The document discusses Route53 domain name management in AWS. It describes how "parent-child domains" refer to multiple related domain names that are subsets of each other, such as example.jp, sub.example.jp, and foo.bar.sub.example.jp. The key concept discussed is "parent-child cohabitation", which occurs when the name servers of parent and child domains partially overlap, meaning the domains share the same physical server resources. The author experimented with creating many related hosted zones in Route53 but was unable to deliberately cause parent-child cohabitation.

1. Route53 で親子同居
〜試してみたら分かったこと〜
2019/02/16
@otsuka0752

2. 自己紹介
• ダブリン/アイルランドで
クラウドのお仕事(以前は目黒)
• クラウドの前はオンプレで
オンラインゲームのシステム管理者
• DNS温泉 第1-4回に参加
DNS温泉 第5回は不参加
z2

3. • . (ROOT) や TLD 以外のドメイン名で
後方一致する 2つのドメイン名
• 親子だけでなく孫などの祖先も含めた
ドメイン名も「親子ドメイン名」
• 同一ドメイン名も「親子ドメイン名」
この資料での「親子ドメイン名」
z3

4. example.jp.
sub.example.jp.
bar.sub.example.jp.
foo.bar.sub.example.jp.
...
x.x.foo.bar.sub.example.jp.
• 親子ドメイン名(の例)
この資料での「親子ドメイン名」
z4

5. • Route53 の HostedZone にて指定される
4つの NS(ネームサーバ)のセット
(例)
ns-22.awsdns-02.com.
ns-961.awsdns-56.net.
ns-1318.awsdns-36.org.
ns-1714.awsdns-22.co.uk.
DelegationSet
z5

6. 「親子ドメイン名」(同一ドメイン名)の
「DelegationSet」の 4つずつの NS のうち
1つ以上の NS が重複すること
※ 1台のサーバ(NS) 1つの IPアドレスで
「親子ドメイン名」のゾーンが同居する状態
この資料での「親子同居」
z6

7. #1
example.jp.
ns-22.awsdns-02.com ns-961.awsdns-56.net ns-1318.awsdns-36.org ns-1714.awsdns-22.co.uk
example.jp.
ns-468.awsdns-58.com ns-720.awsdns-26.net ns-1318.awsdns-36.org ns-1916.awsdns-47.co.uk
#2
example.jp.
ns-22.awsdns-02.com ns-961.awsdns-56.net ns-1318.awsdns-36.org ns-1714.awsdns-22.co.uk
foo.bar.sub.example.jp.
ns-468.awsdns-58.com ns-720.awsdns-26.net ns-1281.awsdns-32.org ns-1714.awsdns-22.co.uk
親子同居の例
z7

8. #3
example.jp.
ns-22.awsdns-02.com ns-961.awsdns-56.net ns-1318.awsdns-36.org ns-1714.awsdns-22.co.uk
example.jp.
ns-468.awsdns-58.com ns-720.awsdns-26.net ns-1281.awsdns-32.org ns-1916.awsdns-47.co.uk
#4
example.jp.
ns-22.awsdns-02.com ns-961.awsdns-56.net ns-1318.awsdns-36.org ns-1714.awsdns-22.co.uk
example.com.
ns-468.awsdns-58.com ns-720.awsdns-26.net ns-1281.awsdns-32.org ns-1714.awsdns-22.co.uk
親子同居でない例
z8

9. https://gist.github.com/otsuka752/f83e2a0de043afadacfd1dc93e7c873f
どう調べるか
• 公式ドキュメントに記載は無さそう
とりあえず…
• 親子ドメイン名(同一のドメイン名)の
PublicHostedZoneをたくさん作ってみた
z9

10. ns-468.awsdns-58.com ns-720.awsdns-26.net ns-1281.awsdns-32.org ns-1916.awsdns-47.co.uk
ns-268.awsdns-33.com ns-757.awsdns-30.net ns-1097.awsdns-09.org ns-1567.awsdns-03.co.uk
ns-455.awsdns-56.com ns-579.awsdns-08.net ns-1156.awsdns-16.org ns-1635.awsdns-12.co.uk
ns-417.awsdns-52.com ns-895.awsdns-47.net ns-1505.awsdns-60.org ns-1754.awsdns-27.co.uk
ns-369.awsdns-46.com ns-607.awsdns-11.net ns-1402.awsdns-47.org ns-1825.awsdns-36.co.uk
ns-505.awsdns-63.com ns-668.awsdns-19.net ns-1267.awsdns-30.org ns-1887.awsdns-43.co.uk
ns-330.awsdns-41.com ns-993.awsdns-60.net ns-1491.awsdns-58.org ns-1751.awsdns-26.co.uk
ns-170.awsdns-21.com ns-860.awsdns-43.net ns-1312.awsdns-36.org ns-1787.awsdns-31.co.uk
ns-302.awsdns-37.com ns-624.awsdns-14.net ns-1441.awsdns-52.org ns-1814.awsdns-34.co.uk
ns-51.awsdns-06.com ns-770.awsdns-32.net ns-1138.awsdns-14.org ns-1914.awsdns-47.co.uk
ns-430.awsdns-53.com ns-691.awsdns-22.net ns-1222.awsdns-24.org ns-1788.awsdns-31.co.uk
ns-478.awsdns-59.com ns-701.awsdns-23.net ns-1030.awsdns-00.org ns-1654.awsdns-14.co.uk
ns-362.awsdns-45.com ns-906.awsdns-49.net ns-1284.awsdns-32.org ns-1999.awsdns-57.co.uk
ns-75.awsdns-09.com ns-631.awsdns-14.net ns-1403.awsdns-47.org ns-1554.awsdns-02.co.uk
ns-300.awsdns-37.com ns-852.awsdns-42.net ns-1050.awsdns-03.org ns-1647.awsdns-13.co.uk
ns-323.awsdns-40.com ns-891.awsdns-47.net ns-1399.awsdns-46.org ns-1550.awsdns-01.co.uk
ns-358.awsdns-44.com ns-983.awsdns-58.net ns-1153.awsdns-16.org ns-1941.awsdns-50.co.uk
...
たくさん作ってみた結果(抜粋)
z10

11. 調べてみた
• たくさん作った PublicHostedZones の
DelegationSet を調べたけど…
親子同居は見つからず
z11

12. ns-468.awsdns-58.com ns-720.awsdns-26.net ns-1281.awsdns-32.org ns-1916.awsdns-47.co.uk
ns-268.awsdns-33.com ns-757.awsdns-30.net ns-1097.awsdns-09.org ns-1567.awsdns-03.co.uk
ns-455.awsdns-56.com ns-579.awsdns-08.net ns-1156.awsdns-16.org ns-1635.awsdns-12.co.uk
ns-417.awsdns-52.com ns-895.awsdns-47.net ns-1505.awsdns-60.org ns-1754.awsdns-27.co.uk
ns-369.awsdns-46.com ns-607.awsdns-11.net ns-1402.awsdns-47.org ns-1825.awsdns-36.co.uk
ns-505.awsdns-63.com ns-668.awsdns-19.net ns-1267.awsdns-30.org ns-1887.awsdns-43.co.uk
ns-330.awsdns-41.com ns-993.awsdns-60.net ns-1491.awsdns-58.org ns-1751.awsdns-26.co.uk
ns-170.awsdns-21.com ns-860.awsdns-43.net ns-1312.awsdns-36.org ns-1787.awsdns-31.co.uk
ns-302.awsdns-37.com ns-624.awsdns-14.net ns-1441.awsdns-52.org ns-1814.awsdns-34.co.uk
ns-51.awsdns-06.com ns-770.awsdns-32.net ns-1138.awsdns-14.org ns-1914.awsdns-47.co.uk
ns-430.awsdns-53.com ns-691.awsdns-22.net ns-1222.awsdns-24.org ns-1788.awsdns-31.co.uk
ns-478.awsdns-59.com ns-701.awsdns-23.net ns-1030.awsdns-00.org ns-1654.awsdns-14.co.uk
ns-362.awsdns-45.com ns-906.awsdns-49.net ns-1284.awsdns-32.org ns-1999.awsdns-57.co.uk
ns-75.awsdns-09.com ns-631.awsdns-14.net ns-1403.awsdns-47.org ns-1554.awsdns-02.co.uk
ns-300.awsdns-37.com ns-852.awsdns-42.net ns-1050.awsdns-03.org ns-1647.awsdns-13.co.uk
ns-323.awsdns-40.com ns-891.awsdns-47.net ns-1399.awsdns-46.org ns-1550.awsdns-01.co.uk
ns-358.awsdns-44.com ns-983.awsdns-58.net ns-1153.awsdns-16.org ns-1941.awsdns-50.co.uk
...
たくさん作ってみた結果(抜粋)

13. ns-0.awsdns-00.com.
ns-1.awsdns-00.com.
ns-2.awsdns-00.com.
ns-3.awsdns-00.com.
ns-4.awsdns-00.com.
ns-5.awsdns-00.com.
ns-6.awsdns-00.com.
ns-7.awsdns-00.com.
ns-8.awsdns-01.com.
ns-9.awsdns-01.com.
...
ns-504.awsdns-63.com.
ns-505.awsdns-63.com.
ns-506.awsdns-63.com.
ns-507.awsdns-63.com.
ns-508.awsdns-63.com.
ns-509.awsdns-63.com.
ns-510.awsdns-63.com.
ns-511.awsdns-63.com.
ソートしてみた(com 列)
z13

14. ns-512.awsdns-00.net.
ns-513.awsdns-00.net.
ns-514.awsdns-00.net.
ns-515.awsdns-00.net.
ns-516.awsdns-00.net.
ns-517.awsdns-00.net.
ns-518.awsdns-00.net.
ns-519.awsdns-00.net.
ns-520.awsdns-01.net.
ns-521.awsdns-01.net.
...
ns-1016.awsdns-63.net.
ns-1017.awsdns-63.net.
ns-1018.awsdns-63.net.
ns-1019.awsdns-63.net.
ns-1020.awsdns-63.net.
ns-1021.awsdns-63.net.
ns-1022.awsdns-63.net.
ns-1023.awsdns-63.net.
ソートしてみた(net 列)
z14

15. ns-1024.awsdns-00.org
ns-1025.awsdns-00.org
ns-1026.awsdns-00.org
ns-1027.awsdns-00.org
ns-1028.awsdns-00.org
ns-1029.awsdns-00.org
ns-1030.awsdns-00.org
ns-1031.awsdns-00.org
ns-1032.awsdns-01.org
ns-1033.awsdns-01.org
...
ns-1528.awsdns-63.org
ns-1529.awsdns-63.org
ns-1530.awsdns-63.org
ns-1531.awsdns-63.org
ns-1532.awsdns-63.org
ns-1533.awsdns-63.org
ns-1534.awsdns-63.org
ns-1535.awsdns-63.org
ソートしてみた(org 列)
z15

16. ns-1536.awsdns-00.co.uk
ns-1537.awsdns-00.co.uk
ns-1538.awsdns-00.co.uk
ns-1539.awsdns-00.co.uk
ns-1540.awsdns-00.co.uk
ns-1541.awsdns-00.co.uk
ns-1542.awsdns-00.co.uk
ns-1543.awsdns-00.co.uk
ns-1544.awsdns-01.co.uk
ns-1545.awsdns-01.co.uk
...
ns-2040.awsdns-63.co.uk
ns-2041.awsdns-63.co.uk
ns-2042.awsdns-63.co.uk
ns-2043.awsdns-63.co.uk
ns-2044.awsdns-63.co.uk
ns-2045.awsdns-63.co.uk
ns-2046.awsdns-63.co.uk
ns-2047.awsdns-63.co.uk
ソートしてみた(co.uk 列)
z16

17. ns-0 ns-512 ns-1024 ns-1536
ns-1 ns-513 ns-1025 ns-1537
ns-2 ns-514 ns-1026 ns-1538
ns-3 ns-515 ns-1027 ns-1539
ns-4 ns-516 ns-1028 ns-1540
ns-5 ns-517 ns-1029 ns-1541
ns-6 ns-518 ns-1030 ns-1542
ns-7 ns-519 ns-1031 ns-1543
ns-8 ns-520 ns-1032 ns-1544
ns-9 ns-521 ns-1033 ns-1545
…
ns-504 ns-1016 ns-1528 ns-2040
ns-505 ns-1017 ns-1529 ns-2041
ns-506 ns-1018 ns-1530 ns-2042
ns-507 ns-1019 ns-1531 ns-2043
ns-508 ns-1020 ns-1532 ns-2044
ns-509 ns-1021 ns-1533 ns-2045
ns-510 ns-1022 ns-1534 ns-2046
ns-511 ns-1023 ns-1535 ns-2047
たくさん作ってみたら見えてきた

18. どう調べるか(again)
• NS は各列 512種類のように見える
• 513個の HostedZone を作れば重複する
• 513個作ってみる
z18

19. たくさん作ってみた
z19
$ for j in {0..512}; do aws route53 create-hosted-zone
—name tcpreplay.jp. --caller-reference $j; done

20. $ for j in {0..512}; do aws route53 create-hosted-zone
—name tcpreplay.jp. --caller-reference $j; done
エラーで止まった！
An error occurred (DelegationSetNotAvailable) when calling the
CreateHostedZone operation: We encountered an error creating delegation
set for your hosted zone. Please contact: awsdns-hostmaster@amazon.com
たくさん作ってみた
z20

21. Amazon Route 53 / CreateHostedZone
https://docs.aws.amazon.com/Route53/latest/APIReference/
API_CreateHostedZone.html
DelegationSetNotAvailable
You can create a hosted zone that has the same name as an existing hosted
zone (example.com is common), but there is a limit to the number of
hosted zones that have the same name. If you get this error, Amazon Route
53 has reached that limit. If you own the domain name and Route 53
generates this error, contact Customer Support.
z21
(同一のドメイン名の HostedZone を作成できるけど、数に制限があります。)

22. Amazon Route 53 / CreateHostedZone
https://docs.aws.amazon.com/Route53/latest/APIReference/
API_CreateHostedZone.html
Public hosted zone: Two hosted zones that have the same name or that have
a parent/child relationship (example.com and test.example.com) can't have
any common name servers. You tried to create a hosted zone that has the
same name as an existing hosted zone or that's the parent or child of an
existing hosted zone, and you specified a delegation set that shares one
or more name servers with the existing hosted zone. For more information,
see CreateReusableDelegationSet.
z22
(同一のドメイン名や親子ドメイン名の 2つの HostedZone では、共通の NS を持
てません。)

23. たくさん作ってみた
• 513個作成できなかった
• 513個作成する前にエラー発生
作成できた分を調べても
NS は重複していない
• --debug 付きの結果は下記
https://gist.github.com/otsuka752/b8d114927970cf59847b0b9b35b70810
z23

24. まとめ
Route53 で親子同居は
発生しないように見える
(現時点での挙動)
z24

25. Specifications
•Route53 の NS名は全世界で 512 x4 = 2048
(.com .net .org .co.uk で 512ずつ)
• 親子でない任意の 2つのドメイン名において
NS の重複は最大でも 2つを保証
(3つ重なることはない)
z25

26. Under the Hood of Amazon Route 53
(ARC408-R1) - AWS re:Invent 2018
https://www.slideshare.net/AmazonWebServices/under-the-hood-of-amazon-
route-53-arc408r1-aws-reinvent-2018
P.23
Each data plane (“stripe”) is one /23 subnet, routed independently
P.46
Route 53 Route 53 has 512x nameservers per stripe
Every hosted zone gets one NS on each stripe
Guaranteed max overlap of 2x nameservers
z26

27. END
z27

28. ns-0.awsdns-00.com. 205.251.192.0
ns-1.awsdns-00.com. 205.251.192.1
ns-2.awsdns-00.com. 205.251.192.2
ns-3.awsdns-00.com. 205.251.192.3
ns-4.awsdns-00.com. 205.251.192.4
ns-5.awsdns-00.com. 205.251.192.5
ns-6.awsdns-00.com. 205.251.192.6
ns-7.awsdns-00.com. 205.251.192.7
ns-8.awsdns-01.com. 205.251.192.8
ns-9.awsdns-01.com. 205.251.192.9
...
ns-504.awsdns-63.com. 205.251.193.248
ns-505.awsdns-63.com. 205.251.193.249
ns-506.awsdns-63.com. 205.251.193.250
ns-507.awsdns-63.com. 205.251.193.251
ns-508.awsdns-63.com. 205.251.193.252
ns-509.awsdns-63.com. 205.251.193.253
ns-510.awsdns-63.com. 205.251.193.254
ns-511.awsdns-63.com. 205.251.193.255
ソートして dig (com 列)
z28

29. ns-512.awsdns-00.net. 205.251.194.0
ns-513.awsdns-00.net. 205.251.194.1
ns-514.awsdns-00.net. 205.251.194.2
ns-515.awsdns-00.net. 205.251.194.3
ns-516.awsdns-00.net. 205.251.194.4
ns-517.awsdns-00.net. 205.251.194.5
ns-518.awsdns-00.net. 205.251.194.6
ns-519.awsdns-00.net. 205.251.194.7
ns-520.awsdns-01.net. 205.251.194.8
ns-521.awsdns-01.net. 205.251.194.9
...
ns-1016.awsdns-63.net. 205.251.195.248
ns-1017.awsdns-63.net. 205.251.195.249
ns-1018.awsdns-63.net. 205.251.195.250
ns-1019.awsdns-63.net. 205.251.195.251
ns-1020.awsdns-63.net. 205.251.195.252
ns-1021.awsdns-63.net. 205.251.195.253
ns-1022.awsdns-63.net. 205.251.195.254
ns-1023.awsdns-63.net. 205.251.195.255
ソートして dig (net 列)
z29

30. ns-1024.awsdns-00.org. 205.251.196.0
ns-1025.awsdns-00.org. 205.251.196.1
ns-1026.awsdns-00.org. 205.251.196.2
ns-1027.awsdns-00.org. 205.251.196.3
ns-1028.awsdns-00.org. 205.251.196.4
ns-1029.awsdns-00.org. 205.251.196.5
ns-1030.awsdns-00.org. 205.251.196.6
ns-1031.awsdns-00.org. 205.251.196.7
ns-1032.awsdns-01.org. 205.251.196.8
ns-1033.awsdns-01.org. 205.251.196.9
...
ns-1528.awsdns-63.org. 205.251.197.248
ns-1529.awsdns-63.org. 205.251.197.249
ns-1530.awsdns-63.org. 205.251.197.250
ns-1531.awsdns-63.org. 205.251.197.251
ns-1532.awsdns-63.org. 205.251.197.252
ns-1533.awsdns-63.org. 205.251.197.253
ns-1534.awsdns-63.org. 205.251.197.254
ns-1535.awsdns-63.org. 205.251.197.255
ソートして dig (org 列)
z30

31. ns-1536.awsdns-00.co.uk. 205.251.198.0
ns-1537.awsdns-00.co.uk. 205.251.198.1
ns-1538.awsdns-00.co.uk. 205.251.198.2
ns-1539.awsdns-00.co.uk. 205.251.198.3
ns-1540.awsdns-00.co.uk. 205.251.198.4
ns-1541.awsdns-00.co.uk. 205.251.198.5
ns-1542.awsdns-00.co.uk. 205.251.198.6
ns-1543.awsdns-00.co.uk. 205.251.198.7
ns-1544.awsdns-00.co.uk. 205.251.198.8
ns-1545.awsdns-01.co.uk. 205.251.198.9
...
ns-2040.awsdns-63.co.uk. 205.251.199.248
ns-2041.awsdns-63.co.uk. 205.251.199.249
ns-2042.awsdns-63.co.uk. 205.251.199.250
ns-2043.awsdns-63.co.uk. 205.251.199.251
ns-2044.awsdns-63.co.uk. 205.251.199.252
ns-2045.awsdns-63.co.uk. 205.251.199.253
ns-2046.awsdns-63.co.uk. 205.251.199.254
ns-2047.awsdns-63.co.uk. 205.251.199.255
ソートして dig (org 列)
z31