Successfully reported this slideshow.
We use your LinkedIn profile and activity data to personalize ads and to show you more relevant ads. You can change your ad preferences anytime.

AWS re:Invent 2016: DNS Demystified: Getting Started with Amazon Route 53, featuring Warner Bros. Entertainment (NET202)

2,662 views

Published on

Whether you’re running a simple website, a mobile app, or a suite of business applications, DNS is a fundamental part of any architecture in the cloud. In this mid-level architecture session, we’ll cover everything you need to get started with Amazon Route 53, AWS’s highly-available DNS service. You’ll learn how to use public DNS, including routing techniques such as weighted round-robin, latency-based routing, and geo DNS; how to configure DNS failover using health checks; how and when to use private DNS within your Virtual Private Cloud (VPC); and how Amazon Route 53 interacts with Amazon EC2’s DNS for instance naming and DNS resolution across your network.

We will conclude the session with a real-world migration example. Warner Bros. Entertainment recently completed a full DNS migration to Route 53. Vahram Sukyas, Vice President, Application Infrastructure & Operations at Warner Bros. Entertainment, will share details on his team's architecture, migration strategy, and lessons learned which are useful for enterprises and startups alike.

Published in: Technology

AWS re:Invent 2016: DNS Demystified: Getting Started with Amazon Route 53, featuring Warner Bros. Entertainment (NET202)

  1. 1. © 2016, Amazon Web Services, Inc. or its Affiliates. All rights reserved. November 30, 2016 NET202 DNS Demystified Getting Started with Amazon Route 53, Featuring Warner Bros. Entertainment Sean Meckley, Sr. Product Manager, Amazon Route 53 Vahram Sukyas, Vice President, Application Infrastructure & Operations, Warner Bros. Entertainment
  2. 2. What to expect from the session • What is DNS? (in under 5 minutes) • Step-by-step: setting up DNS for a basic web application • Improving availability and performance with advanced DNS features • Strategies for migrating multiple domains to Amazon Route 53 • Real-world migration example: Warner Bros. Entertainment
  3. 3. What is DNS? (in under 5 minutes)
  4. 4. What is DNS? (in under 5 minutes) Your web server
  5. 5. What is DNS? (in under 5 minutes) Your web server IP address: 1.2.3.4
  6. 6. What is DNS? (in under 5 minutes) Your web server IP address: 1.2.3.4 www.example.com
  7. 7. What is DNS? (in under 5 minutes) Your web server IP address: 1.2.3.4
  8. 8. What is DNS? (in under 5 minutes) Your web server IP address: 1.2.3.4
  9. 9. What is DNS? (in under 5 minutes) http://www.example.com Your web server IP address: 1.2.3.4
  10. 10. What is DNS? (in under 5 minutes) ISP’s DNS Resolver Your web server IP address: 1.2.3.4 www.example.com?
  11. 11. What is DNS? (in under 5 minutes) ISP’s DNS Resolver Root name server Your web server IP address: 1.2.3.4 www.example.com? www.example.com?
  12. 12. What is DNS? (in under 5 minutes) ISP’s DNS Resolver Root name server Name server for .com Your web server IP address: 1.2.3.4 www.example.com? this name server knows about .com www.example.com?
  13. 13. What is DNS? (in under 5 minutes) ISP’s DNS Resolver Root name server Name server for .com Your web server IP address: 1.2.3.4 www.example.com? this name server knows about .com www.example.com? www.example.com?
  14. 14. What is DNS? (in under 5 minutes) ISP’s DNS Resolver Root name server Name server for .com Your web server IP address: 1.2.3.4 Name server for example.com www.example.com? this name server knows about .com www.example.com? this name server knows about example.com www.example.com?
  15. 15. What is DNS? (in under 5 minutes) ISP’s DNS Resolver Root name server Name server for .com Your web server IP address: 1.2.3.4 Name server for example.com www.example.com? this name server knows about .com www.example.com? this name server knows about example.com www.example.com? Q: How does .com name server know?
  16. 16. What is DNS? (in under 5 minutes) ISP’s DNS Resolver Root name server Name server for .com Your web server IP address: 1.2.3.4 Name server for example.com www.example.com? this name server knows about .com www.example.com? this name server knows about example.com www.example.com? Q: How does .com name server know? A: Your domain name registrar updates this info on your behalf
  17. 17. What is DNS? (in under 5 minutes) ISP’s DNS Resolver Root name server Name server for .com Your web server IP address: 1.2.3.4 Name server for example.com www.example.com? this name server knows about .com www.example.com? this name server knows about example.com www.example.com? www.example.com?
  18. 18. What is DNS? (in under 5 minutes) ISP’s DNS Resolver Root name server Name server for .com Your web server IP address: 1.2.3.4 Name server for example.com www.example.com? this name server knows about .com www.example.com? this name server knows about example.com www.example.com? I know about www.example.com! IP address 1.2.3.4 www.example.com?
  19. 19. What is DNS? (in under 5 minutes) ISP’s DNS Resolver Root name server Name server for .com Your web server IP address: 1.2.3.4 Name server for example.com www.example.com? this name server knows about .com www.example.com? this name server knows about example.com www.example.com? I know about www.example.com! IP address 1.2.3.4 www.example.com? Q: How does Route 53 know?
  20. 20. What is DNS? (in under 5 minutes) ISP’s DNS Resolver Root name server Name server for .com Your web server IP address: 1.2.3.4 Name server for example.com www.example.com? this name server knows about .com www.example.com? this name server knows about example.com www.example.com? I know about www.example.com! IP address 1.2.3.4 www.example.com? Q: How does Route 53 know? A: You’ve created a hosted zone for example.com in Route 53
  21. 21. What is DNS? (in under 5 minutes) ISP’s DNS Resolver Root name server Name server for .com Your web server IP address: 1.2.3.4 Name server for example.com www.example.com? this name server knows about .com www.example.com? this name server knows about example.com www.example.com? I know about www.example.com! IP address 1.2.3.4 www.example.com? IP: 1.2.3.4 I found an answer! www.example.com is at the IP address 1.2.3.4
  22. 22. What is DNS? (in under 5 minutes) ISP’s DNS Resolver Root name server Name server for .com Your web server IP address: 1.2.3.4 Name server for example.com www.example.com? this name server knows about .com www.example.com? this name server knows about example.com www.example.com? I know about www.example.com! IP address 1.2.3.4 www.example.com? IP: 1.2.3.4 HTTP request: IP: 1.2.3.4 http://www.example.com
  23. 23. What is DNS? (in under 5 minutes) ISP’s DNS Resolver Root name server Name server for .com Your web server IP address: 1.2.3.4 Name server for example.com www.example.com? this name server knows about .com www.example.com? this name server knows about example.com www.example.com? I know about www.example.com! IP address 1.2.3.4 www.example.com? IP: 1.2.3.4 HTTP request: IP: 1.2.3.4 http://www.example.com Success!
  24. 24. What is DNS? Advantages of managed DNS • Worldwide anycast network with redundant locations • 100% availability SLA • Advanced routing: LBR, Geo, WRR, Failover • AWS integrations: Alias • Manage via API, CLI, SDKs, AWS tools, third-party tools
  25. 25. Step by step: DNS for a basic website
  26. 26. Step by step: DNS for a basic website ISP’s DNS Resolver Root name server Name server for .com Your web server Name server for example.com
  27. 27. Step by step: DNS for a basic website ISP’s DNS Resolver Name server for .com Your web server Name server for example.com Root name server Register a domain name
  28. 28. Step by step: DNS for a basic website ISP’s DNS Resolver Name server for .com Your web server Root name server Name server for example.com Register a domain name Create a hosted zone
  29. 29. Step by step: DNS for a basic website ISP’s DNS Resolver Name server for .com Your web server Root name server Register a domain name Name server for example.com Create a hosted zone Create DNS records in your hosted zone
  30. 30. Step by step: DNS for a basic website ISP’s DNS Resolver Your web server Name server for example.com Root name server Name server for .com “Delegate” to Route 53 Register a domain name Create a hosted zone Create DNS records in your hosted zone
  31. 31. Step by step: domain name registration ISP’s DNS Resolver Root name server Your web server Name server for example.com Name server for .com Register a domain name
  32. 32. Step by step: domain name registration You can do it in Route 53 You can do it elsewhere (another registrar) We’ll show both: • New domain name in Route 53 • Existing domain name in another registrar
  33. 33. Step by step: domain name registration Steps to register domain name in Route 53 Console screenshots
  34. 34. Step by step: domain name registration
  35. 35. Step by step: domain name registration
  36. 36. Step by step: domain name registration
  37. 37. Step by step: domain name registration If you’ve already registered a domain name using another registrar: • We’ll create a hosted zone in Route 53 and create records in the hosted zone • Then we’ll come back to your registrar to update name servers to point to your Route 53 hosted zone
  38. 38. Domain Name: example.com Step by step: domain name registration Some Other Registrar Domain Name: example.com Registrant Contact Info Domain Settings Optional Extras Name Servers DNS Other Stuff ns1.someexampleregistrar.com ns2.someexampleregistrar.com ns3.someexampleregistrar.com example.com *.example.com foo.example.com www.example.com … … … … A CNAME A A 1.2.3.4 example.com 3.4.5.6 1.2.3.4 … … … … … … … … … … … …
  39. 39. Step by step: domain name registration Some Other Registrar Domain Name: example.com Registrant Contact Info Domain Settings Optional Extras Name Servers DNS Other Stuff ns1.someexampleregistrar.com ns2.someexampleregistrar.com ns3.someexampleregistrar.com example.com *.example.com foo.example.com www.example.com … … … … A CNAME A A 1.2.3.4 example.com 3.4.5.6 1.2.3.4 … … … … … … … … … … … …
  40. 40. Step by step: create a hosted zone ISP’s DNS Resolver Root name server Name server for .com Your web server Name server for example.com Create a hosted zone Create DNS records in your hosted zone
  41. 41. Step by step: create a hosted zone If you registered a new domain name in Route 53, we’ve created a hosted zone for you. Here’s how to find it in the console.
  42. 42. Step by step: create a hosted zone
  43. 43. Step by step: create a hosted zone
  44. 44. Step by step: create a hosted zone
  45. 45. Step by step: create a hosted zone
  46. 46. Step by step: create a hosted zone
  47. 47. Step by step: create a hosted zone
  48. 48. Step by step: create a hosted zone
  49. 49. Step by step: create a hosted zone To create a hosted zone for an existing domain name:
  50. 50. Step by step: create a hosted zone
  51. 51. Step by step: create a hosted zone
  52. 52. Step by step: point records at your server Root domain (example.com) vs. subdomain (www.example.com) Wildcard record – will respond to any unmatched subdomains Let’s create records for example.com and www.example.com and point them both at your web server
  53. 53. Step by step: point records at your server
  54. 54. Step by step: point records at your server
  55. 55. Step by step: point records at your server
  56. 56. Step by step: point records at your server
  57. 57. Step by step: point records at your server
  58. 58. Step by step: point records at your server
  59. 59. Step by step: point records at your server
  60. 60. Step by step: point records at your server AWS resources you can create alias records for: • Elastic Load Balancing • AWS Elastic Beanstalk • Amazon CloudFront* • Amazon S3 website* * DNS name must exactly match CloudFront alternate domain name or S3 bucket name
  61. 61. Step by step: create more records MX record: for your email service TXT records for email validation, web analytics, certificates
  62. 62. Step by step: delegate to the hosted zone ISP’s DNS Resolver Root name server Your web server Name server for example.com Name server for .com Delegate to Route 53
  63. 63. Step by step: delegate to the hosted zone
  64. 64. Step by step: delegate to the hosted zone This set of four name servers is called a delegation set. For example: • ns-1949.awsdns-51.co.uk • ns-592.awsdns-09.net • ns-317.awsdns-39.com • ns-1158.awsdns-16.org
  65. 65. Step by step: delegate to the hosted zone
  66. 66. Step by step: delegate to the hosted zone If your domain name is with another registrar, here’s how to delegate to Route 53
  67. 67. Step by step: delegate to the hosted zone Some Other Registrar Domain Name: example.com Registrant Contact Info Domain Settings Optional Extras Name Servers DNS Other Stuff ns1.someexampleregistrar.com ns2.someexampleregistrar.com ns3.someexampleregistrar.com example.com *.example.com foo.example.com www.example.com … … … … A CNAME A A 1.2.3.4 example.com 3.4.5.6 1.2.3.4 … … … … … … … … … … … …
  68. 68. Step by step: delegate to the hosted zone Some Other Registrar Domain Name: example.com Registrant Contact Info Domain Settings Optional Extras Name Servers DNS Other Stuff ns-1949.awsdns-51.co.uk ns-592.awsdns-09.net ns-317.awsdns-39.com ns-1158.awsdns-16.org example.com *.example.com foo.example.com www.example.com … … … … A CNAME A A 1.2.3.4 example.com 3.4.5.6 1.2.3.4 … … … … … … … … … … … …
  69. 69. Step by step: delegate to the hosted zone When you migrate between DNS providers for an existing domain, the change can take up to 48 hours to become fully effective. Why? Name server DNS records are typically cached across the global DNS system for up to 48 hours.
  70. 70. Step by step: recap ISP’s DNS Resolver Root name server Name server for .com Your web server Name server for example.com Delegation: name servers for example.com Domain name: example.com Hosted zone: example.com DNS record: www.example.com A 1.2.3.4
  71. 71. Step by step: recap Let’s trace a request from client to TLD to authority (r53) to web server
  72. 72. Step by step: recap [ec2-user@10.0.1.3]$
  73. 73. Step by step: recap [ec2-user@10.0.1.3]$ dig example.com
  74. 74. Step by step: recap [ec2-user@10.0.1.3]$ dig example.com ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.37.rc1.45.amzn1 <<>> example.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 47523 ;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;example.com. IN A ;; ANSWER SECTION: example.com. 60 IN A 175.41.145.117 ;; Query time: 80 msec ;; SERVER: 172.31.0.2#53(172.31.0.2) ;; WHEN: Fri Nov 11 01:48:40 2016 ;; MSG SIZE rcvd: 51
  75. 75. Step by step: recap [ec2-user@10.0.1.3$ dig NS example.com ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.37.rc1.45.amzn1 <<>> NS example.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15971 ;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;example.com. IN NS ;; ANSWER SECTION: example.com. 3600 IN NS ns-1795.awsdns-32.co.uk. example.com. 3600 IN NS ns-21.awsdns-02.com. example.com. 3600 IN NS ns-678.awsdns-20.net. example.com. 3600 IN NS ns-1456.awsdns-54.org.
  76. 76. Step by step: recap [ec2-user@10.0.1.3$ dig NS example.com ; <<>> DiG 9.8.2rc1-RedHat-9.8.2-0.37.rc1.45.amzn1 <<>> NS example.com ;; global options: +cmd ;; Got answer: ;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 15971 ;; flags: qr rd ra; QUERY: 1, ANSWER: 4, AUTHORITY: 0, ADDITIONAL: 0 ;; QUESTION SECTION: ;example.com. IN NS ;; ANSWER SECTION: example.com. 3600 IN NS ns-1795.awsdns-32.co.uk. example.com. 3600 IN NS ns-21.awsdns-02.com. example.com. 3600 IN NS ns-678.awsdns-20.net. example.com. 3600 IN NS ns-1456.awsdns-54.org.
  77. 77. Step by step: recap [ec2-user@10.0.1.3$ dig example.com +trace
  78. 78. Step by step: recap [ec2-user@10.0.1.3$ dig example.com +trace . 518400 IN NS B.ROOT-SERVERS.com. ... ;; Received 508 bytes from 172.31.0.2#53(172.31.0.2) in 6 ms com. 172800 IN NS a.gtld-servers.com. ... ;; Received 492 bytes from 199.7.83.42#53(199.7.83.42) in 29 ms example.com. 172800 IN NS ns-21.awsdns-02.com. example.com. 172800 IN NS ns-678.awsdns-20.net. example.com. 172800 IN NS ns-1795.awsdns-32.co.uk. example.com. 172800 IN NS ns-1456.awsdns-54.org. ;; Received 203 bytes from 192.55.83.30#53(192.55.83.30) in 266 ms example.com. 60 IN A 175.41.145.117 example.com. 172800 IN NS ns-1456.awsdns-54.org. example.com. 172800 IN NS ns-1795.awsdns-32.co.uk. example.com. 172800 IN NS ns-21.awsdns-02.com. example.com. 172800 IN NS ns-678.awsdns-20.net. ;; Received 187 bytes from 205.251.197.176#53(205.251.197.176) in 25 ms
  79. 79. Getting a bit more advanced • Private DNS in VPC • Health checks and failover • Multi-region scenarios: Geo and LBR • Traffic flow
  80. 80. app-server-01.example.com? IP: 10.0.1.2 Route 53 private DNS Advanced: private DNS in VPC Your app server IP address: 10.0.3.4 virtual private cloud Client: a server in your VPC
  81. 81. Advanced: health checks and failover Primary web server Backup web server Route 53 health check
  82. 82. Advanced: health checks and failover Primary web server Backup web server Route 53 health check
  83. 83. Primary web server Advanced: health checks and failover Backup web server Route 53 health check
  84. 84. Advanced: health checks and failover Web server 1 Web server 2 Route 53 health check
  85. 85. Advanced: multi-region Web server Web server Web server Region 1 Region 2 Region 3
  86. 86. Advanced: traffic flow
  87. 87. Advanced: traffic flow Visit Session NET302: Managing Global Traffic with Amazon Route 53 Traffic Flow
  88. 88. Real-world migration story: Warner Bros. Entertainment
  89. 89. Overview • About Warner Bros. • Warner Bros. & AWS • DNS setup before Route 53 • The road to Route 53 • Our results • Next steps
  90. 90. About Warner Bros. • A global leader in the creation, production, distribution, licensing, and marketing of all forms of entertainment: • Movies • TV shows • Games • Huge portfolio of websites and internal applications • Thousands of domains
  91. 91. Warner Bros. & AWS • Multiple active projects to move applications – and even entire data centers – to AWS • Primary drivers for moving to AWS • Application isolation – 150+ Accounts! • Billing clarity • Security • Agility • Long history of applications running on AWS (TMZ.com, DramaFever, Turbine, and more!)
  92. 92. DNS setup before Route 53 • On-premises solution • Bind9 • No self-service • Poor fault tolerance • Poor geographic distribution = poor international DNS lookup times • 25,000+ domains • Some zones have over 10,000 records • DNS without an API is misery
  93. 93. The road to Route 53 Problems to solve: • Domain registration process • Devise a scheme for reusable (and WB branded!) delegation sets • Find a way to import (and validate) thousands of zones • IAM and delegating access to specific zones • Several Route 53 default limits needed to be raised…
  94. 94. The road to Route 53
  95. 95. The road to Route 53 • Upper limit on a delegation set is 2,000 • …which means we need to migrate zones in chunks of 2,000 domains • Our goal was to migrate 2-3 batches a week • Write a tool to validate entire zones in Route 53 vs. Bind • Write a tool to easily setup new domains • Lower TTLs • Find a tool to handle the migration: cli53 (with some custom patches)
  96. 96. The road to Route 53 – cli53 patches
  97. 97. The road to Route 53 – cli53 patches
  98. 98. Our results • Migrated 25,000+ zones in < 6 weeks • Upfront investment in automation resulted in a smooth, error-free migration • Ability to self-serve on zones • Greatly reduced risk of DDoS attacks taking down DNS • Increased performance!
  99. 99. Our results – DNS performance (before) Latency in ms.
  100. 100. Our results – DNS performance (after) Latency in ms.
  101. 101. Our results – branded delegation sets
  102. 102. Next steps • Enable full self-service at the individual record level • Leverage Route 53 advanced traffic policies • Leverage Route 53 health checks • Cleanup “legacy” (invalid) records
  103. 103. Thank you!
  104. 104. Remember to complete your evaluations!
  105. 105. Amazon Route 53 survey Give us your feedback about Route 53’s features and usability at http://amzn.to/Route53_200 Meet the Route 53 team and get Route 53 swag at the Networking, Content Delivery, & Media Solutions booth.
  106. 106. Related Sessions NET201 Creating Your Virtual Data Center: VPC Fundamentals and Connectivity Options NET401 Another Day, Another Billion Packets NET305 Extending Datacenters to the Cloud: Connectivity Options and Considerations for Hybrid Environments NET302 Global Traffic Management with Amazon Route 53 Traffic Flow NET304 Moving Mountains: Netflix's Migration into VPC NET402 Deep Dive: AWS Direct Connect and VPNs NET403 Elastic Load Balancing Deep Dive and Best Practices NET203 From EC2 to ECS: How Capital One uses Application Load Balancer Features to Serve Traffic at Scale NET303 NextGen Networking: New Capabilities for Amazon’s Virtual Private Cloud

×