Amazon Route 53 Resolver provides recursive DNS for your Amazon VPC and on-premises networks over VPN or AWS Direct Connect. This session will review common use cases for Route 53 Resolver and go in depth on how it works.
Built on the same Amazon VPC resolver customers use by default. What we’ve created is the ability to customize the behavior of this resolver to enable DNS resolution in hybrid cloud
Simplest example, customer has a VPC in a single account, connected back to on-prem via AWS Direct connect. DNS resolution does not work.
Customer wants bi-directional query resolution.
Customer does not use AmazonProvidedDNS at all, currently forwards all queries to on-premises.Customer wants one consistent view of DNS between VPC and on-premises.
Customer does not want VPCs or on-premises to be able to resolve public IP addresses.
Give concrete examples of types of names and zones, private names, etc, efs, private link, get names from Kiran
Examples of what types of things customer would typically want to query from on-prem and vice versa
Customer wants bi-directional query resolution.
Customer has multiple VPCs, more than one VPC is DX to the same data center.
These VPCs are spread across multiple accounts.
Customer does not use AmazonProvidedDNS at all, currently forwards all queries to on-premises.Customer wants one consistent view of DNS between VPC and on-premises.
Customer does not want VPCs or on-premises to be able to resolve public IP addresses.
Give concrete examples of types of names and zones, private names, etc, efs, private link, get names from Kiran
Examples of what types of things customer would typically want to query from on-prem and vice versa
Resolving names local to the VPC, such as EFS or PrivateLink difficult to do if forwarder is only in one VPC, so customer puts forwarder in every VPC to resolve local names
For increased availability, customers may put a forwarder in each AZ so that queries are never lost in the event of an AZ failure
No need to manage your own forwarders
Customers running a forwarder in every VPC will be able to centralize to one or two endpoints
A single, predictable point of ingress for DNS queries from on-premises
No need to manage your own forwarders
Customers running a forwarder in every VPC will be able to centralize to one or two endpoints
A single, predictable point of ingress for DNS queries from on-premises
No need to manage your own forwarders
Customers running a forwarder in every VPC will be able to centralize to one or two endpoints
A single, predictable point of ingress for DNS queries from on-premises
If VPCs are peered, a customer can go from having multiple forwarders in every VPC, to just 1 endpoint in the central VPC
If the EC2 instance were to fail there is no way to retry the queries, creating single point of failure for DNS queries
Additionally, using Route 53 resolver redistributes your query architecture, so that you don’t have a single point of failure due to centralized DNS forwarders
Such as EFS and private link. VPCs will be able to resolve their own local names without having to run a forwarder inside of each VPC. Names that need to be forwarded can
For customers running centralized forwarders, all query volume was going through one VPC. VPCs has 1024 per second packet limit.
Eliminating bottlenecks, abstract away the packet limit issue
Increased packet limit
Individual VPC limits are 1024 packets per second
Resolver Endpoints support 10,000* per ENI
Mention RAM(Resource Access Management)
Cross-Account Rules Sharing
Maintain one list of rules, share across all accounts
Mention RAM(Resource Access Management)
Cross-Account Rules Sharing
Maintain one list of rules, share across all accounts
Mention RAM(Resource Access Management)
Cross-Account Rules Sharing
Maintain one list of rules, share across all accounts
Walkthrough how to set up this, how might they use cloud formation to do this? How could they automate some of this via the API?
Walkthrough how to set up this, how might they use cloud formation to do this? How could they automate some of this via the API?