DNS Route 53 and ELB - AWS - Routing Policies

https://medium.com/awesome-cloud/aws-amazon-route-53-routing-policies-overview-285cee2d4d3b

https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/routing-policy.html

When you create a record, you choose a routing policy, which determines how Amazon Route 53 responds to queries:

• Simple routing policy – Use for a single resource that performs a given function for your domain, for example, a web server that serves content for the example.com website.

• Failover routing policy – Use when you want to configure active-passive failover.

• Geolocation routing policy – Use when you want to route traffic based on the location of your users.

• Geoproximity routing policy – Use when you want to route traffic based on the location of your resources and, optionally, shift traffic from resources in one location to resources in another.

• Latency routing policy – Use when you have resources in multiple AWS Regions and you want to route traffic to the region that provides the best latency.

• Multivalue answer routing policy – Use when you want Route 53 to respond to DNS queries with up to 8 healthy records selected at random.

• Weighted routing policy – Use to route traffic to multiple resources in proportions that you specify.

• ELB is one of many AWS services that have a regional scope and can span across zones in a given region.
• Other services like Route 53 is global in scope, as shown below, and provides services to multiple Regions.

AWS Route 53 - DNS, Elastic Load Balancer, Name Server, Domain Registrar, Hosted Zone, A Record, C Record

Why is Route 53 So called ?
TCP/UDP protocol have a default port 53 for DNS Queries

-------------------------------------------------------

Domain Registrar

DNS 

Health Monitoring

-------------------------------------------------------

 Networking & Content Delivery -> Route 53
-------------------------------------------------------
Register a Domain Name ?

Root Level Domain -> .com, .org, .edu. .net

Geographic Level Domain -> .co.in, .co.in

Domain Registrar -> Domain Name Purchased from 
GoDaddy is an example.

"Route 53" is also a Domain Registrar

https://root-servers.org/ - Root Server 

https://www.iana.org/ - For IP Addresses

Top Level Domain - Root Name Server

"Route 53" is Name Server

Domain Registrar knows which same Set of "Name Servers" your domain points to

Remove current NS and Update NS. It takes max 24 hours before these changes are effective

Who operates them? ROOT NAME Servers

The root servers are operated by 12 different organizations:

• A VeriSign Global Registry Services
• B University of Southern California, Information Sciences Institute
• C Cogent Communications
• D University of Maryland
• E NASA Ames Research Center
• F Internet Systems Consortium, Inc.
• G US DoD Network Information Center
• H US Army Research Lab
• I Netnod
• J VeriSign Global Registry Services
• K RIPE NCC
• L ICANN
• M WIDE Project

Many of these organizations have been operating root servers since the creation of the DNS. The list shows the Internet’s early roots as a US-based research and military network.

https://www.youtube.com/watch?v=JkEYOt08-rU   [BEST DNS Video]

https://www.netnod.se/i-root/what-are-root-name-servers

https://www.inmotionhosting.com/support/domain-names/dns-nameserver-changes/

https://www.inmotionhosting.com/support/domain-names/dns-nameserver-changes/godaddy

----------------------------------------------------------------------------------------------

Route 53 Has Hosted Zone

If You have external Domain Registrar(Go Daddy) - You need a create a Hosted Zone 

You need to configure - AWS Provided Name Server in External Registrar Website.

If you have Route 53 as Domain Registrar, Hosted Zone is created by default

AWS Route 53 can have  500 Hosted Zones by default and 10,000 Record Resource Sets 

Connect Domain Name with Route 53 Hosted Zone - This is called Delegation

If You migrate Domain across Registrar, it usually takes around 48 Hours because DNS Systems cache it for 48 Hours

AWS Supports 2 Types of Domains - Generic TLD(.com, .net/Geographic TLD

If AWS does not contains that domain, You cannot transfer then it to AWS

You need Authorization Code from Existing Domain Registrar

https://www.youtube.com/watch?v=G20A82dB5w0&list=PLBGx66SQNZ8a_y_CMLHchyHz_R6-6i-i_&index=85 [AWS Route 53 - II]

https://www.youtube.com/watch?v=Qf8BNGq2r6w&list=PLBGx66SQNZ8a_y_CMLHchyHz_R6-6i-i_&index=86 [AWS Route 53 - III]

Start of Authority, Hosted Zone

Route 53 - "Hosted Zone" - is a collection of records for Specific domain

Hosted Zone is a container which holds information about how you want to route traffic for domain and its sub domains.

www.techguftgu.com - Subdomains of techguftgu.com

info.techguftgu.com - techguftgu.com

support.techguftgu.com - techguftgu.com

Public Hosted Zone

Private Hosted Zone - Only works within VPC

When You create new Hosted Zone, It creates "Name Server" Record

and "Start of Authority" Record

SOA - Start of Authority

4 NameServers - Unique in 1 Hosted Zone

Do Not Change Name Servers Record

.com - Generic TLD

.net -  Generic TLD

.org -  Generic TLD

.in/.uk - Geographical

Unique Set of  4 TLD Name servers collectively known as - "Delegation Set"

"Route 53" - Acts as "Authoritative Servers"

ns-1234.awsdns-39.com - Example of 

ns-3678.awsdns-12.org

ns-2947.awsdns-39.net

Its possible to have Hosted Zone having same Names

But they will have different Records/Different Name Servers

When You register, name Servers will be updated with "External Domain Registrar"

-------------------------------------------------------------------------------------------------

nslookup 

Put above command name in cmd prompt

Enter IP , Get FQDN

Enter FQDN, Get IP address

mail.google.com

docs.aws.amazon.com

-------------------------------------------------------------------------------------------------

Some Registrar allow you to specify IP Adress

Some Registrar allow you to specify FQDN - Fully Qualified Domain Name

-------------------------------------------------------------------------------------------------

You can Transfer Domain from 1 AWS Account to Another 

For this drop a  mail to Support Team @ AWS

You cannot Transfer "Hosted Zone" from 1 AWS Account to another

You can have Domain in 1 AWS Account and Hosted Zone in another Aws Account

--------------------------------------------------------------------------------------------------

Types of Records in "Hosted Zone"

• A Record -> Domain Name to IPv4 Address -> 32 Bits
• AAAA Record -> DNS Name to IPv6 Address -> 128 Bits -> Quad Ipv4
• C Record -> Canonical Name - Alias of Domain
• NS Record ->  NameServer Record -> 4 Nameserver for 4 TLD Domains - ORG, NET, COM, Geographical (.in, .uk) (Authoritative Name Server)
• SOA Record -> Start of Authority - Meta Info about DNS Hosted Zone 
• MX Record -> Mail Server Record

NS Record - > 4 Nameservers which we need to update in - Domain Registrar

4 Name Server for each of Top level domains 

CName - Cannot be made for "Root Domain" - Zone Apex

techguftgu.com ---- CNAME X

techguftgu.com ---- subdomain.techguftgu.com ---> CNAME - Yes

SOA Record -> "Hosted Zone" can have only 1 SOA Record

Email from domain of Owner 

Authoritative Server 

Name of Owner

Serial Number  - No of Times You have incremented 

Elastic Load Balancer , AWS,Healthy Threshold,UnHealthy Threshold, Response Timeout,Health Check Interval,Ping, ELB

https://www.howtogeek.com/367129/what-is-a-504-gateway-timeout-error-and-how-can-i-fix-it/

 7. Application Layer
6. Presentation Layer
5. Session Layer
4. Transport Layer - TCP/UDP
3. Network Layer   - Routing Packets based on IP Address
2. Data Link Layer
1. Physical Layer

OSI Reference Model

--------------------------------------------------------------------

• Application Load Balancer - Based on HTTP Header
•  Allows You to route requests on the basis of HTTP Request 
• N/W Load Balancer - Very Expensive/High Performance - Operates at Transport Layer (Layer 4)
• Classic Load Balancer - Supports Layer7(HTTP(s)/Layer 4 (Legacy)

--------------------------------------------------------------------

Load Balancer Algorithm

1. Round-Robin
2. Least Loaded Server

"X-Forwarded-For" Header  - Tells us about Originating IP

Common LB Error - HTTP 504 
LB Could not connect to Target Server/Database 

7. Application Layer|

6. Presentation Layer|

5. Session Layer|

4. Transport Layer - TCP/UDP|

3. Network Layer   - Routing Packets based on IP Address|

2. Data Link Layer|

1. Physical Layer|

OSI Reference Model|

https://www.howtogeek.com/367129/what-is-a-504-gateway-timeout-error-and-how-can-i-fix-it/

--------------------------------------------------------------------

Application Load Balancer - Based on HTTP Header|

Allows You to route requests on the basis of HTTP Request |

N/W Load Balancer - Very Expensive/High Performance - Operates at Transport Layer (Layer 4)|

Not at Network layer, At Transport layer

Classic Load Balancer - Supports Layer7(HTTP(s)/Layer 4 (Legacy)|

--------------------------------------------------------------------

Load Balancer Algorithm|

Round-Robin|

Least Loaded Server|

"X-Forwarded-For" Header  - Tells us about Originating IP|

Common LB Error - HTTP 504 |

LB Could not connect to Target Server/Database DNS - Elastic Load Balancer - Route 53|

--------------------------------------------------------------------------------------------

--------------------------------------------------------------------------------------------

ELB is Region Specific - 1 Region = 1 ELB

VPC 

ELB is not concerned with "Outbound" Traffic

ELB only concerned with inbound Traffic and can be redirected to registered EC2 Instances

ELB is charged Hourly

If You delete ELB, Then Configure "Route 53" to somewhere else.

Listener listens to  incoming Connection Requests

FrontEnd Listener - Virtual 

BackEnd Listener - Virtual

FrontEnd Listener - Checks for Traffic from Internet to ELB

Backend Listener - Checks for Traffic from ELB to Instances based on port/protocol

ELB Will direct traffic to primary IP address /eth0

ELB - Works only in IPv4

IPv6 is not supported currently

Subnet 

AZ

VPC

ICMP Protocol - "Ping" Application 

RDP - MSTSC - 3389 port

HTTP -80

HTTPs - 443

Load Balancer is tied to VPC

Load Balancer -> only directs Traffic Its meant for - Protocol its enabled for

Usually EC2 Don't have Public IP 

Internally They Connect via Private IP

Load Balancer  has 3 Imp Components

Listener => Target Group (Health Check) => Target

Listener -> Which Protocol it wants to go

Target Grp -> Grp of EC2 Instances

Health Check - Every Target Group has Health Check -  Hearbeat , If a Node is down - It updates LB regarding this

Target ->  can be  -> IP, Lambdas, EC2

Targets are across Availability Zones

Internet Facing Elastic Load Balancer - Public DNS Name 

DNS Route 53 -> Elastic Load Balancer[ELB] -> EC2 

----------------------------------------------------------------------------------------------------

193.1.4.0/27  = 32-27 = 5

2^5 = 32 Instances

32 - 5 (AWS Resrved) = 27 

27 -8 =19 (8 is kept for Load Balancer) - 

If increase load on ELB, ELB can allocate IPs to ELB Nodes - 8 Nodes of ELB

192.168.10.0/27  - For Network Address 

192.168.10.1/27   - VPC Router

192.168.10.2/27   - VPC DNS Server

192.168.10.3/27   - Unknown /Future Use

192.168.10.31/27  - VPC Netcast

https://www.youtube.com/watch?v=yLd4peEUmpQ&list=PLBGx66SQNZ8a_y_CMLHchyHz_R6-6i-i_&index=58

https://www.youtube.com/watch?v=eKL4LBjpZv8&list=PLBGx66SQNZ8a_y_CMLHchyHz_R6-6i-i_&index=59

5 Reserved

27 Remaining

ELB - 8 Reserve

Total 19 IP Addresses

Minimum 2 AZ in VPC needs to be connected to ELB -Elastic Load Balancer

LB -> Distributes Load across Availability Zones

Keep Same number of EC2 Instances in all Availability Zones

Load Balancer Keeps track on Health of Instances

Registered Instances has default time period 5 seconds - "Response Timeout"

"Health Check Interval" - 30 Sec - Default (Time between 2 Seconds)

You can set to 5 -300 sec

"UnHealthy Threshold" - Number of Consecutive Failed Health Checks = Default 2

Range 2-10

"Healthy Threshold" - Number of Consecutive Sucessful Health Checks = Default 10

Range 2-10

Healthy/UnHealthy  Instances

Load Balancer monitors health of its registered Instance

https://docs.aws.amazon.com/elasticloadbalancing/latest/userguide/how-elastic-load-balancing-works.html

Cross-zone load balancing

The nodes for your load balancer distribute requests from clients to registered targets. When cross-zone load balancing is enabled, each load balancer node distributes traffic across the registered targets in all enabled Availability Zones. When cross-zone load balancing is disabled, each load balancer node distributes traffic only across the registered targets in its Availability Zone.

Cross-zone load balancing reduces the need to maintain equivalent numbers of instances in each enabled Availability Zone, and improves your application's ability to handle the loss of one or more instances. However, we still recommend that you maintain approximately equivalent numbers of instances in each enabled Availability Zone for higher fault tolerance.

https://www.cloudradar.io/blog/web-monitoring-ping-vs-tcp-vs-http-checks

PING

Ping uses the ICMP protocol to check the network reachability of the device you are checking. This works at a low level and tells you that the device is there and has power to the network interface. Just because something responds to a ping request, it is not a true indication that the service on the device is running but it does help in troubleshooting

HTTP Monitor

The monitor work by looking at the HTTP Response Code for the configured page. If a page exists, the web server will return a status code of 200, which means OK. This is a simple check to ascertain if a page exists on a website.

ELB is region specific - 1 ELB can work with multiple Availability Zones within same region.

ELB can be internal or internet facing

ELB is accessed via DNS Name

ELB