Amazon AWS SysOps – Networking – Route 53 part 1
- Section Introduction
Now, we’re getting into the networking sections, and this one is about Route 53. Now, Route 53 is an easy topic when you think about it. Before a sysps exam, you’re supposed to know Route 53 in and outs. So we’ll have an in depth look and we’ll understand the Ttl and the implications of the Ttl CNAME versus alias. We’ll understand about health checks and we’ll learn about all the routing policies in depth. That includes simple weighted latency failover location and MultiValue. I have included graphs for all of these. Finally, there is a very little known topic of how to integrate a third party domain with Route 53 using NS records. And we’ll see how to do this in this section as well. I hope you’re excited and I will see you in the next lecture.
- Route 53 Overview
So let’s learn Route 53, which is a very important service in AWS. It is a managed DNS and DNS stands for Domain Name System. So what is DNS? Well, a DNS is a collection of rules and records which will help clients. So that could be, for example, a web browser understand how to reach a server through its domain name. So in AWS there are four common records that you should know. There is the A record which maps a hostname. For example, myapp example to an iPV four, there is quadruple A which is mapping a hostname to an iPV six address CNAME. And I have a whole lecture dedicated to CNAME, which maps a hostname to another hostname, and finally Alias, which maps a hostname to an AWS resource.
So we have to remember these four types of records, but don’t worry, we’re going to practice those into this section. Okay? So let’s do a deeper dive and look at a diagram of how route 53 will work. So we have a web browser and it wants to access our application. And our application is on an application server which has an iPV four, which is 32. 45 point 67. 85. And we want to be able to get access to that server. So behind the scenes, our web browser is going to make a DNS request to our DNS system, which is route 53 in this instance. And it’s going to say, hey, for myapp my domain. com, I’m giving you a DNS request to route 53 and I want you to tell me where this is located.
So we have a host name and route 53 will say, here is the IP you should be looking at. It is 32. 45 point 67. 85. And this isn’t therefore a record because we have mapped a hostname to a IP. And then the web browser has finished the DNS request and it’s say, okay, I know where to go now, so I’m going to do an Http request and I know the target IP and I’m going to do an Http request. And the server will then receive the request and say, okay, here is your Http response. And this is the basics of how a DNS works. Now obviously a DNS can be way more complicated, but at a high level, this is what you get. A web browser making a DNS query to a DNS system such as Route 53. And then the web browser is able to reach your server where it is located.
So Route 53 can use different things. It can use public domain name that you own or buy, and then you can have whatever you want. Application one, Mypublic domain. com or a private domain that can only be resolved by your instances within your Vpc. So for example, this domain application one company internal, that’s not something you can purchase on the Internet. You’ll have to make this a private domain and that’s only your applications can resolve this thing. Now, Route 53 has a lot of advanced features. Some will be load balancing, and we’ll see it how that works through different kind of records. There will be health checks and we’ll also see this in details.
And then there’s routing policy that we’ll see as well in detail, such as simple failover, geolocation, latency weighted and MultiValue. So, last thing you should know is that you are going to pay zero point $50. So fifty cents per month per hosted zone. So, Route 63 is not something that’s free. There’s no free tier. And if you go ahead with this tutorial and buy a domain name, you will also have to pay for that domain name about $12. So, just so you know, if you go along with me in this lecture, then you’ll have to pay a little bit of money. So that’s it. For just the overview, we’ll do a deep dive into many of these advanced features as well. But for now, let’s go ahead, create a domain main name and try out a small record.
- Route 53 Hands On
So let’s go to the Route 53 console. And as we can see here, that’s a scalable DNS. So Route 53 is a global service. It does not require any region selection. And then when you go to Hosted Zones, currently if you’re a new AWS account for you, you’ll see nothing. But for me, I already bought a purchase and domain name and created a Hosted Zone from it. So we see. Stefano cheer. com. So let’s go ahead and say we have nothing in it. What you want to do is to purchase a domain. So for this, you go to Registered Domains and click on Register Domain. And here you’re able to choose a domain name. So say whatever you want as a domain name. Hopefully that’s available and it’s available.
So, okay, $12 per year. So just know that it’s going to be pricey. Then you add to Cart, you say Register for one year. You scroll down. Say continue. Then you put on all your information and you should enable Privacy Protection just to make sure that no one can know what’s your personal details. So you click on Enable here, which is by default. Finally, you check your contact details, you check the terms and conditions and say I agree. And then finally you click on Complete Purchase and it will go ahead and actually do the purchase. Now, I’m not going to do it because I already have a domain name. Then it’ll take about maybe an hour to get ready, and then you can follow me along in this class.
After doing the request, it will be in pending request. And you’ll see it and you can see the status, you’ll receive some emails, and then when you’re all done, it will be under Registered Domain and you’ll see the expiration dates, whether or not there is auto, renew on, et cetera, et cetera. All right, so then you go to Hosted Zone and automatically, because you purchased a domain through Route 53, then Hosted Zone will be created for you. And we can go ahead and click on it and start creating some records. So currently I do have some records created for some of my applications, but don’t worry about it. Right now, you should only have two records. And so what we’ll do is that we’ll create a record set and we’ll create just a random record set.
We’ll call it my first record. And then we’ll say a IPV four address.And I’ll say the value will be eleven 2234, just a very simple DNS record right here. And click on Create. And here we go. It’s been created. And so now basically, if I go on the Internet and look for this URL, my first record Stefanotshir. com, I will be redirected in the back end to this URL eleven 2234, this iPV Four address. Now obviously, because I don’t have any servers at this address or anything like that, it will not work. But you get the idea of how these things work. Now, how do we verify programmatically that the DNS record of this thing actually points to this IP is what I want to show you right now.
So for this, we will go to the command line and if you’re on Windows, it’s called NSLookup and you type the domain name. So my domain name here was my first record Stefanotcher. com. So let’s do it. My first record Stefan the teacher. com. And this will give you something like this on Windows. So it tells you that my first record Stefaniture. com resolves to eleven 2234, which is excellent. And if you’re on Mac and I’ll use this because I’m on Mac and I’m more familiar with the Dig command, you type Dig and then myfirstrecord Stefan theteacher. com and it gives you something similar, just a little bit more information.
So here we see from the answer section that my first record Stefanchu. com is the same, 112-2344. So you’re free to use whatever command you want. If you’re on Windows, NSLook up. If you’re on Mac Linux, use Dig. It’s whatever you want, really. I like dig, so I’ll just follow along with Dig. But you’re free to just use whatever you want. So this is how we check that a DNS record works. Obviously, we haven’t achieved much here, we just created a record point to an IP that we don’t control. So there’s not much going on. But we’ll see in this lecture how we can make things interesting with a Route 53 DNS and some applications running in the background. So see you in the next lecture.
- Route 53 – EC2 Setup
Okay. So I want to set up my infrastructure to have a bunch of EC two instances left and right in different regions so that I can basically have route 53 do some very interesting things with it in the next lectures. So right now it’s just as a setup lecture. So I’ll go and open the EC two console. And right now I’m in Ireland. So I’ll stay in Ireland, I launch an instance. I’ll make it. Amazon Linux two. I’ll select it now you’re getting used to it, I’m sure. T two micro. I configure the instance details. I just want one of them for the user data. I’m going to send some texts. So the text I have is in route Three user data sh. And so let’s have a quick look at what this does. So we install Apache. So this is httpd we know this already. Here we do something really interesting that is quite cool to see.
We get the availability zone of the EC Two instance by querying the metadata service at this IP. So this is the EC Two metadata service, if you don’t know it. At 106 925-416-9254 we create latest metadata. We want to get the EC to instance placement and then Availability Zone. So this gives us the AZ and then we echo Lol from the hostname of the machine in AZ. And then we pass in the Availability Zone. We put this into index HTML and that’s what will be displayed on the instance. So that’s really cool. Let’s go and paste that into the user data. Then we click on add Storage. The storage looks good at Tags. No need review. And then I’ll just create a new security group and I’ll just allow all Ssh and all Http review and Launch Launch.
I’ll just select this key and launch the instance. Okay, we’re doing great. So this is one instance in Ireland, but what I want to do is also do this in other regions. So in North Virginia, us east one I’m going to do the exact same thing. So I’ll launch an instance, select Amazon Linux to configure the instance details, no previous. We’re going to put the user data in done at storage at tags configure security group. And then we have to create a new security group because security group member are region scoped. So we have to recreate the security group we just created. So we’ll just select http It’s quicker, perfect. And click on Review and launch. Launch. And here there’s a key pair I already have, but you can create a new key pair otherwise.
Or you can even proceed without a key pair. We won’t be SSHing into the instances, so it’s fine. So I click on Launch instances and now this instance is launching. And then finally in a region in Asia, maybe I’ll choose Tokyo in Tokyo, in Asia Pacific. What I’m going to do is that I’m going to create another instance. So we have three instances in three very different regions. We have Tokyo, Ireland and North Virginia. So let’s launch an instance, Amazon. The next two needs some details. For advanced details we put the user data, add storage, add tags, configure security group, create a new security group, make it Http, which is great, review and launch, launch. And here I will say that I will proceed without a new key pair and launch the instances.
So now let me wait for all my instances to start and I’ll be right back with you. So next we look at the fact that if we look at a public IP, for example in Ireland, and I click on it, it says hello world from and you’re the host. And then there is Naz EU West One C. So here I know that this instance is EU West One C. What I’m going to do is just copy all these IPS just so I remember the AZ. So I’ll just make a small file right here and I’ll call it IP to AZ and it’s just for me. I will not have this file into the code at the end. It’s just for me to remember what is where. So this instance is in Ireland, which is great. There was one in North Virginia, so I’ll put one in North Virginia. I’ll also take this public IP and say this is US East One.
And then finally there was one in Tokyo. So we’ll go to Tokyo and here we get another IP. And this instance right here, Excellence, is in Tokyo. So it’s northeast one. So AP northeast one excellence. Let’s just check that these two instances also work after the used data, but there is no reason why they wouldn’t. So this one worked. It says hello from Northeast One a. And then finally this one should say hello from US East one A. Okay, perfect. US east. One a. Excellent. So everything is ready. Now the last thing we need to do is to create a load balancer. And so we’ll go back to Ireland. And remember, load balancers are regional, so it’s not something that will change many. We cannot link it to all the East Two instances we created, but we’ll link it to this one in EU West One C.
And you’ll see why a little bit later in this course. So let’s go to Load balancers, which is in the bottom left load balancer and I’ll quickly go ahead and create a new one. So I’ll create a load balancer. It’s going to be an application load balancer. I’ll create it and I’ll name it Demo Route 53. It’s going to be Internet facing and on iPV four it’s going to be listening on port 80. This is perfect. I’ll put it in three AZ just for trying it out and click on next configure Security Groups I will create a new security group because I can’t find the right one, which allows ad on anywhere. Perfect. I’ll configure routing. I’ll create a new target group. I’ll call it Demo route 53 TG for target group and it’s going to link directly to an instance and the protocol is going to be http port 80 and this is great.
Health checks is going to be left as is and I’ll register a target. I’ll add my target to my target group. Excellent. Click on Review. Click on Create. And I’ll just wait for this load balancer to be created. So it will take a little bit of time to get provision, but I’ll just pause until then. And my DNS name is now active. So let me just try it out to see if it works. I’ll copy it, paste it and here we go. I still get my hello world from my instance. So that is perfect. All my setup is done. And now we’re ready to have some fun with Route 53. Just to summarize, we’ve created three easy two instances in three different regions and we’ve created a load balancer in Ireland pointing to one of these easy two instances. Alright, that’s good. I will see you in the next lecture.
- Route 53 – TTL
Okay, so now let’s talk about DNS records. Time to live. So Ttl. So Ttl is basically a way for web browsers and clients to cache the response of a DNS query. And the reason we do this is not to overload the DNS. So we have Route 53, and that’s our DNS for us. And we’re going to make a DNS request from my app, My domain. com. And this what’s going to happen is that the Route 53 will send back the IP 3245-6785, which is an A record because it’s domain to IP. And then on top of it, it’s going to also send back the Ttl. And the Ttl is something we can configure as we’ll see in the hands on. For example, we can set to 300 seconds. And what’s going to happen is that the Web browser will cache that DNS request and the response for the Ttl duration. So as soon as we receive that reply, it’s going to be valid for 300 seconds.
And anytime we request my app dot my domain. com, the Web browser will just look internally in its own case, it will not ask Route 53 again. So then basically after this Gtl happens, and if we have something changing on the Route 53 side, for example, the IP back is now 109 523-4522, then our cache will be updated, but only after the Ttl has expired. And then we will have the chance to have an updated DNS record in our web browser. So what’s good to see here is that as soon as you operate a change on the Route three DNS record, that doesn’t mean necessarily that all the clients will see that change right away. They have to wait for the Ttl to expire before they can see that change. So high Ttl is considered to be something like 24 hours.And what that means is that you get way less traffic on your DNS.
So Route 53 will have less queries because case records are caged for 24 hours. But there is a possible chance of outdated records, especially if you change them on Route 53. Low Ttl, for example, 60 seconds will incur a lot more traffic on your DNS, but also the records will be outdated for less time and it will be very easy to change the records. So Ttl is something you have to make a decision on. It basically based on what your application is and does. And it’s mandatory for each DNS record to specify a Ttl. So let’s have a look at how that works on Route 53. So we’re going to create a new record and I’ll collect Ttl demo, and this is going to be an A record. And the value of it will be pointing, for example, to my instance in Ireland.
So I’ll choose my instance right here. I’ll select the public IP, and this is where I put. So my ttl demo Stefano Tshirt. com is pointing to my IP address in Ireland. Now, let’s look at the Ttl seconds. By default, it’s 300, so five minutes, but let me set it to 120 seconds. So two minutes. I clicked twice on 1 minute to get 120, but you can also enter whatever number you want in there. So here is my ttl. I’ll click on Create, and here we go. We have Ttl Demo, which is right here. So what happens is that if I go to Ttldemo Stefanteacher. com, I get the Hello World back from my instances. EU west one c. Excellent. But if I also get this record and use the Dig command, so I’ll use Dig and then this host name, so I have to remove the Http, so Dig and the host name, you get the response 342-551-2272.
And this number right here, 119. I don’t think you can see it easily on NSLookup, so that’s why I use Dig. But it’s just to show you. This number represents how long this record is cached on my computer. So if I do a Dig again on the same record, as you can see here, it says one to one. So that means that this record, this section, this answer right here, is cached. It’s still cached for 100 seconds. So if I just do it again, 90 seconds left, and so that will expire in 90 seconds. So while we wait for it to expire, let’s change the record to point to US East One. So I’ll select this and I’ll go back to my Route 53 in my Route 53, and I’ll update this record, save the record sets. And so now this points to us. East One.
So if I go and refresh the Ttl demo page, I still see EU West One C. And if I go to my Dig and query the same URL, I still see 90 seconds have expired. So I get a new record, obviously. But after the record was expired, only then did I get a chance to basically see the updated IP. So that’s really, really cool, because now if I go back to my web browser and wait 120 seconds, this will automatically get updated. So let me wait a little bit. And so after a little bit of time, now we can see the Hello World basically was done from the US East One A, and I use the same Ttl demo stiff and the tissue. com. So what we’ve seen through this lecture is that our DNS records, basically through Dig, we can see it very easily.
They’re cached for a specific amount of time on our computer and through the web browser, we saw directly that we only got access to the other easy to instance only after winning the Ttl to Expire. So that was 120 seconds in our case. So it’s really, really good to know, because going into the next lectures, I’ll be playing a bit with the Ttl and setting into different values, and you need to understand why I’m doing it. And I hope that this helps. So remember, low value means more queries to Route 53, so possibly more pricing, more traffic on Route 53. And if you set something like one day that means it’s going be really, really hard for you to change the values and have the changes to be propagated very, very quickly. Alright, that’s it. I hope you enjoyed it and I will see you in the next lecture.