertainment

AWS re:Invent 2016: DNS Demystified: Getting Started with Amazon Route 53, featuring Warner Bros. Entertainment (NET202)

Embed Size (px)

Citation preview

© 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved.

November 30, 2016

NET202

DNS DemystifiedGetting Started with Amazon Route 53,

Featuring Warner Bros. Entertainment

Sean Meckley, Sr. Product Manager, Amazon Route 53

Vahram Sukyas, Vice President, Application Infrastructure & Operations, Warner Bros. Entertainment

What to expect from the session

• What is DNS? (in under 5 minutes)

• Step-by-step: setting up DNS for a basic web application

• Improving availability and performance with advanced

DNS features

• Strategies for migrating multiple domains to Amazon

Route 53

• Real-world migration example: Warner Bros.

Entertainment

What is DNS? (in under 5 minutes)

What is DNS? (in under 5 minutes)

Your web server

What is DNS? (in under 5 minutes)

Your web server

IP address: 1.2.3.4

What is DNS? (in under 5 minutes)

Your web server

IP address: 1.2.3.4

www.example.com

What is DNS? (in under 5 minutes)

Your web server

IP address: 1.2.3.4

What is DNS? (in under 5 minutes)

Your web server

IP address: 1.2.3.4

What is DNS? (in under 5 minutes)

http://www.example.com

Your web server

IP address: 1.2.3.4

What is DNS? (in under 5 minutes)

ISP’s DNS

Resolver

Your web server

IP address: 1.2.3.4

www.example.com?

What is DNS? (in under 5 minutes)

ISP’s DNS

Resolver

Root name server

Your web server

IP address: 1.2.3.4

www.example.com?

www.example.com?

What is DNS? (in under 5 minutes)

ISP’s DNS

Resolver

Root name server

Name server for .com

Your web server

IP address: 1.2.3.4

www.example.com?

this name server knows about .comwww.example.com?

What is DNS? (in under 5 minutes)

ISP’s DNS

Resolver

Root name server

Name server for .com

Your web server

IP address: 1.2.3.4

www.example.com?

this name server knows about .com

www.example.com?

www.example.com?

What is DNS? (in under 5 minutes)

ISP’s DNS

Resolver

Root name server

Name server for .com

Your web server

IP address: 1.2.3.4

Name server for

example.com

www.example.com?

this name server knows about .com

www.example.com?

this name server knows about

example.com

www.example.com?

What is DNS? (in under 5 minutes)

ISP’s DNS

Resolver

Root name server

Name server for .com

Your web server

IP address: 1.2.3.4

Name server for

example.com

www.example.com?

this name server knows about .com

www.example.com?

this name server knows about

example.com

www.example.com?

Q: How does .com name server know?

What is DNS? (in under 5 minutes)

ISP’s DNS

Resolver

Root name server

Name server for .com

Your web server

IP address: 1.2.3.4

Name server for

example.com

www.example.com?

this name server knows about .com

www.example.com?

this name server knows about

example.com

www.example.com?

Q: How does .com name server know?

A: Your domain name registrar updates

this info on your behalf

What is DNS? (in under 5 minutes)

ISP’s DNS

Resolver

Root name server

Name server for .com

Your web server

IP address: 1.2.3.4

Name server for

example.com

www.example.com?

this name server knows about .com

www.example.com?

this name server knows about

example.com

www.example.com?

www.example.com?

What is DNS? (in under 5 minutes)

ISP’s DNS

Resolver

Root name server

Name server for .com

Your web server

IP address: 1.2.3.4

Name server for

example.com

www.example.com?

this name server knows about .com

www.example.com?

this name server knows about

example.com

www.example.com?

I know about www.example.com!

IP address 1.2.3.4

www.example.com?

What is DNS? (in under 5 minutes)

ISP’s DNS

Resolver

Root name server

Name server for .com

Your web server

IP address: 1.2.3.4

Name server for

example.com

www.example.com?

this name server knows about .com

www.example.com?

this name server knows about

example.com

www.example.com?

I know about www.example.com!

IP address 1.2.3.4

www.example.com?

Q: How does Route 53 know?

What is DNS? (in under 5 minutes)

ISP’s DNS

Resolver

Root name server

Name server for .com

Your web server

IP address: 1.2.3.4

Name server for

example.com

www.example.com?

this name server knows about .com

www.example.com?

this name server knows about

example.com

www.example.com?

I know about www.example.com!

IP address 1.2.3.4

www.example.com?

Q: How does Route 53 know?

A: You’ve created a hosted zone for

example.com in Route 53

What is DNS? (in under 5 minutes)

ISP’s DNS

Resolver

Root name server

Name server for .com

Your web server

IP address: 1.2.3.4

Name server for

example.com

www.example.com?

this name server knows about .com

www.example.com?

this name server knows about

example.com

www.example.com?

I know about www.example.com!

IP address 1.2.3.4

www.example.com?

IP: 1.2.3.4

I found an answer!

www.example.com is at the

IP address 1.2.3.4

What is DNS? (in under 5 minutes)

ISP’s DNS

Resolver

Root name server

Name server for .com

Your web server

IP address: 1.2.3.4

Name server for

example.com

www.example.com?

this name server knows about .com

www.example.com?

this name server knows about

example.com

www.example.com?

I know about www.example.com!

IP address 1.2.3.4

www.example.com?

IP: 1.2.3.4

HTTP request:

IP: 1.2.3.4

http://www.example.com

What is DNS? (in under 5 minutes)

ISP’s DNS

Resolver

Root name server

Name server for .com

Your web server

IP address: 1.2.3.4

Name server for

example.com

www.example.com?

this name server knows about .com

www.example.com?

this name server knows about

example.com

www.example.com?

I know about www.example.com!

IP address 1.2.3.4

www.example.com?

IP: 1.2.3.4

HTTP request:

IP: 1.2.3.4

http://www.example.com

Success!

What is DNS? Advantages of managed DNS

• Worldwide anycast network with redundant locations

• 100% availability SLA

• Advanced routing: LBR, Geo, WRR, Failover

• AWS integrations: Alias

• Manage via API, CLI, SDKs, AWS tools, third-party tools

Step by step: DNS for a basic website

Step by step: DNS for a basic website

ISP’s DNS

Resolver

Root name server

Name server for .com

Your web server

Name server for

example.com

Step by step: DNS for a basic website

ISP’s DNS

Resolver

Name server for .com

Your web server

Name server for

example.com

Root name server

Register a domain name

Step by step: DNS for a basic website

ISP’s DNS

Resolver

Name server for .com

Your web server

Root name server

Name server for

example.com

Register a domain name

Create a hosted zone

Step by step: DNS for a basic website

ISP’s DNS

Resolver

Name server for .com

Your web server

Root name server

Register a domain name

Name server for

example.com

Create a hosted zone

Create DNS records in your hosted

zone

Step by step: DNS for a basic website

ISP’s DNS

Resolver

Your web server

Name server for

example.com

Root name server

Name server for .com

“Delegate” to Route 53

Register a domain name

Create a hosted zone

Create DNS records in your hosted

zone

Step by step: domain name registration

ISP’s DNS

Resolver

Root name server

Your web server

Name server for

example.com

Name server for .com

Register a domain name

Step by step: domain name registration

You can do it in Route 53

You can do it elsewhere (another registrar)

We’ll show both:

• New domain name in Route 53

• Existing domain name in another registrar

Step by step: domain name registration

Steps to register domain name in Route 53

Console screenshots

Step by step: domain name registration

Step by step: domain name registration

Step by step: domain name registration

Step by step: domain name registration

If you’ve already registered a domain name using another

registrar:

• We’ll create a hosted zone in Route 53 and create

records in the hosted zone

• Then we’ll come back to your registrar to update name

servers to point to your Route 53 hosted zone

Domain Name: example.com

Step by step: domain name registration

Some Other Registrar

Domain Name: example.com

Registrant Contact Info Domain Settings Optional Extras

Name Servers DNS Other Stuff

ns1.someexampleregistrar.com

ns2.someexampleregistrar.com

ns3.someexampleregistrar.com

example.com

*.example.com

foo.example.com

www.example.com

A

CNAME

A

A

1.2.3.4

example.com

3.4.5.6

1.2.3.4

Step by step: domain name registration

Some Other Registrar

Domain Name: example.com

Registrant Contact Info Domain Settings Optional Extras

Name Servers DNS Other Stuff

ns1.someexampleregistrar.com

ns2.someexampleregistrar.com

ns3.someexampleregistrar.com

example.com

*.example.com

foo.example.com

www.example.com

A

CNAME

A

A

1.2.3.4

example.com

3.4.5.6

1.2.3.4

Step by step: create a hosted zone

ISP’s DNS

Resolver

Root name server

Name server for .com

Your web server

Name server for

example.com

Create a hosted zone

Create DNS records in your hosted

zone

Step by step: create a hosted zone

If you registered a new domain name in Route 53, we’ve

created a hosted zone for you.

Here’s how to find it in the console.

Step by step: create a hosted zone

Step by step: create a hosted zone

Step by step: create a hosted zone

Step by step: create a hosted zone

Step by step: create a hosted zone

Step by step: create a hosted zone

Step by step: create a hosted zone

Step by step: create a hosted zone

To create a hosted zone for an existing domain name:

Step by step: create a hosted zone

Step by step: create a hosted zone

Step by step: point records at your server

Root domain (example.com) vs. subdomain

(www.example.com)

Wildcard record – will respond to any unmatched subdomains

Let’s create records for example.com and www.example.com

and point them both at your web server

Step by step: point records at your server

Step by step: point records at your server

Step by step: point records at your server

Step by step: point records at your server

Step by step: point records at your server

Step by step: point records at your server

Step by step: point records at your server

Step by step: point records at your server

AWS resources you can create alias records for:

• Elastic Load Balancing

• AWS Elastic Beanstalk

• Amazon CloudFront*

• Amazon S3 website*

* DNS name must exactly match CloudFront alternate domain name or

S3 bucket name

Step by step: create more records

MX record: for your email service

TXT records for email validation, web analytics, certificates

Step by step: delegate to the hosted zone

ISP’s DNS

Resolver

Root name server

Your web server

Name server for

example.com

Name server for .com

Delegate to Route 53

Step by step: delegate to the hosted zone

Step by step: delegate to the hosted zone

This set of four name servers is called a delegation set.

For example:

• ns-1949.awsdns-51.co.uk

• ns-592.awsdns-09.net

• ns-317.awsdns-39.com

• ns-1158.awsdns-16.org

Step by step: delegate to the hosted zone

Step by step: delegate to the hosted zone

If your domain name is with another registrar, here’s how to

delegate to Route 53

Step by step: delegate to the hosted zone

Some Other Registrar

Domain Name: example.com

Registrant Contact Info Domain Settings Optional Extras

Name Servers DNS Other Stuff

ns1.someexampleregistrar.com

ns2.someexampleregistrar.com

ns3.someexampleregistrar.com

example.com

*.example.com

foo.example.com

www.example.com

A

CNAME

A

A

1.2.3.4

example.com

3.4.5.6

1.2.3.4

Step by step: delegate to the hosted zone

Some Other Registrar

Domain Name: example.com

Registrant Contact Info Domain Settings Optional Extras

Name Servers DNS Other Stuff

ns-1949.awsdns-51.co.uk

ns-592.awsdns-09.net

ns-317.awsdns-39.com

ns-1158.awsdns-16.org

example.com

*.example.com

foo.example.com

www.example.com

A

CNAME

A

A

1.2.3.4

example.com

3.4.5.6

1.2.3.4

Step by step: delegate to the hosted zone

When you migrate between DNS providers for an existing

domain, the change can take up to 48 hours to become

fully effective.

Why? Name server DNS records are typically cached

across the global DNS system for up to 48 hours.

Step by step: recap

ISP’s DNS

Resolver

Root name server

Name server for .com

Your web server

Name server for

example.com

Delegation: name servers for

example.com

Domain name: example.com

Hosted zone: example.com

DNS record:

www.example.com A 1.2.3.4

Step by step: recap

Let’s trace a request from client to TLD to authority (r53) to

web server

Step by step: recap

[[email protected]]$

Step by step: recap

[[email protected]]$ dig example.com

Step by step: recap

[[email protected]]$ dig example.com

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.37.rc1.45.amzn1 <<>> example.com

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47523

;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:

;example.com. IN A

;; ANSWER SECTION:

example.com. 60 IN A 175.41.145.117

;; Query time: 80 msec

;; SERVER: 172.31.0.2#53(172.31.0.2)

;; WHEN: Fri Nov 11 01:48:40 2016

;; MSG SIZE rcvd: 51

Step by step: recap

[[email protected]$ dig NS example.com

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.37.rc1.45.amzn1 <<>> NS example.com

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15971

;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:

;example.com. IN NS

;; ANSWER SECTION:

example.com. 3600 IN NS ns-1795.awsdns-32.co.uk.

example.com. 3600 IN NS ns-21.awsdns-02.com.

example.com. 3600 IN NS ns-678.awsdns-20.net.

example.com. 3600 IN NS ns-1456.awsdns-54.org.

Step by step: recap

[[email protected]$ dig NS example.com

; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.37.rc1.45.amzn1 <<>> NS example.com

;; global options: +cmd

;; Got answer:

;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15971

;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 0

;; QUESTION SECTION:

;example.com. IN NS

;; ANSWER SECTION:

example.com. 3600 IN NS ns-1795.awsdns-32.co.uk.

example.com. 3600 IN NS ns-21.awsdns-02.com.

example.com. 3600 IN NS ns-678.awsdns-20.net.

example.com. 3600 IN NS ns-1456.awsdns-54.org.

Step by step: recap

[[email protected]$ dig example.com +trace

Step by step: recap

[[email protected]$ dig example.com +trace

. 518400 IN NS B.ROOT-SERVERS.com.

...

;; Received 508 bytes from 172.31.0.2#53(172.31.0.2) in 6 ms

com. 172800 IN NS a.gtld-servers.com.

...

;; Received 492 bytes from 199.7.83.42#53(199.7.83.42) in 29 ms

example.com. 172800 IN NS ns-21.awsdns-02.com.

example.com. 172800 IN NS ns-678.awsdns-20.net.

example.com. 172800 IN NS ns-1795.awsdns-32.co.uk.

example.com. 172800 IN NS ns-1456.awsdns-54.org.

;; Received 203 bytes from 192.55.83.30#53(192.55.83.30) in 266 ms

example.com. 60 IN A 175.41.145.117

example.com. 172800 IN NS ns-1456.awsdns-54.org.

example.com. 172800 IN NS ns-1795.awsdns-32.co.uk.

example.com. 172800 IN NS ns-21.awsdns-02.com.

example.com. 172800 IN NS ns-678.awsdns-20.net.

;; Received 187 bytes from 205.251.197.176#53(205.251.197.176) in 25 ms

Getting a bit more advanced

• Private DNS in VPC

• Health checks and failover

• Multi-region scenarios: Geo and LBR

• Traffic flow

app-server-01.example.com?

IP: 10.0.1.2

Route 53 private DNS

Advanced: private DNS in VPC

Your app server

IP address: 10.0.3.4

virtual private cloud

Client: a server

in your VPC

Advanced: health checks and failover

Primary web server Backup web server

Route 53 health check

Advanced: health checks and failover

Primary web server Backup web server

Route 53 health check

Primary web server

Advanced: health checks and failover

Backup web server

Route 53 health check

Advanced: health checks and failover

Web server 1 Web server 2

Route 53 health check

Advanced: multi-region

Web server Web server

Web server

Region 1 Region 2

Region 3

Advanced: traffic flow

Advanced: traffic flow

Visit Session NET302: Managing

Global Traffic with Amazon Route

53 Traffic Flow

Real-world migration story:

Warner Bros. Entertainment

Overview

• About Warner Bros.

• Warner Bros. & AWS

• DNS setup before Route 53

• The road to Route 53

• Our results

• Next steps

About Warner Bros.

• A global leader in the creation, production, distribution,

licensing, and marketing of all forms of entertainment:

• Movies

• TV shows

• Games

• Huge portfolio of websites and internal applications

• Thousands of domains

Warner Bros. & AWS

• Multiple active projects to move applications – and even

entire data centers – to AWS

• Primary drivers for moving to AWS

• Application isolation – 150+ Accounts!

• Billing clarity

• Security

• Agility

• Long history of applications running on AWS (TMZ.com,

DramaFever, Turbine, and more!)

DNS setup before Route 53

• On-premises solution

• Bind9

• No self-service

• Poor fault tolerance

• Poor geographic distribution = poor international DNS lookup

times

• 25,000+ domains

• Some zones have over 10,000 records

• DNS without an API is misery

The road to Route 53

Problems to solve:

• Domain registration process

• Devise a scheme for reusable (and WB branded!)

delegation sets

• Find a way to import (and validate) thousands of zones

• IAM and delegating access to specific zones

• Several Route 53 default limits needed to be raised…

The road to Route 53

The road to Route 53

• Upper limit on a delegation set is 2,000

• …which means we need to migrate zones in chunks of 2,000 domains

• Our goal was to migrate 2-3 batches a week

• Write a tool to validate entire zones in Route 53 vs. Bind

• Write a tool to easily setup new domains

• Lower TTLs

• Find a tool to handle the migration: cli53 (with some custom patches)

The road to Route 53 – cli53 patches

The road to Route 53 – cli53 patches

Our results

• Migrated 25,000+ zones in < 6 weeks

• Upfront investment in automation resulted in a smooth,

error-free migration

• Ability to self-serve on zones

• Greatly reduced risk of DDoS attacks taking down DNS

• Increased performance!

Our results – DNS performance (before)

Latency in ms.

Our results – DNS performance (after)

Latency in ms.

Our results – branded delegation sets

Next steps

• Enable full self-service at the individual record level

• Leverage Route 53 advanced traffic policies

• Leverage Route 53 health checks

• Cleanup “legacy” (invalid) records

Thank you!

Remember to complete

your evaluations!

Amazon Route 53 survey

Give us your feedback about Route 53’s features and

usability at http://amzn.to/Route53_200

Meet the Route 53 team and get Route 53 swag at the

Networking, Content Delivery, & Media Solutions booth.

Related Sessions

NET201 Creating Your Virtual Data Center: VPC Fundamentals and Connectivity Options

NET401 Another Day, Another Billion Packets

NET305 Extending Datacenters to the Cloud: Connectivity Options and Considerations for

Hybrid Environments

NET302 Global Traffic Management with Amazon Route 53 Traffic Flow

NET304 Moving Mountains: Netflix's Migration into VPC

NET402 Deep Dive: AWS Direct Connect and VPNs

NET403 Elastic Load Balancing Deep Dive and Best Practices

NET203 From EC2 to ECS: How Capital One uses Application Load Balancer Features to

Serve Traffic at Scale

NET303 NextGen Networking: New Capabilities for Amazon’s Virtual Private Cloud