We currently have an on-site DNS server which manages what users can and can't access.
We would like to move this to Google Cloud, would this be possible? Or is Google Cloud DNS just for your own domain rather than a DNS server monitoring DNS requests and managing traffic?
Thanks
Google Cloud DNS doesn't provide any DNS-based blocking / filtering like SafeDNS, OpenDNS or similar solutions.
Have a look at the documentation Google Cloud DNS:
Google Cloud DNS is a scalable, reliable, and managed authoritative
Domain Name System (DNS) service running on the same infrastructure as
Google. It has low latency, high availability and is a cost-effective
way to make your applications and services available to your users.
Cloud DNS translates requests for domain names like www.google.com
into IP addresses like 74.125.29.101. Cloud DNS is programmable. You
can easily publish and manage millions of DNS zones and records using
our simple user interface, command-line interface or API.
Related
Does changing the network service tier for a project in Google Cloud change or otherwise interrupt existing, running network services such as load balancers and compute engine VMs or does it only apply to new things?
Documentation suggests the latter, but we don't want to mess with this setting without getting a definitive answer.
Does changing the network service tier for a project in Google Cloud
change or otherwise interrupt existing, running network services such
as load balancers and compute engine VMs?
Existing services will not be interrupted.
The network service tier affects how traffic is routed from the client into the Google Cloud Network. Premium Tier means that clients will connect to the closest entry point (POP) into Google's network.
This does not directly affect services but does affect routing and latency of traffic to services. I am not aware of any direct impact on your services in the cloud except for the pricing of network traffic.
If Premium Tier is not enabled some features are not available such as global IP addresses.
Always configure Premium Tier. There are no solid technical reasons to select Standard Tier.
I'm not sure if this is the right place to ask this. If it's not, kindly refer me to the most appropriate place.
I need to have customized domain names for my clients but only one instance of the web app. Is this possible? How do you I go about this?
The answer may simply be yes. But it's not up to AWS, but rather the DNS for the domains you plan to use. All the application running on the AWS IP address has to do is not reject the domain names given to the web server stack in its configuration.
You can create as many domain names as you like to point to a single IP address using AWS route 53 hosted zones. You can create multiple A record in route 53 or you can utilise alias records.
Amazon Route 53 is a highly available and scalable cloud Domain Name
System (DNS) web service. It is designed to give developers and
businesses an extremely reliable and cost effective way to route end
users to Internet applications by translating names like
www.example.com into the numeric IP addresses like 192.0.2.1 that
computers use to connect to each other. Amazon Route 53 is fully
compliant with IPv6 as well.
Amazon Route 53 effectively connects user requests to infrastructure
running in AWS – such as Amazon EC2 instances, Elastic Load Balancing
load balancers, or Amazon S3 buckets – and can also be used to route
users to infrastructure outside of AWS. You can use Amazon Route 53 to
configure DNS health checks to route traffic to healthy endpoints or
to independently monitor the health of your application and its
endpoints. Amazon Route 53 Traffic Flow makes it easy for you to
manage traffic globally through a variety of routing types, including
Latency Based Routing, Geo DNS, Geoproximity, and Weighted Round
Robin—all of which can be combined with DNS Failover in order to
enable a variety of low-latency, fault-tolerant architectures. Using
Amazon Route 53 Traffic Flow’s simple visual editor, you can easily
manage how your end-users are routed to your application’s
endpoints—whether in a single AWS region or distributed around the
globe. Amazon Route 53 also offers Domain Name Registration – you can
purchase and manage domain names such as example.com and Amazon Route
53 will automatically configure DNS settings for your domains.
I would like to monitor all outgoing DNS queries originating from resources within my VPC. For example, i would like to log all DNS queries originating from a specific EC2 instance. Is this possible?
I have looked into Route53 (early beginner to AWS), and from what i understand - using this i can only monitor my private domains, for incoming queries. Is it possible to monitor outgoing queries?
As far as I know, AWS doesn't have this as a feature right now. One solution that I've worked with before is having dnsmasq (a lightweight DNS cache/proxy) installed on every instance, configuring the machine to forward requests to dnsmasq first, and then consolidating your machines' dnsmasq logs in one place.
Currently there isn't any way.
.2 VPC DNS server queries don't log into VPC flow logs so you can't see there anything.
From AWS annoucement on 27th of August, 2020
https://aws.amazon.com/blogs/aws/log-your-vpc-dns-queries-with-route-53-resolver-query-logs/
"The Amazon Route 53 team has just launched a new feature called Route 53 Resolver Query Logs, which will let you log all DNS queries made by resources within your Amazon Virtual Private Cloud (VPC). Whether it’s an Amazon Elastic Compute Cloud (Amazon EC2) instance, an AWS Lambda function, or a container, if it lives in your Virtual Private Cloud and makes a DNS query, then this feature will log it; you are then able to explore and better understand how your applications are operating."
Therefore, if you use AmazonProvidedDNS (Amazon Route 53 Resolver) for DNS, then now you can use above option. The log contains a "srcaddr" field to find the source (e.g. EC2) of DNS lookup.
I am new to the Cloud Hybrid Model and planning to use the public cloud only when the on premise doesn't have the capacity to handle the traffic.
1) How to handle the traffic to be served from AWS public cloud? Data would be present in on premise, only the application load has to be shared between on premise and public cloud.
2) If ans for question 1 is possible, how to load balance the trafic between on premise and public cloud?
3) How the DNS is managed, on premise DNS or rout353?
1) How to handle the traffic to be served from AWS public cloud? Data
would be present in on premise, only the application load has to be
shared between on premise and public cloud.
You are misunderstanding what Hybrid Cloud is. If your data is in your datacenter and is served from your datacenter, then you are on-prem. In your scenario, you would need to route the Internet traffic thru AWS to on-prem which increases cost and latency. AWS, in this case, is just an expensive data pipe. This example could increase fault-tolerance if on-prem public Internet fails and you have the correct router setup for failover.
For public hybrid cloud, you locate your data and services both in cloud and on-prem. Then you can load balance, failover, etc.
For private hybrid cloud, you are combining cloud resources with your datacenter resources for consumption either in cloud or on-prem or both at the same time. You can combine private hybrid cloud with public hybrid cloud.
The answer to #2 and #3 depends on what you have deployed on-prem and in the cloud and how traffic needs to be routed, isolated and protected.
In a typical environment, you would implement redundant routers with multiple connections to the Internet and to your cloud provider. These connections provide fault tolerance and routing. There are many options for setting up DNS which depends on the details of the implementation. You can combine Route 53 with on-prem DNS with DNS forwarders.
I have worked with several godaddy domains in the past. But, for the new project infrastructure I wish to setup, I am planning on registering domain names from the new Amazon's Route 53 - Domain Registration.
My question is do I also need to pay for their DNS Service?
In the past I used to configure hosted zones (CNAME records) from the GoDaddy Console, but never payed anything extra.
How will relying on Amazon effect me in terms of cost and maintenance?
Update: Alright, looks like Amazon doesn't charge for DNS queries routed to their own internal services. Refer here: Route 53 Docs - DNS Service
If somebody is using Amazon Route 53 - Domain Name and their DNS, please let me know if/how you got charged for using their DNS Service.
From the documentation, notice the final step listed in registering a domain, when you want to use an external DNS hosting provider:
(Optional) Delete the hosted zone that Amazon Route 53 created automatically when you registered your domain. This prevents you from being charged for a hosted zone that you aren't using. (emphasis added)
http://docs.aws.amazon.com/Route53/latest/DeveloperGuide/domain-register.html
Regarding other providers' pricing practices:
In the past I used to configure hosted zones (CNAME records) from the GoDaddy Console, but never payed anything extra.
That's fine, but you're looking at this situation upside-down. The two services -- domain registration and DNS hosting -- are separate services, but GoDaddy and many other registrars don't give you an option not to pay for DNS hosting, even if you don't use it -- it's built into their domain registration pricing. AWS tends to unbundle service components so that you only pay for the components you use.
If you are hosting services in AWS, using S3, CloudFront, or Elastic Load Balancer, you will find that Route 53's DNS hosting is the preferable option, because of the way resource records work at the apex of a domain due to the design of DNS itself. Route 53 is integrated with the other services to allow failover and redundant DNS configuration in a way that can't be accomplished with most external DNS providers.
Yes, you can use third party DNS service with domains registered in Route53 (you just have to add appropriate Name Servers)
About the pricing, it is all explained in detail here. Keep in mind that although queries to Alias records that are mapped to Elastic Load Balancers, Amazon CloudFront distributions, AWS Elastic Beanstalk environments, and Amazon S3 website buckets are free, that does bot apply to other AWS resources, including Amazon EC2 instances and Amazon RDS databases.
Also you will be charged fixed monthly amount for each hosted zone.