2018/02/21 @takipone
CMϒʔτΩϟϯϓ(ࣾษڧձ)DNS ୈ4ճ AWSͷDNSαʔϏε2018/02/21 @takipone
View Slide
શ4ճ༧ఆ17:00-18:[email protected]ΠτʔϐΞ5Fٳܜࣨ• 1/31(ਫ) DNSೖ• 2/8() DNSίϯςϯπαʔόʔ• 2/14(ਫ) DNSηΩϡϦςΟ• 2/21(ਫ) VPCͱRoute 53 ΠϚίί
ۀ࿈བྷ• ࣭ཁChatWork෦ʹͲ͏ͧ• ϋϯάΞτͰதܧ&ը͋Γ·͢• ࣾίϯϑϧͷϖʔδʹࢿྉͳͲͷใ͕͋Γ·͢• ࠷ޙʹQ&AऔΓ·͕͢ɺਵ࣌ϦϞʔτͰߏΘ࣭ͣͯ͠Ͷ
ࣗݾհ• େ୍ོଠ @takipone• IoTΤϯδχΞཆಡຊ -ઃܭฤ-• ൃച(3/13)͕ܾ·Γ·ͨ͠ & AmazonͰ༧ελʔτ• ʮཹҙʯͷࣈ͕͍͢͝σΧ͍
ΞδΣϯμ1. Amazon Route 532. Amazon VPCͷDNS
1. Amazon Route 53
Amazon Route 53• AWS͕ఏڙ͢ΔϚωʔδυݖҖDNSαʔϏε• Τοδϩέʔγϣϯʹඋ͞ΕΔࢄDNSαʔόʔ܈• SLA 100%
Route 53ͷϧʔςΟϯάϙϦγʔ• Weighted• Latency• Geolocation• Failover• Multivalue Answer• ৄ͘͠Black Belt(AWSͷΣϏφʔ)ͷࢿྉΛ؍ͯͶ https://www.slideshare.net/AmazonWebServicesJapan/aws-black-belt-tech-2016-amazon-route-53
CloudFrontͱͷҧ͍• CloudFront(CDN)ΤοδϩέʔγϣϯΛར༻ʘ 3PVUF $MPVE'SPOUϦιʔεͷΤϯυϙΠϯτ ͭͷ/4Ϩίʔυ ϗετ໊ϩέʔγϣϯ ࠷دΓͷΤοδ*1ΞυϨεͷݸ /4Ϩίʔυຖʹͭ ෳͰεέʔϧ͢Δάϩʔόϧ*1ΞυϨε ݻఆ ΤχʔΩϟετ Մม
IPΤχʔΩϟετ• ֤ͷΤοδͰಉ͡άϩʔόϧIPΞυϨεΛ໊Δ• ΠϯλʔωοτͷϧʔςΟϯά(BGP)Ͱ࠷دΓͷΤοδʹ͚Δ• େنDNSαʔϏεͰΑ͋͘Δߏ(RFC 3258) ੑɺෛՙࢄʹد༩• DNSϕʔεͷΈΑΓޮՌతʹಈ͕͘ӡ༻ͷϋʔυϧߴ͍(GCPͰଟ༻͞Ε͍ͯΔ)
IPΤχʔΩϟετhttp://www.atmarkit.co.jp/fnetwork/dnstips/035.html
IPΤχʔΩϟετ• ҟͳΔυϝΠϯͰάϩʔόϧIPͷCIDRҰॹ(όʔνϟϧϗετ)$ dig +short classmethod.jp ns | xargs -I{} host -t a {}ns-1421.awsdns-49.org has address 205.251.197.141ns-1722.awsdns-23.co.uk has address 205.251.198.186ns-266.awsdns-33.com has address 205.251.193.10ns-576.awsdns-08.net has address 205.251.194.64$ dig +short cloudpack.jp ns | xargs -I{} host -t a {}ns-282.awsdns-35.com has address 205.251.193.26ns-607.awsdns-11.net has address 205.251.194.95ns-1495.awsdns-58.org has address 205.251.197.215ns-1784.awsdns-31.co.uk has address 205.251.198.248$ dig +short serverworks.co.jp ns | xargs -I{} host -t a {}ns-1638.awsdns-12.co.uk has address 205.251.198.102ns-307.awsdns-38.com has address 205.251.193.51ns-948.awsdns-54.net has address 205.251.195.180ns-1205.awsdns-22.org has address 205.251.196.181
IPΤχʔΩϟετ• EC2 ౦ژϦʔδϣϯ$ dig +short classmethod.jp ns | \sort | xargs -I{} ping -q -c 3 {} | grep rttrtt min/avg/max/mdev = 9.355/9.370/9.393/0.016 msrtt min/avg/max/mdev = 11.019/11.029/11.044/0.086 msrtt min/avg/max/mdev = 16.669/16.683/16.705/0.015 msrtt min/avg/max/mdev = 0.443/0.447/0.452/0.024 ms$ dig +short classmethod.jp ns | \sort | xargs -I{} ping -q -c 3 {} | grep rttrtt min/avg/max/mdev = 2.217/2.289/2.358/0.069 msrtt min/avg/max/mdev = 74.218/74.241/74.285/0.031 msrtt min/avg/max/mdev = 51.218/51.231/51.253/0.185 msrtt min/avg/max/mdev = 2.865/2.888/2.925/0.067 ms• EC2 ΞΠϧϥϯυϦʔδϣϯ౦ژˠΞΠϧϥϯυ͕ԟ෮ SSUNTڧͳͷͰɺಉҰσʔληϯλʔͰ࣮ݱͰ͖ͳ͍SUU
ΤΠϦΞεϨίʔυ• AWSϦιʔεʹඥ͘DNSϨίʔυΛ෦తʹղܾͯ͘͠ΕΔ• ALIASͳ͠ • ALIAS͋Γ ઃఆ : Ϩεϙϯε :• 1RTTઅͰ͖ΔͷͰɺجຊతʹΤΠϦΞεΛ͏www.example.com IN CNAME xxx.cloudfront.net xxx.cloudfront.net IN A 192.168.1.1www.example.com ALIAS xxx.cloudfront.netwww.example.com IN A 192.168.1.1
2. Amazon VPCͷDNS
Amazon Provided DNS• VPCͷCIDRͷ.2(ݫີʹCIDRͷ3൪ͷIPΞυϨε)͕ DNSΩϟογϡαʔόʔͱͯ͠ಈ࡞• DHCPͷDNSαʔόʔͱͯ͠EC2ʹ௨͞ΕΔ (ΧελϚΠζՄೳ)• ENI͋ͨΓͷϨʔτϦϛοτ(1024PPS)͕͋Δ• ϦιʔεϨίʔυͷTTLͷ্ݶ͕60ʹͳΔ
Amazon Provided DNShttps://dev.classmethod.jp/cloud/vpcfor-infra-engineer-1/
Amazon Provided DNS (Cont.)• औΓѻ͏ϦιʔεϨίʔυ• ΠϯλʔωοτͷωʔϜεϖʔε• VPC Private IPͷٯҾ͖&ਖ਼Ҿ͖• Route 53 Private Hosted Zone• VPCΤϯυϙΠϯτͷΠϯλʔϑΣʔελΠϓ• Φϯ/ΦϑͷΈͰϑΥϫʔυͳͲͷΦϓγϣϯػೳແ͍
·ͱΊ• Route 53ߴ͍Մ༻ੑͱ༷ʑͳػೳΛ࣋ͭϚωʔδυͳ ݖҖDNSαʔϏε• ੵۃతʹΤΠϦΞεϨίʔυΛ͓͏• Amazon Provided DNSVPCͰར༻Ͱ͖ΔϚωʔδυͳΩϟογϡDNSαʔϏε
Q&A?
Ξϯέʔτʹ͝ڠྗ͍ͩ͘͞ʂ
takipone
sbtechnight
oracle4engineer
amarelo_n24
dskst
sat
takufujii
konboi
tarao
nozomiito
rasmusluckow
thekraken
lara
bryan
jmmastey
keathley
jponch
keavy
rmw
chriscoyier
brettharned
caitiem20