DNS

Lakukan tugas rumah & ujian kamu dengan baik sekarang menggunakan Quizwiz!

Which example shows the naming format for a public zone? A: associatecat.com B: associatecat.private.com C: associatecat.public.com D: www.associatecat.com

A: associatecat.com

Describe a Cname record

Allows aliases to be created (not the same as an alias record). A machine such as allthethings.linuxacademy.com might have CNAMES for www, ftp, and images. Each of these CNAMEs points as an existing record domain. www -> allthethings.linuxacademy.com. CNAMEs cannot be used at the APEX domain (eg. linuxacademy.com). (If we had a server and multiple A records pointing to that server, anytime something changes we have to update all those individual A records...a CNAME allows us to say it once)

What does the split-view DNS option in Route53 allow us to do?

Allows for a private/internal version of a website while using the same domain name as a public website

What information does a DNS server hold?

DNS holds and maintains a directory of domain names and IP addresses.

No single DNS server stores all the books - that would be impractical. Instead, there are lots of DNS servers that store all the DNS records for the internet. Any computer that wants to know a number or a name can ask their DNS server, and their DNS server knows how to ask - or query - other DNS servers when they need a record. When a DNS server queries other DNS servers, it's making an "upstream" query. Queries for a domain can go "upstream" until they lead back to domain's authority, or "_______ _____ _____."

authoritative name server

What's a terminal command for tracing DNS requests?

dig +trace 'somedomain.com' -Note that the responses follow the same flow as the flashcard on DNS flow: the first block is from your local resolver, the next block is from the root servers, then the authoritative name servers/top level, etc.

The internet has a lot of computers, so it doesn't make sense to put all the DNS records in one big book. Instead, DNS is organized into smaller books, or _________. These can be very large, so they are further organized into smaller books, called, "_________." No single DNS server stores all the books - that would be impractical.

domains, zones

What are examples of hosts in a domain name?

"www", "ftp", "mail", "vpn", etc.

What is roughly the cost of Route53 healthchecks?

$.50/health check/month for AWS resources, $.75 for non-AWS resources. Additional features like HTTPS, string matching, checks every 10 seconds, or recording latency incur an additional cost

Describe NS Records

(Stands for Name Server) Used to set the authoritative servers for a subdomain. .com would have NS servers for linuxacademy.com

What is Route53?

- AWS DNS service - Let's you map a domain name that you own, to: EC2 instances, Load Balancers, S3 Buckets, Cloudfront, other records, etc - Works closely with load balancers (ex: We own the domain name 'ilovecloud.com'. We create a Route53 record for that domain name, which points to a load balancer, which directs traffic to an EC2 instance web server. Much better than us trying to hit the domain name of the load balancer directly)

List examples of second level domains

-.co -.co.uk -.gov.uk

What's a name server? Explain

-A name server inside DNS is just a DNS server that hosts one or more zones (Remember: a zone is just a portion of the DNS database) -Ex.: LinuxAcademy.com would run name servers that host the linuxacademy.com zone -So, name servers are just servers that host databases

What's a hosted zone?

-A zone file that's got the records for a certain domain. The zone file is hosted on name servers and those servers have been given to the operator of the .com TLD. They've been delegated the authority for this domain

Describe Latency Routing

-Allows you to traffic based on lowest network latency for your end user (i.e. which region gives them fastest response time). To use it, create a latency resource record set for the EC2 or ELB resource in each region that hosts your site. When Route53 receives a query for your site, it selects the latency resource record set for the region that gives user lowest latency. Route53 then responds with the value associated with that resource record set -Latency is kinda tied to geolocation: the farther away you are the greater the latency

What's a CNAME record?

-Canonical name -Can be used to resolve one domain name to another -Must always point to another domain name, never directly to an IP address -Can point to another CNAME record, but not recommended cause of performance hit -Ex.: we have an A record, "example.com", pointing to an IP address, and then create a CNAME record, "www.example.com", that points to the A record -CNAME CANNOT be used for naked domain names (zone apex record). You can't have a CNAME for http://acloud.guru, it must be either A record or Alias

What are DNS records? Explain

-DNS records act as instructions for the DNS server, so it knows which domain names each IP address is associated with -DNS can have lots of different kinds of records, like: A, MX, AAAA, CNAME, TXT, NS -Think of DNS like a phone book, but instead of mapping people's names to their street address, the phone book maps computer names to IP addresses. Each mapping is called a "DNS record."

Describe Multivalue Answer Routing Policy

-For if you want traffic to be distributed somewhat randomly to multiple resources (like web servers) -Can create one multivalue answer record for each resource -Optionally can create a Route53 health check with each record

When you query a service for something in DNS, it can either give you an authoritative response, or it's not an authoritative response (could be a server caching results, like your ISP server. Explain

-If it's authoritative, we can rely on it 100%, we know it's coming from a name server that's been delegated the ability to be an authority for that zone -If querying for linuxacademy.com, the only servers that can be authoritative or linux academy's name servers

Describe Simple Routing Policy

-If you choose this, you can only have one record with multiple IP addresses -If you specify multiple values in a record, Route53 returns all values to user in random order -Can't do health checks

Describe SOA (Start of Authority) record

-Info stored in a DNS zone about that zone -A DNS zone is part of a domain for which an individual DNS server is responsible (i.e. the bit that you store A records, CNAMEs, etc.) -Each zone contains a single SOA record

What's the purpose of DNS?

-It's a convenient way for us to map human readable web addresses (domain names) to the associated IP addresses (like how we remember a person's name and look up what their associated phone number is in a phone book) -DNS is basically a big database(s)

What's the TTL (time to live)?

-Length of time (in seconds) that a DNS record is cached (on either the Resolving Server or the user's own local machine). -The lower the TTL, the faster changes to DNS records will propagate throughout the internet

Describe Geolocation Routing Policy

-Lets you choose where you traffic gets sent based on location of users (location from which DNS queries originate). -Use case: You want EU customers to see a page where your prices are in Euros, and want U.S. customers to see prices in dollars

What does "authoritative" mean in the context of DNS?

-Means something's an authority -With a distributed system like DNS, there needs to be one or more entities that are the authority for certain components of that database (ensures you have security all along the chain) -The only servers that are authoritative for the root zone are the root servers, the only authoritative servers for linuxacademy.com are linuxacademy's name servers -When the root servers delegate the .com, TLD to an organization (VeraSign in this case), they allow VeraSign to give them some name server IP addresses (which gets added to the root zone). This means that VeraSign's name servers become authoritative for that domain (.com).

All DNS has a start of authority record (SOA). It stores info about:

-Name of the server that supplied the data for the zone -Administrator of the zone -Current version of the data file -Default number of seconds for TTL (time to live) file on resource records. Generally want this number lower, so that if changes are made they get propagated out more quickly

Purchasing a domain "cats.com" through Route53:

-Note that some companies have deals where other companies can sell their domains, i.e. Route53/AWS can sell .com domains that it originally purchased from VeraSign? -Every domain (including ones you are trying to purchase) have 3 contact details: a Registrant Contact, Administrative Contact, and a Technical Contact -These are stored, along with the domain, inside the zone that you're registering inside -That's ^ called the domain record -Route53 also offers name servers as part of the deal -It creates a hosted zone (a zone record for cats.com), allocates name servers, provides those name servers to the operating company for the .com domain, then the domain will be available for use -Can take hours to get everything completed end-to-end -Once that's all done, the domain will be "fully registered" -If we clicked on the record for "cats.com", we'd see the actual registered record for the domain. We'd see details contained inside the .com zone for this domain, like: contact info (3 of them), the name servers (added to the cats.com record, now authoritative for this domain. They're Route53 servers that contain the zone for this domain)

What's a zone or zone file?

-Represents an area of the global DNS database -Root Zone is a zone (is managed by root servers). They delegate out ".com" and ".com" is a zone. ".com" delegates out "linuxacademy.com" and that's also a zone -These zones are how DNS can be distributed: servers only know the part of the database that's relevant to them: root servers have root zone, VeraSign operates servers with the ".com" zone, linuxacademy operates servers with the linuxacademy.com zone -They're separated using this delegated process

Control over these TLDs is delegated to specific large organizations to manage, and these large organizations themselves have DNS servers. The IPs of these DNS servers are stored in the _____ ____. Explain

-Root Zone -Ex.: the ".com" TLD has been delegated to VeriSign Global Registry Services. VeriSign has been delegated the authority, so they provide a list of name servers -(The name servers are about a dozen or so records showing things like "Hostname": a.gtId-servers.net, "IP Addresses": (ipv4 and ipv6 addresses) -These name servers are responsible for the top level domain (.com in this example), and this data is entered into the root zone -At first our local machines trust only the root zone, but the root zone trusts these ^ name servers, so now our local machine trusts those name servers as well (it's a chain of trust)

If reading a top level domain DNS name/web address from right to left, what are the different parts? Ex. address: www.google.com

-Starting at the farthest right: the root (a final period, often hidden/left off) -Next is the top level domain (in this case: ".com") -Next is the sub domain (in this case: "google"). Sub domain can also be referring to sub domain + TLD? (ex.: google.com)? Can be one or more sub domains -Next over, a lot of the time we have hosts (ex.: "www", "ftp", "mail", "vpn", etc.) -Basically, anything to the left of ".com." is part of the subdomain (note that we don't always include a host, like "www")

These root servers actually manage what's known as the DNS Root Zone. Explain it

-Top level database -Contains all the TLDs (Top Level Domains)

If we look at common web addresses like: google.com, bbc.co.uk., etc., we notice it's a string of letters separated by periods. The last word in a domain name is the _____ ______ _____. The second word in a domain name is known as the ___ _____ _____ (this one is optional, and will depend on the domain name)

-Top level domain -Second level domain

Explain DNS root servers

-Trust starts somewhere, and DNS root servers are that trust -The root is actually a database managed by 13 named servers -Note that it's not actually just 13 physical servers, but rather 13 named entities who are individually managed by: Verasign, Inc., NASA, US Department of Defense, University of Maryland, etc. -Example record of one of the 13: "Hostname" (named entity?) = a.root-servers.net, "IP Addresses" = 198.41.0.4, (followed by the ipv6 address), "Manager" = Verasign, Inc.

Describe Alias records

-Unique to Route53 -Similar to a CNAME record but some differences -It maps resource record sets in hosted zone to AWS resources (like ELBs, CloudFront distros, S3 buckets configured as websites, etc) -Works like CNAME in that you can map one DNS name to another "target" DNS name (ex. "www.example.com" -> "elb1234.elb.amazonaws.com) -Key difference: CNAME CANNOT be used for naked domain names (zone apex record), but you can with an Alias -Also can only have 1 CNAME per hosted zone, but can have many Aliases per hosted zone?

Describe Failover Routing Policies

-Used when you want to create an active/passive set up. Ex.: may want your primary site to be in US-WEST-2 and secondary DR site in US-EAST-1 -Route53 monitors using a health check (which monitors health of your endpoints)

Name two parts that create an FQDN?

Domain Name, Hostname

If I typed in helloroute53gurus.com, what are the steps that happen with the DNS stuff?

-We're first saying "I need the IP address for helloroute53gurus.com". If her ISP doesn't know (maybe no one's searched it recently so it's not cached), then the ISP will go to .com to see if there's an NS record for "helloroute53gurus". -If it's registered it'll look something like: "helloroute53gurus.com. TLD 172800 IN NS ns.awsdns.com" The "TLD" time-to-live is always expressed in seconds. It's an NS record, and sits at ns.awsdns.com -ISP contacts ns.awsdns.com which points us to route53, where we'll have an SOA (start of authority) record. Inside of the SOA file we'll have all our DNS types, like an A record. The A record maps to an IP address

What is a naked domain?

-When a domain name doesn't list a host -Ex.: https://linuxacademy.com. -Notice how we have the root, the TLD, and the sub domain, but no host ("www" for example) -example.com is a naked domain name, www.example.com is not a naked domain name

List examples of top level domains

.com .net .edu .gov .org .au

Give an example of the DNS flow when we try going to LinuxAcademy.com

1) Query local resolver: We type in the domain name, but our browser needs the ip address for that domain name. Browser goes to local OS and the DNS client on the OS communicates with your local DNS server (DNS resolver). Remember, this is the server that's either inside your internet router or inside your local ISP 2) Query root servers: If it doesn't know the answer (cause it isn't cached), then it performs a Recursive Query to go find it by querying the DNS root servers. These root servers won't have answer cause they don't have info in root zone on LinuxAcademy.com, but they know the authoritative name servers for the .com TLD, so the root servers give your DNS resolver server those addresses 3) Query top level domain servers: Once your resolver gets those name servers, it queries them by again asking for linuxacademy.com These top level domain servers still won't know the answer, but they will provide more details like the authoritative name servers for linuxacademy.com itself (the servers that linuxacademy themselves manage) 4) Query name servers responsible for the actual domain: The resolver gets back those authoritative name servers for linuxacademy.com, and the resolver then queries these servers for linuxacademy.com and gets an authoritative answer back

Route53 has health checks that can be created and used to influence routing decisions. Describe the 3 types of health checks

1. Health checks that monitor the health of an endpoint (eg. ip addresses or hostnames) 2. Checks that monitor the health of other health checks (called calculated health checks) 3. Checks that monitor CloudWatch alarms

Complete the sentence. A Route 53 health check can monitor the health of an HTTP or HTTPS page every __ seconds.

30, 10

What are some of the important types of records to know for the exam?

A and AAAA Record, CName Record, MX Record, NS Record, TXT Record, and Alias Records

Which are examples of a TLD (Top Level Domain)? A: www B: .net C: .com D: linuxacademy E: .io

B, C, AND E

What does DNS stand for?

Domain Name System

Because all names in a given domain name have to be unique, there needs to be a way to organize so that domain names aren't duplicated. What helps with this? Explain

Domain registrars. It's an authority that can assign domain names directly under 1 or more top-level domains. These domains are registered with InterNIC (a service of ICANN), which enforces uniqueness of domain names across the internet. Each domain name gets registered in a central db known as the WhoIS database. Ex. popular registrars: GoDaddy.com, Amazon (Route53)

Cons of simple routing

Don't have performance control, not a load-balancing architecture, can't do granular health checks against individual values (so if an ip address fails, could still have requests directed to it). If pick it to be an alias (?) can only pick a single AWS resource as a target (If not an alias can pick multiple values but have no control over how those values are returned). Can only have a single record with the same name.

Back on hosts: A host inside DNS is everything that's not a domain, so anything like "www", "mail", "catgifserver", etc., anything not included in the name. But that's ambiguous (could refer to "www.linuxacademy.com", "www.bestcatpicsever.com", etc.) The only way to be specific is to use a _______

FQDN

Describe an A record and an AAAA record

For a given host (www) an A record provides an IPv4 address (eg. 10.0.0.1), and an AAAA record provides an IPv6 record. It essentially translates a hostname into an ip address

What does FQDN stand for?

Fully Qualified Domain Name

What's an A record?

Fundamental type of DNS record. The "A" stands for "address". A record is used by a computer to translate name of domain to an IP address (ex.: http://www.acloud.guru might point to http://123.10.10.80.)

Brief description/benefits of failover routing policy

Have primary and secondary routing, so that if health checks fail on the primary, queries can automatically resolve to the secondary. You are only able to create a single record for the primary and secondary.

Describe Alias Records

In a way they're an extension of CNAME records. They're something that AWS added to Route53 and go beyond the standard DNS record types. They behave like cnames in that they reference other things (S3, load balancers, cloudfront distributions etc.) Advantages: you can use it for the naked domain (i.e. the apex) (netflix.com, linuxacademy.com) in the same way you might use a cname, only you can't use cnames in that position. Aliases extend the functionality of CNAMEs, and AWS doesn't charge for use of aliases

What's the resolver inside DNS? What's its job?

It's either a piece of software on your local machine, or a server. When hitting a resolving server, it's the initial entry point into DNS. It's job is to take queries for a given DNS name, and find the associated IP address using DNS. (Most physical devices use a resolver either in their local internet router, or inside their ISP. In most cases its delivered automatically using DHCP).

How can we resolve DNS for on-prem servers/on-prem + servers in the cloud?

One common approach used to address this need is to run DNS servers on Amazon EC2 across multiple Availability Zones (AZs) and integrate them with private on-premises DNS domains. In many cases, though, a managed private DNS service (accessible outside of a VPC) with less administrative overhead is advantageous.

Is it helpful to read web addresses/domains from right to left or left to right when discussing DNS?

Right to left

Which AWS service acts as a registrar and a DNS provider?

Route53

A _____ routing policy is a single record within a hosted zone, that contains one or more values. When queried, a ________ routing policy record returns all the values in a randomized order

Simple

What are the two main types of routing policies?

Simple, multivalue

What are the routing policies that AWS/Route53 offers?

Simple, weighted, latency, geolocation, failover, multi-value answer

Describe an MX Record

Stands for Male Exchange, they provide the mail servers for a given domain. Each MX Record has a priority, and remote mail servers use this to locate the server to use when sending to [email protected]

What does the period at the end of a FQDN signify?

The domain name is an absolute FQDN.

Describe TXT Records

Used to store plain text inside a domain. Can store any text you want but are often used to verify domain ownership.

When we type in a domain name in our browser (ex. google.com), there's actually a hidden "full stop" period at the end of the domain name (ex. google.com.) If you don't type it, your browser will actually include it. What does it represent?

The root (servers), aka the top level of the global DNS database

Which statements are true, if any, about name servers? A: Name servers can be authoritative or non-authoritative B: A name server is a server that runs a DNS service and can store or cache information for the DNS platform

They are both true

Who controls top level domains?

Top level domain names are controlled by the IANA (Internet Assigned Numbers Authority) in a root zone database (essentially a db of all available top level domains). View the db by visiting http://www.iana.org/domains/root/db

T or F: Private zones allow associated VPCs to see an internal version of a site.

True

T or F: Route 53 health checks can monitor specific AWS services by utilizing CloudWatch alarms.

True

T or F: Route 53 health checks can provide a summarized report of other health checks.

True

T or F: Route 53 health checks can use a geographical range of servers to monitor endpoints.

True

T or F: Route53 is global

True

T or F: Unlike with simple routing, a failover routing policy means we can define additional records with the same name

True

T or F: for failover routing, you can only create a single primary failover record type and a single secondary failover record type

True

In a domain name, basically, anything to the left of ".com." is part of the subdomain (note that we don't always include a host, like "www"). T or F: These sub domains are also delegated out to other companies

True Ex.: VeraSign operates the ".com" TLD, and has delegated the operation of the sub domain "linuxacademy.com" to a separate organization (they delegate it to the linuxacademy organization). LinuxAcademy manages the domain, they have DNS servers that have the database for linuxacademy.com

Describe Weighted Routing

We send percentages of traffic to different regions (Note: you have to create a new record for each ip address/server/etc.) If have 4 targets and want to split traffic evenly, just select "Routing Policy: Weighted" and set "Weight" to 25 for each record

In Route53, if we wanted to check if the domain greatcats.com exists, we can type in the domain name in the search box and see if it exists. When we type in that search box, what file are we actually checking?

We're checking the zone file for .com

When would you want to use a simple routing policy?

When not aware of your traffic patterns and need a quick/easy way to distribute traffic

Explain more how simple routing policy works, load-balancing, TTL and caching

Whenever the record is hit, (ex. www.cats.com) it will return a list of values (ex.: ip addresses of web servers) in a different order. But every single DNS request that occurs could be cached, and if cached by a large organization then everyone could be hitting the same ip address. This is why simple routing policy IS NOT load balancing. We overcome this by adjusting the TTL (Time To Live?). The lower the value, then the quicker DNS requests will get the values of the record in a different order.

What is a domain name? Give examples

linuxacademy.com, ethandugas.com, etc.


Set pelajaran terkait

Perioperative Care and Pain Management

View Set

PrepU Chp 28: Assessment of Hematologic Function and Treatment Modalities

View Set

28. Excitation Contraction Coupling in Skeletal Muscle

View Set