CMϒʔτΩϟϯϓ(ࣾ಺ษڧձ) DNS ୈ4ճ AWSͷDNSαʔϏε 2018/02/21 @takipone

શ4ճ༧ఆ 17:00-18:00@ΠτʔϐΞ5Fٳܜࣨ • 1/31(ਫ) DNSೖ໳ • 2/8(໦) DNSίϯςϯπαʔόʔ • 2/14(ਫ) DNSηΩϡϦςΟ • 2/21(ਫ) VPCͱRoute 53 ΠϚίί

ۀ຿࿈བྷ • ࣭໰΍ཁ๬͸ChatWork෦԰ʹͲ͏ͧ • ϋϯάΞ΢τͰதܧ&࿥ը͋Γ·͢ • ࣾ಺ίϯϑϧͷϖʔδʹࢿྉͳͲͷ৘ใ͕͋Γ·͢ • ࠷ޙʹQ&AऔΓ·͕͢ɺਵ࣌ϦϞʔτͰ΋ߏΘ࣭ͣ໰ͯ͠Ͷ

ࣗݾ঺հ • େ୍ོଠ @takipone • IoTΤϯδχΞཆ੒ಡຊ -ઃܭฤ- • ൃച೔(3/13)͕ܾ·Γ·ͨ͠
 & AmazonͰ༧໿ελʔτ • ʮཹҙ఺ʯͷࣈ͕͍͢͝σΧ͍

ΞδΣϯμ 1. Amazon Route 53 2. Amazon VPCͷDNS

1. Amazon Route 53

Amazon Route 53 • AWS͕ఏڙ͢ΔϚωʔδυݖҖDNSαʔϏε • Τοδϩέʔγϣϯʹ഑උ͞ΕΔ෼ࢄDNSαʔόʔ܈ • SLA 100%

Route 53ͷϧʔςΟϯάϙϦγʔ • Weighted • Latency • Geolocation • Failover • Multivalue Answer • ৄ͘͠͸Black Belt(AWSͷ΢ΣϏφʔ)ͷࢿྉΛ؍ͯͶ
 https://www.slideshare.net/AmazonWebServicesJapan/aws- black-belt-tech-2016-amazon-route-53

CloudFrontͱͷҧ͍ • CloudFront(CDN)΋ΤοδϩέʔγϣϯΛར༻ ʘ 3PVUF $MPVE'SPOU ϦιʔεͷΤϯυϙΠϯτ ͭͷ/4Ϩίʔυ ϗετ໊ ϩέʔγϣϯ ࠷دΓͷΤοδ *1ΞυϨεͷݸ਺ /4Ϩίʔυຖʹͭ ෳ਺Ͱεέʔϧ͢Δ άϩʔόϧ*1ΞυϨε ݻఆ ΤχʔΩϟετ Մม

IPΤχʔΩϟετ • ֤஍ͷΤοδͰಉ͡άϩʔόϧIPΞυϨεΛ໊৐Δ • ΠϯλʔωοτͷϧʔςΟϯά(BGP)Ͱ࠷دΓͷΤοδʹ޲ ͚Δ • େن໛DNSαʔϏεͰ͸Α͋͘Δߏ੒(RFC 3258)
 ৑௕ੑɺෛՙ෼ࢄʹد༩ • DNSϕʔεͷ࢓૊ΈΑΓ΋ޮՌతʹಈ͕͘ӡ༻ͷϋʔυϧ͸ ߴ͍(GCPͰଟ༻͞Ε͍ͯΔ)

IPΤχʔΩϟετ http://www.atmarkit.co.jp/fnetwork/dnstips/035.html

IPΤχʔΩϟετ • ҟͳΔυϝΠϯͰ΋άϩʔόϧIPͷCIDR͸Ұॹ(όʔνϟϧϗετ) $ dig +short classmethod.jp ns | xargs -I{} host -t a {} ns-1421.awsdns-49.org has address 205.251.197.141 ns-1722.awsdns-23.co.uk has address 205.251.198.186 ns-266.awsdns-33.com has address 205.251.193.10 ns-576.awsdns-08.net has address 205.251.194.64 $ dig +short cloudpack.jp ns | xargs -I{} host -t a {} ns-282.awsdns-35.com has address 205.251.193.26 ns-607.awsdns-11.net has address 205.251.194.95 ns-1495.awsdns-58.org has address 205.251.197.215 ns-1784.awsdns-31.co.uk has address 205.251.198.248 $ dig +short serverworks.co.jp ns | xargs -I{} host -t a {} ns-1638.awsdns-12.co.uk has address 205.251.198.102 ns-307.awsdns-38.com has address 205.251.193.51 ns-948.awsdns-54.net has address 205.251.195.180 ns-1205.awsdns-22.org has address 205.251.196.181

IPΤχʔΩϟετ • EC2 ౦ژϦʔδϣϯ $ dig +short classmethod.jp ns | \ sort | xargs -I{} ping -q -c 3 {} | grep rtt rtt min/avg/max/mdev = 9.355/9.370/9.393/0.016 ms rtt min/avg/max/mdev = 11.019/11.029/11.044/0.086 ms rtt min/avg/max/mdev = 16.669/16.683/16.705/0.015 ms rtt min/avg/max/mdev = 0.443/0.447/0.452/0.024 ms $ dig +short classmethod.jp ns | \ sort | xargs -I{} ping -q -c 3 {} | grep rtt rtt min/avg/max/mdev = 2.217/2.289/2.358/0.069 ms rtt min/avg/max/mdev = 74.218/74.241/74.285/0.031 ms rtt min/avg/max/mdev = 51.218/51.231/51.253/0.185 ms rtt min/avg/max/mdev = 2.865/2.888/2.925/0.067 ms • EC2 ΞΠϧϥϯυϦʔδϣϯ ౦ژˠΞΠϧϥϯυ͕ ԟ෮ SSU NTڧͳͷͰɺ ಉҰσʔληϯλʔͰ͸ ࣮ݱͰ͖ͳ͍SUU

ΤΠϦΞεϨίʔυ • AWSϦιʔεʹඥ෇͘DNSϨίʔυΛ಺෦తʹղܾͯ͘͠ΕΔ • ALIASͳ͠
 
 
 • ALIAS͋Γ
 ઃఆ :
 Ϩεϙϯε : • 1RTTઅ໿Ͱ͖ΔͷͰɺجຊతʹ͸ΤΠϦΞεΛ࢖͏ www.example.com IN CNAME xxx.cloudfront.net
 xxx.cloudfront.net IN A 192.168.1.1 www.example.com ALIAS xxx.cloudfront.net www.example.com IN A 192.168.1.1

2. Amazon VPCͷDNS

Amazon Provided DNS • VPCͷCIDRͷ.2(ݫີʹ͸CIDRͷ3൪໨ͷIPΞυϨε)͕
 DNSΩϟογϡαʔόʔͱͯ͠ಈ࡞ • DHCPͷDNSαʔόʔͱͯ͠EC2ʹ௨஌͞ΕΔ
 (ΧελϚΠζՄೳ) • ENI͋ͨΓͷϨʔτϦϛοτ(1024PPS)͕͋Δ • ϦιʔεϨίʔυͷTTLͷ্ݶ஋͕60ʹͳΔ

Amazon Provided DNS https://dev.classmethod.jp/cloud/vpcfor-infra-engineer-1/

Amazon Provided DNS (Cont.) • औΓѻ͏ϦιʔεϨίʔυ • ΠϯλʔωοτͷωʔϜεϖʔε • VPC Private IPͷٯҾ͖&ਖ਼Ҿ͖ • Route 53 Private Hosted Zone • VPCΤϯυϙΠϯτͷΠϯλʔϑΣʔελΠϓ • Φϯ/ΦϑͷΈͰϑΥϫʔυͳͲͷΦϓγϣϯػೳ͸ແ͍

·ͱΊ • Route 53͸ߴ͍Մ༻ੑͱ༷ʑͳػೳΛ࣋ͭϚωʔδυͳ
 ݖҖDNSαʔϏε • ੵۃతʹΤΠϦΞεϨίʔυΛ࢖͓͏ • Amazon Provided DNS͸VPCͰར༻Ͱ͖ΔϚωʔδυͳ ΩϟογϡDNSαʔϏε

Q&A?

Ξϯέʔτʹ͝ڠྗ͍ͩ͘͞ʂ