CMブートキャンプ(社内勉強会) DNS 第4回 AWSのDNSサービス /cm-dnsstudy-4

Transcript

1. CMϒʔτΩϟϯϓ(ࣾ಺ษڧձ) DNS ୈ4ճ AWSͷDNSαʔϏε 2018/02/21 @takipone

2. શ4ճ༧ఆ 17:00-18:00@ΠτʔϐΞ5Fٳܜࣨ • 1/31(ਫ) DNSೖ໳ • 2/8(໦) DNSίϯςϯπαʔόʔ • 2/14(ਫ)

   DNSηΩϡϦςΟ • 2/21(ਫ) VPCͱRoute 53 ΠϚίί

3. ۀ຿࿈བྷ • ࣭໰΍ཁ๬͸ChatWork෦԰ʹͲ͏ͧ • ϋϯάΞ΢τͰதܧ&࿥ը͋Γ·͢ • ࣾ಺ίϯϑϧͷϖʔδʹࢿྉͳͲͷ৘ใ͕͋Γ·͢ • ࠷ޙʹQ&AऔΓ·͕͢ɺਵ࣌ϦϞʔτͰ΋ߏΘ࣭ͣ໰ͯ͠Ͷ

4. ࣗݾ঺հ • େ୍ོଠ @takipone • IoTΤϯδχΞཆ੒ಡຊ -ઃܭฤ- • ൃച೔(3/13)͕ܾ·Γ·ͨ͠
 &

   AmazonͰ༧໿ελʔτ • ʮཹҙ఺ʯͷࣈ͕͍͢͝σΧ͍

5. ΞδΣϯμ 1. Amazon Route 53 2. Amazon VPCͷDNS

6. 1. Amazon Route 53

7. Amazon Route 53 • AWS͕ఏڙ͢ΔϚωʔδυݖҖDNSαʔϏε • Τοδϩέʔγϣϯʹ഑උ͞ΕΔ෼ࢄDNSαʔόʔ܈ • SLA 100%

8. Route 53ͷϧʔςΟϯάϙϦγʔ • Weighted • Latency • Geolocation • Failover

   • Multivalue Answer • ৄ͘͠͸Black Belt(AWSͷ΢ΣϏφʔ)ͷࢿྉΛ؍ͯͶ
 https://www.slideshare.net/AmazonWebServicesJapan/aws- black-belt-tech-2016-amazon-route-53

9. CloudFrontͱͷҧ͍ • CloudFront(CDN)΋ΤοδϩέʔγϣϯΛར༻ ʘ 3PVUF
    $MPVE'SPOU ϦιʔεͷΤϯυϙΠϯτ ͭͷ/4Ϩίʔυ ϗετ໊ ϩέʔγϣϯ

   ࠷دΓͷΤοδ *1ΞυϨεͷݸ਺ /4Ϩίʔυຖʹͭ ෳ਺Ͱεέʔϧ͢Δ άϩʔόϧ*1ΞυϨε ݻఆ ΤχʔΩϟετ Մม

10. IPΤχʔΩϟετ • ֤஍ͷΤοδͰಉ͡άϩʔόϧIPΞυϨεΛ໊৐Δ • ΠϯλʔωοτͷϧʔςΟϯά(BGP)Ͱ࠷دΓͷΤοδʹ޲ ͚Δ • େن໛DNSαʔϏεͰ͸Α͋͘Δߏ੒(RFC 3258)
 ৑௕ੑɺෛՙ෼ࢄʹد༩

    • DNSϕʔεͷ࢓૊ΈΑΓ΋ޮՌతʹಈ͕͘ӡ༻ͷϋʔυϧ͸ ߴ͍(GCPͰଟ༻͞Ε͍ͯΔ)

11. IPΤχʔΩϟετ http://www.atmarkit.co.jp/fnetwork/dnstips/035.html

12. IPΤχʔΩϟετ • ҟͳΔυϝΠϯͰ΋άϩʔόϧIPͷCIDR͸Ұॹ(όʔνϟϧϗετ) $ dig +short classmethod.jp ns | xargs

    -I{} host -t a {} ns-1421.awsdns-49.org has address 205.251.197.141 ns-1722.awsdns-23.co.uk has address 205.251.198.186 ns-266.awsdns-33.com has address 205.251.193.10 ns-576.awsdns-08.net has address 205.251.194.64 $ dig +short cloudpack.jp ns | xargs -I{} host -t a {} ns-282.awsdns-35.com has address 205.251.193.26 ns-607.awsdns-11.net has address 205.251.194.95 ns-1495.awsdns-58.org has address 205.251.197.215 ns-1784.awsdns-31.co.uk has address 205.251.198.248 $ dig +short serverworks.co.jp ns | xargs -I{} host -t a {} ns-1638.awsdns-12.co.uk has address 205.251.198.102 ns-307.awsdns-38.com has address 205.251.193.51 ns-948.awsdns-54.net has address 205.251.195.180 ns-1205.awsdns-22.org has address 205.251.196.181

13. IPΤχʔΩϟετ • EC2 ౦ژϦʔδϣϯ $ dig +short classmethod.jp ns |

    \ sort | xargs -I{} ping -q -c 3 {} | grep rtt rtt min/avg/max/mdev = 9.355/9.370/9.393/0.016 ms rtt min/avg/max/mdev = 11.019/11.029/11.044/0.086 ms rtt min/avg/max/mdev = 16.669/16.683/16.705/0.015 ms rtt min/avg/max/mdev = 0.443/0.447/0.452/0.024 ms $ dig +short classmethod.jp ns | \ sort | xargs -I{} ping -q -c 3 {} | grep rtt rtt min/avg/max/mdev = 2.217/2.289/2.358/0.069 ms rtt min/avg/max/mdev = 74.218/74.241/74.285/0.031 ms rtt min/avg/max/mdev = 51.218/51.231/51.253/0.185 ms rtt min/avg/max/mdev = 2.865/2.888/2.925/0.067 ms • EC2 ΞΠϧϥϯυϦʔδϣϯ ౦ژˠΞΠϧϥϯυ͕
    ԟ෮ SSU NTڧͳͷͰɺ
    ಉҰσʔληϯλʔͰ͸
    ࣮ݱͰ͖ͳ͍SUU

14. ΤΠϦΞεϨίʔυ • AWSϦιʔεʹඥ෇͘DNSϨίʔυΛ಺෦తʹղܾͯ͘͠ΕΔ • ALIASͳ͠
 
 
 • ALIAS͋Γ
 ઃఆ

    :
 Ϩεϙϯε : • 1RTTઅ໿Ͱ͖ΔͷͰɺجຊతʹ͸ΤΠϦΞεΛ࢖͏ www.example.com IN CNAME xxx.cloudfront.net
 xxx.cloudfront.net IN A 192.168.1.1 www.example.com ALIAS xxx.cloudfront.net www.example.com IN A 192.168.1.1

15. 2. Amazon VPCͷDNS

16. Amazon Provided DNS • VPCͷCIDRͷ.2(ݫີʹ͸CIDRͷ3൪໨ͷIPΞυϨε)͕
 DNSΩϟογϡαʔόʔͱͯ͠ಈ࡞ • DHCPͷDNSαʔόʔͱͯ͠EC2ʹ௨஌͞ΕΔ
 (ΧελϚΠζՄೳ) •

    ENI͋ͨΓͷϨʔτϦϛοτ(1024PPS)͕͋Δ • ϦιʔεϨίʔυͷTTLͷ্ݶ஋͕60ʹͳΔ

17. Amazon Provided DNS https://dev.classmethod.jp/cloud/vpcfor-infra-engineer-1/

18. Amazon Provided DNS (Cont.) • औΓѻ͏ϦιʔεϨίʔυ • ΠϯλʔωοτͷωʔϜεϖʔε • VPC

    Private IPͷٯҾ͖&ਖ਼Ҿ͖ • Route 53 Private Hosted Zone • VPCΤϯυϙΠϯτͷΠϯλʔϑΣʔελΠϓ • Φϯ/ΦϑͷΈͰϑΥϫʔυͳͲͷΦϓγϣϯػೳ͸ແ͍

19. ·ͱΊ • Route 53͸ߴ͍Մ༻ੑͱ༷ʑͳػೳΛ࣋ͭϚωʔδυͳ
 ݖҖDNSαʔϏε • ੵۃతʹΤΠϦΞεϨίʔυΛ࢖͓͏ • Amazon Provided

    DNS͸VPCͰར༻Ͱ͖ΔϚωʔδυͳ ΩϟογϡDNSαʔϏε

20. Q&A?

21. Ξϯέʔτʹ͝ڠྗ͍ͩ͘͞ʂ