THE AWS CERTIFIED ADVANCED NETWORKING – SPECIALTY EXAM OBJECTIVES COVERED IN THIS CHAPTER MAY INCLUDE, BUT ARE NOT LIMITED TO, THE FOLLOWING:
Objective 1.2: Design DNS solutions that meet public, private, and hybrid requirements.
Before we go into all of the details of DNS and Route 53 needed to ace the Advanced Networking exam, let’s first set a DNS knowledge baseline and then get into the specifics of the AWS DNS service known as Route 53.
The Domain Name System (DNS) is key to the efficient operation of all IP-based networks including the Internet and Amazon Web Services. Its primary function is to store and disseminate the mappings from a human-readable domain name to the IP address used by the actual systems on the network. It is easy to think of DNS as the “phone book” of the Internet. DNS also has many extended and advanced features that we will explore here and in Chapter 3, “Hybrid and Multi-account DNS.”
The Internet runs on numbers, and we humans are not all that good at remembering them. To make networking more user-friendly, the Domain Name System is used so that all devices, including smartphones, tablets, and laptops all the way up to the largest server farms on the Internet, use human-understandable domain names. DNS then maps the human-readable name to the IP address used by the machines running on the AWS cloud, private networks, and the Internet. This name-to-numbers mapping would, for example, translate www.tipofthehat.com when typed into a browser to an IP address of 172.16.36.221, which is returned to the requester so that the computers can then use it to connect to each other. This process is known as a DNS query. DNS is a universal service and absolutely critical for the operation of the AWS cloud, the Internet, and private networks.
The AWS DNS service is known as Route 53 and is a play on the TCP/UDP port number of 53 that DNS uses. Route 53 has a large feature set and is much more than just a database mapping from domain to IP address, as we will learn. There are many DNS applications available to use, including the popular BIND server created in the early days of DNS at University of California, Berkeley. You can set up your own DNS system running on either Linux or Windows servers. The application service model used by AWS offers many advantages over a do-it-yourself method including a fully managed DNS service with 100 percent uptime service-level agreements, a web configuration interface, and APIs, eliminating the need to manage the underlying servers, software updates, redundancy, and global distribution. Route 53 features close integration with many other AWS services, advanced feature sets including domain name registration services, security enhancements, and more.
Route 53 maps requests to services running in the AWS cloud such as EC2 instances, load balancers, RDS databases, containers, CloudWatch, or any other service. Route 53 operations are not exclusive to AWS and can be used to access any device containing an IP address on the public Internet or your private devices. Route 53 is a global network of DNS servers located at AWS edge locations and regions and is not specific to any single region. The global DNS server network offers high availability and fast response times to users regardless of their location.
As we will cover later in the chapter, Route 53 has many advanced features such as routing requests based on latency, geographic proximity of the origin to the destination, and round-robin responses. These routing policies can be then combined with failover options for flexibility in setting up a low-latency and fault-tolerant deployment. Multiple policies can be configured based on delay, proximity, and health. These policies can be stored and enabled or disabled based on your specific requirements.
Hybrid architectures to interconnect Route 53 to your internal DNS infrastructure are offered including Direct Connect, VPC resolutions, VPN services managed by AWS, and private and on-premise data centers.
Route 53 can be set up and managed using the web console, the command line, CloudFormation, or APIs for automation. Billing is based on what you use, and AWS includes service-level agreements for peace of mind. Security is provided with Identity and Access Management (IAM) integration and DNS firewall integration.
Since Route 53 runs as a service, AWS maintains all the underlying infrastructure worldwide and scales the services to meet demand without the customers needing to manage performance.