DNS Concepts

Documented by : Kishor
Route 53 & DNS
What is DNS ?
If you have used the internet, you have used DNS. DNS is used to
convert human friendly names (such as http://www.amazon.com) into
an Internet protocol (IP) address (i.e http://89.125.54.1)
IP addresses are used by computers to identify each other on the
network. IP address commonly comes in 2 different forms, IPv4 and
IPv6.

Documented by : Kishor
IPv4 vs IPv6
The IPv4 space is a 32 bit field and has over 4 billion different addresses
(4,294,967,296 to be precise).

IPv6 was created to solve this depletion issue and has an address space
of 128 bits which in theory is
340,282,366,920,938,463,463,374,607,431,768,211,456 addresses
Or 340 undecillion addresses.

Documented by : Kishor
Top level domains
• .com… top level doamin
• .edu
• .gov
• .co.uk
• .gov.uk….. Second level domain.
• .com.au

Documented by : Kishor
Top level domains
These top level domain names are controlled by the internet assigned
numbers authority (IANA) in a root zone database which is essentially a
database of all available top level domains. You can view this database
by visiting-

http://www.iana.org/domains/root/db

Documented by : Kishor
Domain Registrars
Because all of the names in a given domain name have to be unique
there needs to be a way to organize this all so that domain names are
not duplicated. This is where domain registrars come in. A registrar is
an authority that can assign domain names directly under one or more
top-level domains. These domains are registered with InterNIC, a
service of ICANN, which enforces uniqueness of domain names across
the internet. Each domain name becomes registered in a central
database known as the WhoIS database.

Popular domain registrars include GoDaddy.com, 123-reg.co.uk etc.

Documented by : Kishor
SOA record : Start of Authority ( Good to
know)- default record for Route53
The SOA record stores information about :
• The name of the server that supplied the data for the zone.
• The administrator of the zone.
• The current version of the data file.
• The number of seconds a secondary name server should wait before
checking of updates.
• The number of seconds a secondary name server should wait before trying
a failed zone transfer.
• The maximum number of seconds that a secondary name server can use
data before it must either be refreshed or expire.
• The default number of seconds for the time-to-live file on resource records.

Documented by : Kishor
NS Records : name server (default records in
Route53)
Used by top level domain servers to direct traffic to the content DNS
server which contains the authoritative DNS records.

Documented by : Kishor
A Records
An “A” record is the fundamental type of DNS record and the “A” in A
record stands for “Address”. The A record is used by a computer to
translate the name of the domain to the IP address. For Example
http://www.tech4target.com might point to http://124.24.34.80.

ELB uses DNS name instead IP address

Documented by : Kishor
TTL ( most TTL sets for two days)
The length that a DNS record is cached on either the resolving server or
the users own local PC is equal to the value of the “Time to Live” (TTL)
in seconds The lower the time to live, the faster changes to DNS
records take to propagate throughout the internet.

For DNS migration lower the TTL say 300 seconds or 5 mins.

Documented by : Kishor
CNAMES
A canonical name (Cname) can be used to resolve one domain name to
another. For example, you may have a mobile website with the domain
name http://m.tech4target.com that is used for when users browse to
your domain name on their mobile devices. You may also want the
name http://mobile.tech4target.com to resolve to this same address.

Documented by : Kishor
Alias Records
Alias records are used to map resource record sets in your hosted zone to
ELB, Cloudfront distributions or S3 buckets that are configured as websites.

Alias records work like a CNAME record in that you can map one DNS name
(www.example.com) to another ‘target’ DNS name
(elb1234.elb.amazonaws.com).

Key difference – A CNAME cann’t be used for naked domain names (Zone
apex record). You cann’t have a CNAME for http://tech4target.com, it must
be either an A record or an Alias.

Documented by : Kishor
Alias Records
Alias resource record sets can save you time because Amazon Route 53
automatically recognizes changes in the record sets that the alias
resource record set refers to.
For example, suppose an alias resource record set for example.com
points to an ELB load balancer at lb1-1234.us-east-
1.elb.amazonaws.com. If the IP address of the load balancer changes,
Amazon Route 53 will automatically reflect those changes in DNS
answers for example.com without any changes to the hosted zone that
contains resource record sets for example.com

Documented by : Kishor
DNS Lab : ELB LB
• Create two EC2 instances in same region. Enable web services and put
it behind ELB. To see if load is getting balanced between these two
EC2 instances in web layer.
• Create another EC2 instances in another region and create another
ELB in same region for Route 53

Documented by : Kishor
Route53 Routing Policies
• Simple
• Weighted
• Latency
• Failover
• Geolocation

Documented by : Kishor
Simple
• This is the default routing policy when you create a new record set.
This is most commonly used when you have a single resource that
performs a given function for your domain, for example, one web
server that serves content for http://tech4target.com website.

Documented by : Kishor
Simple routing

Documented by : Kishor
Weighted routing policies

Documented by : Kishor
Latency based routing
Latency based routing allows you to route your traffic based on the
lowest network latency for your end user (i.e. which regions will give
them the fastest response time).
To use latency-based routing you create a latency resource record set
of the Amazon EC2 (or ELB) resource in each region that hosts your
website. When Amazon Route53 receives a query for your site, it
selects the latency resource record set for the region that gives the
user the lowest latency. Route 53 then responds within the value
associated with that resource record set.

Documented by : Kishor
Latency based routing

Documented by : Kishor
Failover
Failover routing policies are used when you want to create an
active/passive set up
For example you may want your primary site to be in EU-WEST-2 and
your secondary DR site in AP-SOUTHEAST-e.
Route53 will monitor the health of your primary site using a health
check.
A health check monitors the health of your end points.

Documented by : Kishor
Failover

Documented by : Kishor
Failover

Documented by : Kishor
Geolocation
Geolocation routing lets you choose where your traffic will be sent
based on the geographic location of your users(i.e. the location from
which DNS queries originate). For example, you might want all queries
from Europe to be routed to a fleet of EC2 instances that are
specifically configured for your European customers. These servers may
have the local language of your European customers and all prices are
displayed in Euros.

Documented by : Kishor
Geolocation

Documented by : Kishor
DNS Exam Tips
ELB’s don’t have pre-defined IPv4 addresses, you resolve to them using
a DNS name.
Understand the difference between an Alias record (free) and a CNAME
(chargable).
Given the choice, always choose an Alias Record over a CNAME.

Documented by : Kishor
What is Devops ?
The Amazon devops story
New developer tools for everyone
• AWS CodeDeploy
• AWS CodePipeline
• AWS CodeCommit
Made its own DevOps transformation

Documented by : Kishor
CodeDeploy
CodeDeploy is a deployment service that automates application deployments to
Amazon EC2 instances, on-premises instances, serverless Lambda functions, or
Amazon ECS services.
• You can deploy a nearly unlimited variety of application content, including:
• code
• serverless AWS Lambda functions
• web and configuration files
• executables
• packages
• scripts
• multimedia files
CodeDeploy can deploy application content that runs on a server and is
stored in Amazon S3 buckets, GitHub repositories, or Bitbucket repositories.
CodeDeploy can also deploy a serverless Lambda function. You do not need
to make changes to your existing code before you can use CodeDeploy.

Documented by : Kishor
CodeDeploy`
• CodeDeploy works with various systems for configuration
management, source control, continuous integration, continuous
delivery, and continuous deployment. For more information, see
Product Integrations.

• The CodeDeploy console also provides a way to quickly search for

your resources, such as repositories, build projects, deployment
applications, and pipelines. Choose Go to resource or press the / key,
and then type the name of the resource. Any matches appear in the
list. Searches are case insensitive. You only see resources that you
have permissions to view.

Documented by : Kishor
Documented by : Kishor
CodePipeline ?
• AWS CodePipeline is a continuous delivery service you can use to
model, visualize, and automate the steps required to release your
software. You can quickly model and configure the different stages of
a software release process. CodePipeline automates the steps
required to release your software changes continuously.

Documented by : Kishor
What Can I Do with CodePipeline?
You can use CodePipeline to help you automatically build, test, and deploy your applications in the cloud. Specifically, you can:
• Automate your release processes: CodePipeline fully automates your release process from end to end, starting from your source
repository through build, test, and deployment. You can prevent changes from moving through a pipeline by including a manual
approval action in any stage except a Source stage. You can release when you want, in the way you want, on the systems of your
choice, across one instance or multiple instances.
• Establish a consistent release process: Define a consistent set of steps for every code change. CodePipeline runs each stage of
your release according to your criteria.
• Speed up delivery while improving quality: You can automate your release process to allow your developers to test and release
code incrementally and speed up the release of new features to your customers.
• Use your favorite tools: You can incorporate your existing source, build, and deployment tools into your pipeline. For a full list of
AWS services and third-party tools currently supported by CodePipeline, see Product and Service Integrations with CodePipeline.
• View progress at a glance: You can review real-time status of your pipelines, check the details of any alerts, retry failed actions,
view details about the source revisions used in the latest pipeline execution in each stage, and manually rerun any pipeline.
• View pipeline history details: You can view details about executions of a pipeline, including start and end times, run duration, and
execution IDs.

Documented by : Kishor
The following diagram shows an example
release process using CodePipeline.
The following diagram shows an example release process using CodePipeline.

Documented by : Kishor
What Is AWS CodeCommit?

• AWS CodeCommit is a version control service hosted by Amazon Web Services that you can use to
privately store and manage assets (such as documents, source code, and binary files) in the cloud.
Note
• CodeCommit is in scope with many compliance programs. For details about AWS and compliance
efforts, see AWS Services In Scope by Compliance Program.
• This is a HIPAA Eligible Service. For more information about AWS, U.S. Health Insurance Portability
and Accountability Act of 1996 (HIPAA), and using AWS services to process, store, and transmit
protected health information (PHI), see HIPAA Overview.
• For information about this service and ISO 27001, a security management standard that specifies
security management best practices, see ISO 27001 Overview.
• For information about this service and the Payment Card Industry Data Security Standard (PCI
DSS), see PCI DSS Overview.
• For information about this service and the Federal Information Processing Standard (FIPS)
Publication 140-2 US government standard that specifies the security requirements for
cryptographic modules that protect sensitive information, see Federal Information Processing
Standard (FIPS) 140-2 Overview and Git Connection Endpoints.

Documented by : Kishor
Introducing CodeCommit
CodeCommit is a secure, highly scalable, managed source control service that hosts private Git repositories. CodeCommit eliminates the need for you to
manage your own source control system or worry about scaling its infrastructure. You can use CodeCommit to store anything from code to binaries. It
supports the standard functionality of Git, so it works seamlessly with your existing Git-based tools.
With CodeCommit, you can:
• Benefit from a fully managed service hosted by AWS. CodeCommit provides high service availability and durability and eliminates the administrative
overhead of managing your own hardware and software. There is no hardware to provision and scale and no server software to install, configure, and
update.
• Store your code securely. CodeCommit repositories are encrypted at rest as well as in transit.
• Work collaboratively on code. CodeCommit repositories support pull requests, where users can review and comment on each other's code changes
before merging them to branches; notifications that automatically send emails to users about pull requests and comments; and more.
• Easily scale your version control projects. CodeCommit repositories can scale up to meet your development needs. The service can handle
repositories with large numbers of files or branches, large file sizes, and lengthy revision histories.
• Store anything, anytime. CodeCommit has no limit on the size of your repositories or on the file types you can store.
• Integrate with other AWS and third-party services. CodeCommit keeps your repositories close to your other production resources in the AWS Cloud,
which helps increase the speed and frequency of your development lifecycle. It is integrated with IAM and can be used with other AWS services and in
parallel with other repositories. For more information, see Product and Service Integrations with AWS CodeCommit.
• Easily migrate files from other remote repositories. You can migrate to CodeCommit from any Git-based repository.
• Use the Git tools you already know. CodeCommit supports Git commands as well as its own AWS CLI commands and APIs.

Documented by : Kishor
How Does CodeCommit Work?

• CodeCommit is familiar to users of Git-based repositories, but even

those unfamiliar should find the transition to CodeCommit relatively
simple. CodeCommit provides a console for the easy creation of
repositories and the listing of existing repositories and branches. In a
few simple steps, users can find information about a repository and
clone it to their computer, creating a local repo where they can make
changes and then push them to the CodeCommit repository. Users
can work from the command line on their local machines or use a
GUI-based editor.

Documented by : Kishor
Documented by : Kishor