Amazon AWS Certified Developer Associate – Route53 & DNS

  • By
  • June 2, 2023
0 Comment

1. DNS 101

So what is DNS? Well, if you’ve used the Internet before you’ve used DNS, the easiest way to think of DNS is basically it’s like a phone book. So if you want to go and find someone, if you want to go find Joe Smith, you would go and look up Jay Smith in the phone book and that would give you their telephone number. Likewise, if you want to go to a cloud guru, essentially what’s happening is you’re doing a DNS search for the IP address of a cloud dot guru.

So DNS is used to convert human friendly domain names such as a cloud guru into an IP address. Now, IP addresses obviously are used by computers to identify each other all over the world. And there’s two different types of IP addresses. There’s IP four and IP six. So IP four is basically the old school IP address. It’s been around as long as the Internet, and essentially it’s a 32 bit field and has around 4 billion different addresses.

Now, these 4 billion different addresses worked really well for a long period of time, but the problem was scaling. And essentially every time you added a new device onto the Internet, it needed its own IP Four address in order to be publicly accessible. And as we become more and more connected and we have IoT and we have all these different devices that are suddenly coming online, we are starting to run out of IP Four addresses. So IP Six was then created to just solve this sort of depletion issue. And it has an address space of 128 bits, as opposed to the 32 bit address space of IP Four.

And in theory, that’s 340 undisciplined addresses that are available. Now, the big issue right now is that everyone’s still using IP Four. And this is really driven by ISPs. Essentially they should be trying to make their end users to turn onto IP Six, but that hasn’t really actually happened yet. Now IPV Six has been supported on Route 53, which is Amazon’s DNS service, for quite some time, but they haven’t actually provided any back end support.

So VPCs were not IPV Six compatible, and you couldn’t use IPV Six with EC two instances, you couldn’t even use IPV Six with your security group. So there was no way of allowing an IPV Six address range in. That has all changed as of around, I think it was the 1 December 2016. So now BPCs are IP Six compatible, so you can use IPV Six address ranges with AWS now.

Okay, so moving on to domain names. So we have a thing called a top level domain name. And if we look at common domain names such as Google. com or BBC, Co, UK or a cloud guru, you’re always going to notice a string of characters separated by dots or periods. So the last word in a domain name represents the top level domain name, and then the second word in a domain name is known as a second level domain name, and this is optional and really depends on the domain name.

So your top level domain names are things like or or gov, and then your second level domain names will be the co in the Co UK, or the gov in the Gov UK, etc. So essentially what this is, is just a big database of all available top level domain names. You can actually go and view it for yourself by visiting Iana. org domainsrootdb. And they do add domains to this quite regularly. Dot Guru is still a very new domain name, and recently they added Cloud as a domain name, so you can go out and buy Cloud. And believe it or not, Azure Cloud was available for $100,000. And I kept thinking to myself, oh my God, that’s a really valuable domain name. Why hasn’t Microsoft bought that yet? So it’s probably not available now, though I think somebody has probably gone in and bought it.

Okay, so let’s move on to domain registrars. And because all the names in a given domain name have to be unique, there needs to be some way of organizing all this so that the domain names aren’t duplicated. So you can’t go out and buyerseua. com or Aws. com, et cetera. And this is where domain registrars come in. So a registrar is an authority that can assign domain names directly under one or more top level domain names. And these domains are registered with Internet, which is a service of ICANN, and they enforce the uniqueness of domain names across the Internet. And each domain name becomes registered in a central database known as the Who Is database.

And so your popular domain registrars include GoDaddy. com, one, two, Three, reg, Co, UK, et cetera. And if you are going to do the lab part of this course, you will need to register a domain name now with the free tier accounts. It’s not actually Route 53. Is does not fall under free tier, so I think it’s going to cost you around 125 per month. So just do bear that in mind.

And also you’re going to have to go out and buy the domain name itself. It depends what domain name that you buy, but that’s going to be a few dollars as well. So just bear that in mind when you’re doing the labs. You don’t have to actually do it. You can just follow along with me as I set up a domain name with Route 53, but it’s entirely up to you. Okay, so your Startup Authority record stores information about the following points.

And don’t worry, guys, it does sound a bit complicated and you don’t need to know all of this going into the exam, but what it does supply information about is the name of the server that supplied the data for the zone. And most importantly, and this is where you would use it the most, the administrator of the zone so this will be where you can get their contact details from. So if you need to find out who owns the domain name and you want their email address, for example, the SOA record would contain this. It contains a lot of other things like the current version of the data file, the number of seconds a secondary name server should wait before checking for updates.

The number of seconds a secondary name server should wait before retrying a failed zone transfer. The maximum number of seconds that a secondary name server can use data before it must either be refreshed or expired. And then importantly, it also contains the default number of seconds for the TTL to live on for all resource records. And we’re actually going to show you how TTLs work in the labs, but I will explain it on later on in the slides. Let’s move on to NS records. So, NS records are really important. NS stands for Name Server Records and they’re used by top level domain servers to direct traffic to your DNS server, which contains the authoritative DNS records. Now, essentially what happens is when you create a zone in Route 53, you’re going to be given a lot of different NS records.

You then have to take these NS records to your domain registrar. So if you’re using GoDaddy, for example, you would go in to the GoDaddy console. But essentially what you do is you take those NS records and you supply your domain registrar with these NS records and then that way traffic will be directed over to Route 53. Now, recently, Amazon have become a domain registrar. And it makes it a lot easier for you because previously you’d have to go through and use, like, GoDaddy, register a domain name, and then basically you would have to go to create the zone in Route 53, get all the NS records, then update GoDaddy with the NS records in order to get this all to work.

But now it’s all integrated into the AWS console, so we won’t need to worry about GoDaddy or anything when we go through and do it in the labs. We’re just going to be using AWS as our domain registrar. So let’s move on to A records. And A records are basically the most fundamental type of DNS. So I used the example before that when you type in domain name, it’s looking up an IP address. That IP address is the a record? So an A record is the most fundamental type of DNS record and the A record stands for address. So the A record is used by a computer to translate the name of the domain to the IP address. So www dot acloud guru might point to and then IP address one 2310 80. So we’re going to be using a domain name called Hellocloud GURUS. COM for the rest of this section of the course.

And that is going to resolve to our elastic load balances and then eventually to our EC Two instances. Now, it’s important to understand that an Elastic Load balancer never has an IPV Four or IPV Six address. Elastic load balancers always just have a DNS name. And we did cover that in the EC Two section of the course. But I’m just going to remind you again, so Elastic Load balancers always just use a DNS name. And for that reason, you couldn’t use an A record to resolve to an Elastic Load balancer. What we actually use is a thing called an alias record. And I’ll come to that coming up in the next few slides. Okay? So the next important thing to note is the TTL record. And that is basically it stands for Time to Live. And it’s the length of time that a DNS record is cached either on the resolving server or on your own PC. And it’s always measured in seconds. So let me give you an example. Let’s say I want to go to a cloud guru, and I’ve never visited it before that DNS request.

First, what you’re going to do is your PC is going to check whether or not it has that address in its cache. If it doesn’t have it in its cache, it’s then going to do a DNS request to a resolving server, and eventually you’re going to go to Route 53 and you’re going to pull down the A record for a cloud guru, and it’s just going to be an IP Four address. Now, as soon as your computer has got that IP Four address, it’s going to cache it in its local cache so that if you went and visited it again, it doesn’t have to do another DNS request. Now that caching length of time is going to be equal to the time to live. So it’s how long that this record is going to be kept in the cache. Now, it’s really important to think about this from an architectural point of view, because if you are adding additional A records or additional servers to your production website, or if you want to move your production website from, let’s say, Azure over to AWS, you’re going to have to do a DNS change.

And that DNS change is going to take a while to propagate out to all your end users on the Internet. So what a lot of businesses will do is if they’re going to do a DNS migration, let’s say they’re moving from Azure over to AWS before they actually do that migration, they will drop the TTL of their DNS records down to 300 seconds or five minutes. And then you would normally wait about two days, because by default, most TTLs are set for two days and you would wait for essentially two days before doing that migration. If you don’t do that, then you’re going to have this issue where some DNS requests will go to the old site and some DNS requests will go to the new site. So if you are going to do a DNS migration, it’s always advisable to plan it in advance, lower the TTLs of all your DNS records down to 300 seconds, which is five minutes. And then when you’re ready to do the migration a couple of days later, then you know that your users will only be affected for that five minute window.

Okay, so let’s move on to CNAMEs. And CNAMEs simply stands for Canonical Name and this can be used to resolve one domain name to another. So for example, you might have a mobile website and you’ve got the domain name M acloud Guru and it’s used for users when they’re browsing to the domain name on their mobile devices. Now, you might also want them to be able to use mobile Acloud Guru to resolve to the same address. So instead of having two records, two A records with the same IP address, you can essentially have mobile Acloud Guru point to M acloud Guru and use that A record. So that’s all the CNAME is, it moves one domain name to another and it can be external ones as well. You could have www. mywebsite. com and you could have that resolved to a completely different domain name. It could resolve to www dot Acloud Guru.

Okay, so let’s move on to Alias Records. Now, an alias record is a record that Amazon have created and it’s basically only use the terminology alias records when you’re working with AWS and with route 53. But an alias record is very similar to a CNAME. So an alias records used to map resource records set in your hosted zone to things like elastic load balances, CloudFront distributions or S three buckets that are configured as websites. Alias records work very similar to a CNAME record in that you can map one DNS name to another. So you can map www. example. com to another target DNS name, which might be ELB 1234 ELB Amazon Aws. com. Now, when you’re playing with DNS, and you can try this on GoDaddy as well, as you know, route 53, your naked domain name always must be an A record. You can’t set a naked domain name to be a CNAME. And what do we mean by a naked domain name? Well, I just mean the domain name without the www.

So a cloud Guru, for example, would be the naked domain name. It’s also sometimes referred to as the Zone Apex record. Now, because you always need an IPV four address for your naked domain name or for your Zone Apex record. It used to cause a problem with route 53 because you can’t get the IPV four address for an elastic load balancer, for example. And even if you could get the IPV four address for an elastic load balancer, it could change all the time and you’d have to go in and update your DNS records. So what Amazon then created was an alias record. And the alias record will automatically map your naked domain name or your zone Apex domain name to an elastic load balancer. And that’s where it’s most commonly used. And that’s where we’re going to see it used in the labs. So Alias resource record sets can save you time because Amazon Route 53 automatically recognizes changes in the record sets that the alias record set refers to. So again, I’ll give you an example. com. Points to an ELB. And the ELB’s DNS addresses LB 11234 US. Easter one ELB amazon. com.

Now, if the IP address of that load balancer changes, amazon Route 53 is automatically going to reflect those changes in the DNS answers, for example, without any changes to the hosted zone that contains the record set, for example. So it’s just an easy way of mapping your naked domain name to an elastic load balancer. And that’s where you’re going to see it most commonly used in production and in the labs going forward. Okay, so that’s it for this lecture, guys. Going into the exam, you should remember these three exam tips. So, elastic load balancers do not have a predefined public IPV four address. You’re not given an IP address. When you create an elastic load balancer, you’re always given a DNS endpoint. So you always resolve to those elastic load balancers using a DNS name. Now, that can cause a problem, because if you’ve got a cloud guru, which is a naked domain name, you always need an IP v four address to resolve that naked domain name too.

So what did Amazon do? Well, they just created Alias records. So Alias Records allow you to resolve a naked domain name, or sometimes referred to as the zone Apex Record to an elastic load balancers DNS address. And that’s where you’re going to see it most commonly used. Another important difference between Alias Records and a CNAME is that when you’re making a request to Route 53 for a DNS record, you are going to be charged for that request if you’re using CNAMEs, if, however, you’re making a request and it’s an alias record, you won’t be charged.

And for that reason, when you go into the exam and you read through these difficult sort of scenario questions, it will ask you should you be using an A record here? Should you be using a CNAME here? Or should you be using an alias record? And nine times out of ten, you want to choose an alias record over everything because you’re not going to be at get charged for it. And it does allow you to map your naked domain name or your zone Apex record back to an elastic load balancer. Okay? So if you have any questions, please let me know. If not, feel free to move on to the next lecture. Thank you.

Comments
* The most recent comment are at the top

Interesting posts

The Growing Demand for IT Certifications in the Fintech Industry

The fintech industry is experiencing an unprecedented boom, driven by the relentless pace of technological innovation and the increasing integration of financial services with digital platforms. As the lines between finance and technology blur, the need for highly skilled professionals who can navigate both worlds is greater than ever. One of the most effective ways… Read More »

CompTIA Security+ vs. CEH: Entry-Level Cybersecurity Certifications Compared

In today’s digital world, cybersecurity is no longer just a technical concern; it’s a critical business priority. With cyber threats evolving rapidly, organizations of all sizes are seeking skilled professionals to protect their digital assets. For those looking to break into the cybersecurity field, earning a certification is a great way to validate your skills… Read More »

The Evolving Role of ITIL: What’s New in ITIL 4 Managing Professional Transition Exam?

If you’ve been in the IT service management (ITSM) world for a while, you’ve probably heard of ITIL – the framework that’s been guiding IT professionals in delivering high-quality services for decades. The Information Technology Infrastructure Library (ITIL) has evolved significantly over the years, and its latest iteration, ITIL 4, marks a substantial shift in… Read More »

SASE and Zero Trust: How New Security Architectures are Shaping Cisco’s CyberOps Certification

As cybersecurity threats become increasingly sophisticated and pervasive, traditional security models are proving inadequate for today’s complex digital environments. To address these challenges, modern security frameworks such as SASE (Secure Access Service Edge) and Zero Trust are revolutionizing how organizations protect their networks and data. Recognizing the shift towards these advanced security architectures, Cisco has… Read More »

CompTIA’s CASP+ (CAS-004) Gets Tougher: What’s New in Advanced Security Practitioner Certification?

The cybersecurity landscape is constantly evolving, and with it, the certifications that validate the expertise of security professionals must adapt to address new challenges and technologies. CompTIA’s CASP+ (CompTIA Advanced Security Practitioner) certification has long been a hallmark of advanced knowledge in cybersecurity, distinguishing those who are capable of designing, implementing, and managing enterprise-level security… Read More »

Azure DevOps Engineer Expert Certification: What’s Changed in the New AZ-400 Exam Blueprint?

The cloud landscape is evolving at a breakneck pace, and with it, the certifications that validate an IT professional’s skills. One such certification is the Microsoft Certified: DevOps Engineer Expert, which is validated through the AZ-400 exam. This exam has undergone significant changes to reflect the latest trends, tools, and methodologies in the DevOps world.… Read More »

img