Wednesday, August 14, 2019

What is DNS in AWS?



All computers on the Internet, from your smart phone or laptop to the servers that serve content for massive retail websites, find and communicate with one another by using numbers. These numbers are known as IP addresses. 

When you open a web browser and go to a website, you don't have to remember and enter a long number. Instead, you can enter a domain name like example.com and still end up in the right place.

A DNS service such as Amazon Route 53 is a globally distributed service that translates human readable names like www.example.com into the numeric IP addresses like 192.0.2.1 that computers use to connect to each other. 

The Internet’s DNS system works much like a phone book by managing the mapping between names and numbers. DNS servers translate requests for names into IP addresses, controlling which server an end user will reach when they type a domain name into their web browser. These requests are called queries.


Authoritative DNS: An authoritative DNS service provides an update mechanism that developers use to manage their public DNS names.

It then answers DNS queries, translating domain names into IP address so computers can communicate with each other. Authoritative DNS has the final authority over a domain and is responsible for providing answers to recursive DNS servers with the IP address information. 

Amazon Route 53 is an authoritative DNS system.
Recursive DNS: Clients typically do not make queries directly to authoritative DNS services. Instead, they generally connect to another type of DNS service known a resolver, or a recursive DNS service.

A recursive DNS service acts like a hotel concierge: while it doesn't own any DNS records, it acts as an intermediary who can get the DNS information on your behalf.
If a recursive DNS has the DNS reference cached, or stored for a period of time, then it answers the DNS query by providing the source or IP information. If not, it passes the query to one or more authoritative DNS servers to find the information.



The following diagram gives an overview of how recursive and authoritative DNS services work together to route an end user to your website or application.




1.    A user opens a web browser, enters www.example.com in the address bar, and presses Enter.
2.    The request for www.example.com is routed to a DNS resolver, which is typically managed by the user's Internet service provider (ISP), such as a cable Internet provider, a DSL broadband provider, or a corporate network.

3.    The DNS resolver for the ISP forwards the request for www.example.com to a DNS root name server.

4.    The DNS resolver for the ISP forwards the request for www.example.com again, this time to one of the TLD name servers for .com domains. The name server for .com domains responds to the request with the names of the four Amazon Route 53 name servers that are associated with the example.com domain.

5.    The DNS resolver for the ISP chooses an Amazon Route 53 name server and forwards the request for www.example.com to that name server.

6.    The Amazon Route 53 name server looks in the example.com hosted zone for the www.example.com record, gets the associated value, such as the IP address for a web server, 192.0.2.44, and returns the IP address to the DNS resolver.

7.    The DNS resolver for the ISP finally has the IP address that the user needs. The resolver returns that value to the web browser. The DNS resolver also caches (stores) the IP address for example.com for an amount of time that you specify so that it can respond more quickly the next time someone browses to example.com. For more information, see time to live (TTL).

8.    The web browser sends a request for www.example.com to the IP address that it got from the DNS resolver. This is where your content is, for example, a web server running on an Amazon EC2 instance or an Amazon S3 bucket that's configured as a website endpoint.


9.    The web server or other resource at 192.0.2.44 returns the web page for www.example.com to the web browser, and the web browser displays the page.

Top Level Domains

  • Domains are seperated by a string of characters seperated by dots. For example, google.com, gmail.com, etc.
  • The last word in a domain name is known as a Top Level Domain.
  • The second word in a domain name is known as a second level domain name.

For example:

.com: .com is a top-level domain.
.edu: .edu is a top-level domain.
.gov: .gov is a top-level domain.

.co.uk: .uk is a top-level domain name while .co is a second level domain name.
.gov.uk: .uk is a top-level domain name while .gov is a second level domain name.
  • The Top level domain names are controlled by IANA (Internet Assigned Numbers Authority).
  • IANA is a root zone database of all available top-level domains.
  • You can view the database by visiting the site: http://www.iana.org/domains/root/db

Domain Registrars

  • Domain Registrar is an authority that assigns the domain names directly under one or more top-level domains.
  • Domain Registrar is used because all the names in a domain name must be unique there needs to be a way to organize these domain names so that they do not get duplicated.
  • Domain names are registered with interNIC, a service of ICANN, which enforces uniqueness of domain name across the internet.
  • Each domain name is registered in a central database known as the WhoIS database.
  • The popular domain registrars include GoDaddy.com, 123-reg.co.uk, etc.

State Of Authority Record (SOA)

  • SOA stores the information in Domain Name System (zone) about the zone and other DNS records.
    Where DNS zone is a space allocated for a particular type of server.
  • Each DNS zone consists of a single SOA record.

The State of Authority Record stores the information about:

  • The name of the server that supplies the data for the zone.
  • The administrator of the zone, i.e., who is administering the zone.
  • The current version of the data file that contains the zone.
  • The default number of records for the time-to-live file on resource records. For example, when you are dealing with a DNS, then it always has a time-to-live. Time-to-live must be lower as possible because when you make changes, it then propagates quicker. Suppose the name of the website is Hindi100.com and its time-to-live is 60 seconds. By the end, you want to change its IP address then the time taken to achieve this is equal to the time-to-live.
  • The number of seconds a secondary name server has to wait before checking for the updates.
  • The maximum number of seconds that a secondary name server can use the data before it is either be refreshed or expire.

NS Records

  • NS stands for Name Server records.
  • NS Records are used by Top Level Domain Servers to direct traffic to the Content DNS server which contains the authoritative DNS records.

Let's understand through a simple example.

What is DNS
Suppose the user wants an IP address of hindi100.com. If ISP does not know the IP address of hindi100.com, ISP goes to the .com and asks for the NS Record. It finds that time-to-live is 172800 and its ns record is ns.awsdns.com. ISP moves to this ns record and asks that "do you know hindi100.com". Yes, it knows, so it points to Route53. In SOA, we have all the DNS types and 'A' records.

A Records

  • An 'A' record is a fundamental type of DNS record.
  • 'A' stands for Address.
  • An 'A' record is used by the computer to convert the domain name into an IP address. For example, https://www.javatpoint.com might point to http://123.10.10.80.

TTL

  • The length that a DNS record is cached on either the Resolving power or the users owns local PC is equal to the value of the TTL in seconds.
  • The lower the time-to-live, the faster changes to DNS records take to propagate throughout the internet.

CNAMES

  • A CNAME can be used to resolve one domain name to another. For example, you may have a mobile website with a domain name http://m.devices.com which is used when users browse to your domain name on their mobile devices. You may also want the name http://mobile.devices.com to resolve the same address.

Alias Records

  • Alias Records are used to map resource record sets in your hosted zone to Elastic load balancers, CloudFront distributions, or S3 buckets that are configured as websites.
  • Alias records work like a CNAME record in that you can map one DNS name (http://www.example.com) to another target DNS name (elb1234.elb.amazonaws.com).
  • The key difference between a CNAME and Alias Record is that a CNAME cannot be used for naked domain names (zone apex) record, i.e., it cannot be used when something is written infront of the domain name. For example, http://www.example.com contains a www infront of the domain name, therefore, it cannot be used for CNAME.

No comments:

Post a Comment

Lab 09: Publish and subscribe to Event Grid events

  Microsoft Azure user interface Given the dynamic nature of Microsoft cloud tools, you might experience Azure UI changes that occur after t...