I have an API which is deployed on GCP (GKE+External LB) and AWS (EKS + ELB). The DNS resolution is via Route 53.
Can Route 53 split the incoming traffic in way where are READ operations (GET) go to GCP and all writes (PUT/POST etc) goes to AWS.
Basically something like :
read.domain.com going to an external ipv4 address on gcp
write.domain.com going to AWS ELB
Thanks.
You can set up read.domain.com to resolve to GCP IPs by just setting up A-records for that. You can use Alias records for write.domain.com to point to your ELB.
What you can't do is DNS routing based on the HTTPS method (PUT/POST/GET/...), that's another layer of the network stack, DNS has no concept of that.
DNS basically does Layer 3 resolution (IP-Addresses) and HTTP is a Layer 5 protocol.
Related
Background: My division of bigcorp.com was sold off and now we are lilcorp.com. We have a fleet of appliances deployed that will be looking for software updates on https://updates.bigcorp.com/, but since we no longer control bigcorp.com, we need to update our appliances to check https://updates.lilcorp.com. bigcorp has given us a cert for updates.bigcorp.com and has a DNS CNAME in place that forwards traffic for updates.bigcorp.com to server.lilcorp.com.
I'm trying to config things like this:
HTTPS HTTPS
Appliance -----------> ELB -----------> CloudFront ----------> S3
Cert for Cert for
updates. updates.
bigcorp. lilcorp.
com com
I've got the following DNS records in place:
updates.bigcorp.com CNAME to server.lilcorp.com
server.lilcorp.com CNAME to ELB
updates.lilcorp.com CNAME to CloudFront.net address
CloudFront is configured to use an S3 bucket as its origin.
Status: Things work if I hit CloudFront directly, but that doesn't help since the appliances are hitting the updates.bigcorp.com address.
Questions:
Can an ELB forward to a CloudFront deployment? I'm not seeing how to make it a "target".
Do I need to put a web server in the middle of this to handle the redirect/forward?
Thanks in advance.
Can an ELB forward to a CloudFront deployment? I'm not seeing how to make it a "target".
No it cannot. The target (for ALB) can be only an private IP address, lambda and instance id.
Do I need to put a web server in the middle of this to handle the redirect/forward?
Yes, you would need some kind of proxy. With ALB, you could use lambda function. So ALB would invoke a lambda function, and the function would query external CloudFront distro and return the results.
I was wondering if there is any provision or service provided by aws to check the traffic flowing to the URL.
MY domain is hosted by Hostgater and mapped to ELB with route 53 using a alias name.
I know dig will give me an similar result.
But i was wondering if AWS has service that something similar to like this.
You can get request tracing enabled on your ELB https://docs.aws.amazon.com/elasticloadbalancing/latest/application/load-balancer-request-tracing.html
I am new to AWS Route53 and trying to brush up some of the basics. I have a question that might sound silly.
Lets say i have a public load balancer created with its DNS (AWS auto generated). Now i went ahead and got my corporate company to create a CName for the actual ELB A record, so say that CNAME is www.my-website.com.
Now when users start browsing www.my-website.com, their router DNS directly know where this public www.my-website.com is hosted and then once the DNS resolution happens, the request is directly forwarded to my ELB that has that CName to it.
Now all this is good but i would also like to play with Route53 here, so i go ahead and use Route53 to create a hosted zone and add my domain www.my-website.com under it and then create a record set with alias pointing to my actual ELB followed by rest of the configuration.
Now when someone hits www.my-website.com on their browser will the request directly go to the ELB or go to Route53 that will then route it to that ELB?
A summary of what these services provides is below:
Route 53 is a DNS Provider provided as a service by AWS. The functionality you're describing using is to store your DNS records within it for resolution.
An ELB is an appliance to distribute traffic across multiple nodes.
With your records in Route 53 the below journey takes place:
When a client in the browser attempts to go to www.example.com it will first check in its internal cache for any previously stored values for the domain, if theres a value it will be evaluated against a TTL to see if it has been expired.
If no value or expired the client will connect to the root domain, then the top level domain continuing until it finds the DNS provider for your domain (. -> .com. -> example.com..
Once it finds this DNS provider it will query for your domain, if it matches it will return the resolution value and the TTL.
If the value is that of a CNAME (such as an ELB) this process will begin again to resolves the IP address(es) for your hostname. This IP address will be cached by your local client.
If you're using Route 53 and an ELB one advantage would be to use Alias records they actually set your domain record to the IP address which improves the speed of DNS resolution.
So in summary Route 53 is only contacted if the client does not know the resolution value for your domain.
I have a domain name that I registered with a site called DotEasy. I am building a web app that I am going to host on AWS and I would like to use AWS Route 53 for my DNS. Ideally I'd like to use Route 53 as the registrar as well, but I'm not sure if that's possible and I've also heard it can take ~3 months for domain registrars to switch over.
Either way, I'm trying to set up Route 53 so that when users go to myapp.example.com they get routed to a specific EC2 instance of mine.
So I go into Route 53 and clicked Create Hosted Zone and Route 53 created two DNS records for me:
A NS (Name Server) record that has 4 different values, all of the form ns-<X>.awsdns-<Y>.<TLD>, where <TLD> is .com, .net, .co.uk, etc.; and
A single SOA (Start of Authority) record
I'm pretty green when it comes to DNS setup, I'm hoping I can just log into DotEasy's admin panel and update myapp.example.com's DNS settings to point to one of these records, but I'm not sure which ones I need to use. DotEasy's UI has fields that allow me to enter/change a primary, secondary, third and fourth DNS server hostname.
So I have two issues here:
Configuring Route 53 to route traffic over port 9200 to a specific EC2 instance (ultimately this will be an ECS custer or ELB load-balanced URL but for now its just a single EC2). I assume I need to write my own Zone file or perhaps Route 53 can create one for me?; and
Configuring DotEasy and/or Route 53 so that requests to https://myapp.example.com:9200 get forwarded to whatever resource/mapping was created above in Step 1
Any ideas how I can accomplish this?
DNS and HTTP are different protocols.
After you create an ELB attach your instances and within your DNS provider just create a CNAME pointing to the public address of your ELB, for example:
myapp IN CNAME elb-nme.us-west-2.elb.amazonaws.com
To respond request on port 9200, you need to configure the ELB for doing this, but this has nothing to do with the DNS.
Our Company local network is connected to a AWS VPC in VPN - see schema below :
view architecture here
Now, we want to configure DNS servers in order to use host name instead of Ip all over the network.
What is the best solution ?
Let Route53 handle DNS for the entire network (even the local one)
Have a DNS server on our local network, and Route53 on Amazon VPC. And if so, how to perform synchronization/replication between local DNS server and Route53 ?
Another solution :)
Thanks !
And have a nice day !
The problem with Route 53 is that it doesn't play with other DNS servers. It is a completely self contained solution. This means that if you used Route 53 your internal servers could only look up through the VNet into Route 53, you couldn't have a secondary Nameserver onsite that took a zone transfer from Route 53 (they don't support them)
You could potentially have caching nameservers internally, and have long expirely times on your host records, so if there was any problem the records wouldn't go stale but this brings its own set of problems.
This leaves you with a couple of solutions.
Use your internal network entirely, set up your internal name servers, internal.example.com and have a secondary name server located inside your Vnet that AWS clients can refer to. This way if there is a problem with the link, both sides still have working DNS.
Alternatively, you could configure internal.example.com in the same way, but then have aws.example.com running on Route 53. (or on a standalone server)
If Route 53 supported Zone Transfers and secondary servers it would be largely irrelevant what you went with but because they don't any solution you build is going to mean rolling some sort of glue to sit in between everything. This is invariably a Very Bad Thing™
We have the same architecture, network wise, and have not found a reasonable way to unify both networks' DNS data into one set of DNS servers.
Here is what works for us.
Assuming you want to use a corporate domain such as example.com, you can get a unified naming scheme where all hosts are under the example.com domain. This is done via Zone Delegation. In this document it states:
Domain Name System (DNS) provides the option of dividing up the
namespace into one or more zones, which can then be stored,
distributed, and replicated to other DNS servers. When you are
deciding whether to divide your DNS namespace to make additional
zones, consider the following reasons to use additional zones:
So in your case:
Use company network DNS for servers/devices on the local network. server1.example.com resolves to the IP# for the local network.
Delegate a subdomain such as 'corp' or 'cloud' to Route 53 for all hosts on AWS. Also known as a subzone, this gives full DNS responsibility to another name server. An instance in EC2 would be referenced as server1.cloud.example.com
This gives you a logical naming scheme, with IP resolution for all hosts on the network.
See Creating a Subdomain That Uses Amazon Route 53 as the DNS Service without Migrating the Parent Domain
There are some 3rd party solutions that add features onto Route 53, easyRoute53, and Route53d. Route53d claims for offer some sup[port for zone transfers (IXFR only).