视频来源:B站《AWS 认证解决方案架构师 助理级 SAA-C03》
一边学习一边整理老师的课程内容及试验笔记,并与大家分享,侵权即删,谢谢支持!
附上汇总贴:AWS助理架构师认证培训 | 汇总_热爱编程的通信人的博客-CSDN博客
What is a DNS
What is DNS?
- Domain Name System which translates the human friendly hostnames into the machine IP addresses
- http://www.google.com => 172.217.18.36
- DNS is the backbone of the Internet
- DNS uses hierarchical naming structure
DNS Terminologies
- Domain Registrar: Amazon Route 53, GoDaddy, ...
- DNS Records: A, AAAA, CNAME, NS, ...
- Zone File: contains DNS records
- Name Server: resolves DNS queries (Authoritative or Non-Authoritative)
- Top Level Domain (TLD): .com, .us, .in, .gov, .org, ...
- Second Level Domain (SLD): amazon.com, google.com, ...
How DNS Works
Route 53 Overview
Amazon Route 53
- A highly available, scalable, fully managed and Authoritative DNS Authoritative = the customer (you) can update the DNS records
- Route 53 is also a Domain Registrar
- Ability to check the health of your resources
- The only AWS service which provides 100% availability SLA
- Why Route 53? 53 is a reference to the traditional DNS port
Route 53 - Records
- How you want to route traffic for a domain
- Each record contains:Domain/subdomain Name - e.g., http://example.com Record Type - e.g., A or AAAAValue - e.g., 12.34.56.78Routing Policy - how Route 53 responds to queries TTL - amount of time the record cached at DNS Resolvers
- Route 53 supports the following DNS record types:(must know) A / AAAA / CNAME / NS(advanced) CAA / DS / MX / NAPTR / PTR / SOA / TXT / SPF / SRV
Route 53 - Record Types
- A - maps a hostname to IPv4
- AAAA - maps a hostname to IPv6
- CNAME - maps a hostname to another hostname The target is a domain name which must have an A or AAAA record Can't create a CNAME record for the top node of a DNS namespace (Zone Apex)Example: you can't create for example.com, but you can create for http://www.example.com
- NS - Name Servers for the Hosted Zone Control how traffic is routed for a domain
Route 53 - Hosted Zones
- A container for records that define how to route traffic to a domain and its subdomains
- Public Hosted Zones - contains records that specify how to route traffic on the Internet (public domain names) http://application1.mypublicdomain.com
- Private Hosted Zones - contain records that specify how you route traffic within one or more VPCs (private domain names) application1.company.internal
- You pay $0.50 per month per hosted zone
Route 53 - Public vs. Private Hosted Zones
Route 53 - TTL
Route 53 - Records TTL (Time To Live)
- High TTL - e.g, 24hrLess traffic on Route 53Possibly outdated records
- LowTTL - e.g., 60secMore traffic on Route 53 ($$)Records are outdated for less timeEasy to change records
- Except for Alias records, TTL is mandatory for each DNS record
Route 53 CNAME vs Alias
CNAME vs Alias
- AWS Resources (LoadBalancer, Cloud Front...) expose an AWS hostname:http://lb1-1234.us-east-2.elb.amazonaws.com and you want http://myapp.mydomain.com
- CNAME:Points a hostname to any other hostname. (http://app.mydomain.com => http://blabla.anything.com)ONLY FOR NON ROOT DOMAIN (http://aka.something.mydomain.com)
- Alias:Points a hostname to an AWS Resource (http://app.mydomain.com => http://blabla.amazonaws.com)Works for ROOT DOMAIN and NON ROOT DOMAIN (http://akamydomain.com)Free of chargeNative health check
Route 53 - Alias Records
- Maps a hostname to an AWS resource
- An extension to DNS functionality
- Automatically recognizes changes in the resource's IP addresses
- Unlike CNAME, it can be used for the top node of a DNS namespace (Zone Apex), e.g.: http://example.com
- Alias Record is always of type A/AAAA for AWS resources (IPv4/IPv6)
- You can't set the TTL
Route 53 - Alias Records Targets
- Elastic Load Balancers
- CloudFront Distributions
- API Gateway
- Elastic Beanstalk environments
- S3 Websites
- VPC Interface Endpoints
- Global Accelerator accelerator
- Route 53 record in the same hosted zone
- You cannot set an ALIAS record for an EC2 DNS name
Routing Policy - Simple
Route 53 - Routing Policies
- Define how Route 53 responds to DNS queries
- Don't get confused by the word "Routting"It's not the same as Load balancer routing which routes the traffic DNS does not route any traffic, it only responds to the DNS queries
- Route 53 Supports the following Routing Policies Simple Weighted Failover Latency based Geolocation Multi-Value Answer Geoproximity (using Route 53 Traffic Flow feature)
Routing Policies - Simple
- Typically, route traffic to a single resource
- Can specify multiple values in the same record
- If multiple values are returned, a random one is chosen by the client
- When Alias enabled, specify only one AWS resource
- Can't be associated with Health Checks
Routing Policy - Weighted
Routing Policies - Weighted
- Control the % of the requests that go to each specific resource
- Assign each record a relative weight:traffic(%) = Weight for a specific record / Sum of all the weights for all recordsWeights dont need to sum up to 100
- DNS records must have the same name and type
- Can be associated with Health Checks
- Use cases: load balancing between regions, testing new application versions...
- Assign a weight of 0 to a record to stop sending traffic to a resource
- If all records have weight of 0, then all records will be returned equally
Routing Policy - Latency
Routing Policies - Latency-based
- Redirect to the resource that has the least latency close to us
- Super helpful when latency for users is a priority
- Latency is based on traffic between users and AWS Regions
- Germany users maybe directed'to the US (if that's the lowest latency)
- Can be associated with Health Checks (has a failover capability)
Route 53 - Health Checks
Route 53 - Health Checks
- HTTP Health Checks are only for public resources
- Health Check => Automated DNS Failover:Health checks that monitor an endpoint (application, server, other AWS resource)Health checks that monitor other health checks (Calculated Health Checks)Health checks that monitor CloudWatch Alarms (full control!!) - e.g., throttles of Dynamo DB, alarms on RDS, custom metrics, ... (helpful for private resources)
- Health Checks are integrated with CW metrics
Health Checks - Monitor an Endpoint
- About 15 global health checkers will check the endpoint healthHealthy/Unhealthy Threshold - 3 (default)Interval - 30sec (can set to 10 sec - higher cost)Supported protocol: HTTP, HTTPS and TCPlf > 18% of health checkers report the endpoint is healthy, Route 53 considers it Healthy. Otherwise, it's UnhealthyAbility to choose which locations you want Route 53 to use
- Health Checks pass only when the endpoint responds with the 2xx and 3xx status codes
- Health Checks can be setup to pass / fail based on the text in the first 5120 bytes of the response
- Configure you router/firewall to allow incoming requests from Route 53 Health Checkers
Route 53 - Calculated Health Checks
- Combine the results of multiple Health Checks into a single Health Check
- You can use OR, AND, or NOT
- Can monitor up to 256 Child Health Checks
- Specify how many of the health checks need to pass to make the parent pass
- Usage: perform maintenance to your website without causing all health checks to fail
Health Checks - Private Hosted Zones
- Route 53 health checkers are outside the VPC
- They can't access private endpoints (private VPC or on-premises resource)
- You can create a CloudWatch Metric and associate a CloudWatch Alarm, then create a Health Check that checks the alarm itself
Routing Policy - Failover
Routing Policies - Failover (Active-Passive)
Routing Policy - Geolocation
Routing Policies - Geolocation
- Different from Latency-based!
- This routing is based on user location
- Specify location by Continent, Country or by US State (if there's overlapping, most precise location selected)
- Should create a "Default" record (in case there's no match on location)
- Use cases: website localization, restrict content distribution, load balancing, ...
- Can be associated with Health Checks
Routing Policy - Geoproximity
Geoproximity Routing Policy
- Route traffic to your resources based on the geographic location of users and resources
- Ability to shift more traffic to resources based on the defined bias
- To change the size of the geographic region, specify bias values:To expand (1 to 99) - more traffic to the resourceTo shrink (-1 to -99) - less traffic to the resource
- Resources can be:AWS resources (specify AWS region)Non-AWS resources (specify Latitude and Longitude)
- You must use Route 53 Traffic Flow (advanced) to use this feature
Geoproximity Routing Policy Higher bias in us-east-1
Routing Policy - Multi Value
Routing Policies - Muti-Value
- Use when routing traffic to multiple resources
- Route 53 return multiple values/resources
- Can be associated with Health Checks (return only values for healthy resources)
- Up to 8 healthy records are returned for each Multi-Value query
- Multi-Value is not a substitute for having an ELB
3rd Party Domains & Route 53
Domain Registrar vs. DNS Service
- You buy or register your domain name with a Domain Registrar typically by paying annual charges (e.g., GoDaddy, Amazon Registrar Inc., ...)
- The Domain Registrar usually provides you with a DNS service to manage your DNS records
- But you can use another DNS service to manage your DNS records
- Example: purchase the domain from GoDaddy and use Route 53 to manage your DNS records
GoDaddy as Registrar & Route 53 as DNS Service
3rd Party Registrar with Amazon Route 53
- lf you buy your domain on a 3rd party registrar, you can still use Route 53 as the DNS Service provider
- Create a Hosted Zone in Route 53
- Update NS Records on 3rd party website to use Route 53 Name Servers
- Domain Registrar != DNS Service
- But every Domain Registrar usually comes with some DNS features