DNS use guidelines in AWS Jan 5, 2015 Version 1.0



Similar documents
How To Create A Virtual Private Cloud On Amazon.Com

Active Directory Domain Services on the AWS Cloud: Quick Start Reference Deployment Mike Pfeiffer

RemoteApp Publishing on AWS

Application Note. SIP Domain Management

How To Create A Virtual Private Cloud In A Lab On Ec2 (Vpn)

Implementing, Managing and Maintaining a Microsoft Windows Server 2003 Network Infrastructure: Network Services Course No.

Deploy Remote Desktop Gateway on the AWS Cloud

LAN TCP/IP and DHCP Setup

USING THE DNS/DHCP ADMINISTRATIVE INTERFACE Last Updated:

Every Silver Lining Has a Vault in the Cloud

How To - Configure Virtual Host using FQDN How To Configure Virtual Host using FQDN

Copyright International Business Machines Corporation All rights reserved. US Government Users Restricted Rights Use, duplication or disclosure

Alfresco Enterprise on AWS: Reference Architecture

Microsoft SharePoint 2007: for End Users and Site Owner

Configuration Guide. How to Configure SSL VPN Features in DSR Series. Overview

Creating the Conceptual Design by Gathering and Analyzing Business and Technical Requirements

Updating your Network Infrastructure and Active Directory Technology Skills to Windows Server 2008

Updating your Network Infrastructure and Active Directory Technology Skills to Windows Server 2008 (MS6416)

WINDOWS AZURE NETWORKING

Disaster Recovery White Paper

How to configure WFS (Windows File Sharing ) Acceleration on SonicWALL WAN Acceleration Appliances

BASICS OF SCALING: LOAD BALANCERS

Course Outline: Designing a Windows Server 2008 Network Infrastructure

COURSE 20413C: DESIGNING AND IMPLEMENTING A SERVER INFRASTRUCTURE

Implementing Microsoft Windows Server Failover Clustering (WSFC) and SQL Server 2012 AlwaysOn Availability Groups in the AWS Cloud

Designing and Implementing a Server Infrastructure 20413C; 5 days, Instructor-led

Implementing, Managing, and Maintaining a Microsoft Windows Server 2003 Network Infrastructure: Network Services (5 days)

Course 20413: Designing and Implementing a Server Infrastructure

FortiGate-AWS Deployment Guide

SUSE Manager in the Public Cloud. SUSE Manager Server in the Public Cloud

Updating your Network Infrastructure and Active Directory Technology Skills to Windows Server 2008

How to connect your new virtual machine to the Internet

Appendix D: Configuring Firewalls and Network Address Translation

Designing and Implementing a Server Infrastructure

Desingning and Implementing a Server Infrastructure

Opsview in the Cloud. Monitoring with Amazon Web Services. Opsview Technical Overview

Securing External Name Servers

Designing a Windows Server 2008 Network Infrastructure

WEBTITAN CLOUD. User Identification Guide BLOCK WEB THREATS BOOST PRODUCTIVITY REDUCE LIABILITIES

DNS and DHCP. 14 October 2008 University of Reading

Cloud Computing project Report

T2 IaaSand PCI Compliance. Robert Zigweid, IOActive

User Guide: Introduction to AWS-SAL

Lab IP Addressing Overview

LinkProof DNS Quick Start Guide

Preliminary Course Syllabus

Lesson Plans Managing a Windows 2003 Network Infrastructure

Module 1: Overview of Network Infrastructure Design This module describes the key components of network infrastructure design.

How To Set Up Wiremock In Anhtml.Com On A Testnet On A Linux Server On A Microsoft Powerbook 2.5 (Powerbook) On A Powerbook 1.5 On A Macbook 2 (Powerbooks)

How To Guide Edge Network Appliance How To Guide:

Cloud Computing Disaster Recovery (DR)

Challenges in Deploying Public Clouds

How To Load balance traffic of Mail server hosted in the Internal network and redirect traffic over preferred Interface

Configuring Windows Server 2008 Network Infrastructure

Department of Software Engineering

Development of the Domain Name System. Joey Brown David Margolies

Provisioning Server Service Template

How to Add Domains and DNS Records

VMware vcloud Air Networking Guide

STARTER KIT. Infoblox DNS Firewall for FireEye

Owner of the content within this article is Written by Marc Grote

Secure Cloud Computing with a Virtualized Network Infrastructure

Designing and Implementing a Server Infrastructure

How to Configure an Initial Installation of the VMware ESXi Hypervisor

Designing and Implementing a Server Infrastructure

Understanding Windows Server 2003 Networking p. 1 The OSI Model p. 2 Protocol Stacks p. 4 Communication between Stacks p. 13 Microsoft's Network

Georgia College & State University

Course Syllabus. 6416: Updating your Network Infrastructure and Active Directory Technology Skills to Windows Server Key Data.

TCP/IP works on 3 types of services (cont.): TCP/IP protocols are divided into three categories:

Application Security Best Practices. Matt Tavis Principal Solutions Architect

Implementing Domain Name Service (DNS)

vcloud Air - Virtual Private Cloud OnDemand Networking Guide

VPN Configuration Guide. Dealing with Identical Local and Remote Network Addresses

HTG XROADS NETWORKS. Network Appliance How To Guide: EdgeDNS. How To Guide

Managing Your Microsoft Windows Server Fleet with AWS Directory Service. May 2015

Planning and Maintaining a Microsoft Windows Server Network Infrastructure

Build Your Knowledge!

Immersion Day. Creating an Elastic Load Balancer. Rev

Designing and Implementing a Server Infrastructure

Grid and Multi-Grid Management

How To Manage Dns On An Elfiq Link Load Balancer (Link Balancer) On A Pcode (Networking) On Ipad Or Ipad (Netware) On Your Ipad On A Ipad At A Pc Or Ipa

HTG XROADS NETWORKS. Network Appliance How To Guide: DNS Delegation. How To Guide

70-647: Windows Server Enterprise Administration

Deployment Guide. Deploying F5 BIG-IP Global Traffic Manager on VMware vcloud Hybrid Service

Designing and Implementing a Server Infrastructure

How To Deploy Sangoma Sbc Vm At Amazon Cloud Service (Awes) On A Vpc (Virtual Private Cloud) On An Ec2 Instance (Virtual Cloud)

Networking Configurations for NetApp Cloud ONTAP TM for AWS

How To Configure Syslog over VPN

CloudStack Networking. Paul Angus Cloud

High-Availability in the Cloud Architectural Best Practices

The Importance of a Resilient DNS and DHCP Infrastructure

How to Configure Split DNS

Updating Your Network Infrastructure and Active Directory Technology Skills to Windows Server 2008

TechNote. Configuring SonicOS for Amazon VPC

1 PC to WX64 direction connection with crossover cable or hub/switch

White Paper Copyright 2011 Nomadix, Inc. All Rights Reserved. Thursday, January 05, 2012

Microsoft Windows Server System White Paper

NIIT Education and Training, Doha, Qatar - Contact: /1798;

Microsoft Windows Server Failover Clustering (WSFC) and SQL Server AlwaysOn Availability Groups on the AWS Cloud: Quick Start Reference Deployment

Configuring DHCP and DNS Services

Transcription:

University of Notre Dame DNS use guidelines in AWS Jan 5, 2015 Version 1.0

Contents 1 Purpose... 3 1.1 Overview... 3 2 DNS Overview... 3 2.1 On Premise DNS... 3 2.2 AWS DNS... 3 2.3 DNS Logical Diagram... 3 3 Guidance for using DNS... 4 3.1 DNS Management order of preference... 4 3.2 DNS Management Restrictions... 4 4 DNS Scenarios Considered... 5 5 DNS Issues... 5

1 Purpose 1.1 Overview The purpose of this document is to provide information on how to configure DNS for servers in AWS. The document discusses various scenarios and provides examples to aid in understanding how DNS will respond to name queries from various points in the on premise datacenter and AWS infrastructure. 2 DNS Overview 2.1 On Premise DNS There are currently three views of the DNS name space provided by the on campus DNS system, Datacenter, Campus, and Public. The Datacenter view provides name resolution for privately addressed servers in the main campus datacenters. These addresses can only be resolved by servers that are in the datacenter using the datacenter DNS servers DNS3/4 for resolution. Campus view provides DNS resolution for campus systems and services, both public and private addresses. The Public view is seen by external Internet hosts for domains that are authoritative for nd.edu and not specifically delegated to AWS route53. 2.2 AWS DNS AWS DNS servers, operated by the OIT, are in the shared services VPC and mimic the datacenter and campus DNS views. There is also a tertiary public view DNS server which is currently in the EC2 classic environment and will be moved to one of the shared services public subnet. 2.3 DNS Logical Diagram

DC Server Datacenter DNS view dns3.dc.nd.edu dns4.dc.nd.edu Campus system Campus DNS View dns1.cc.nd.edu dns2.cc.nd.edu On Campus Public View Internet DNS servers External Internet Resolution Public System Only domains managed by Route53 AWS DNS Datacenter View Only domains managed by Route53 AWS DNS Campus View ns1.nd.edu ns2.nd.edu (Public delegated zones) AWS Route53 dns3 dns1 Zones delegated to Route53 AWS Server dns4 dns2 EC2 Classic Public View ns3.nd.edu 3 Guidance for using DNS 3.1 DNS Management order of preference 1. Manage everything in infoblox unless specific Route53 functions are needed. Point DNS to DNS3/4 in Amazon (Data Center View), this will forward to DNS1/2 (campus view in AWS) to resolve aws.nd.edu, etc. Use a different domain for private and public addresses. If Route53 functions are needed (maybe to use DNS health checks) create a separate domain for these AWS hosts in Route53. Subject to DNS management restrictions. Still point to DNS3/4 in shared services. 2. Manage everything in AWS. If you do this you should put entries in Infoblox to reserve the space as managed in AWS. a. If you manage in AWS and use split horizon in AWS, campus can resolve either the private or public but not both. b. You will have to manage Route53 from the DCND account with specific permissions on your zone. 3. If completely isolated you can use Route53 directly, but then you lose access to any private addressed services. 3.2 DNS Management Restrictions Campus Public IP s cannot go over the tunnel. (Without ugly Nat ing) AWS may have public and private views of the same domain, split horizon. Only one or the other may be visible from a particular view. AWS may have public and private domains that do not have the same name. Example, aws.nd.edu should this be strictly private.

4 DNS Scenarios Considered DC server resolves name in AWS need private IP returned (server to server com over tunnel) DC server resolves name in AWS needs public IP (access via ELB over Internet) AWS server resolves name in AWS need private IP returned (ex. Monitoring/logging) AWS server resolves name in AWS needs public IP (external ELB) AWS server resolves name in dc.nd.edu need private IP returned (database access) AWS server resolves name in nd.edu needs public IP (library servers, other public services) Campus resolves name in AWS need private IP returned (fat client database access over tunnel) Campus resolves name in AWS needs public IP (ELB access to public service) 5 DNS Issues Do we want to retain the AWS.ND.EDU domain name or change it to something else? Yes. Should we create a myname- tunnel.nd.edu domain for services that get traffic over the tunnels? We need to correct DHCP options default domain to be correct (whatever that means), but right now its multi- value which doesn t work. This becomes the domain of the ec2 instance in meta- data. 6 DNS Examples 6.1 Resolving aws.nd.edu The aws.nd.edu domain maps names to private IPs in the 172.22.0.0/16 range. These addresses are used in the AWS infrastructure VPC architecture. This is the OIT managed datacenter in AWS. Servers in AWS that make DNS requests to dns3 and dns4 (AWS Datacenter View) will resolve these addresses directly. This resolution will also occur for the on campus datacenter view for systems querying dns3.dc.nd.edu and dns4.dc.nd.edu and the campus view for systems querying dns1.cc.nd.edu or dns2.cc.nd.edu. 6.2 Resolving dc.nd.edu The dc.nd.edu domain maps names to private IPs in the 172.19.x.y range for datacenter subnets. These addresses are used in the on premise datacenters. This is the OIT managed datacenter on campus. Servers in the on campus datacenter that make DNS requests to dns3.dc.nd.edu and dns4.dc.nd.edu (Datacenter View) will resolve these addresses directly and always received the private address. This resolution will also occur for the on AWS datacenter view for systems querying dns3 and dns4. There is a split horizon view for dc.nd.edu where some hosts will resolve to different addresses based on querying from campus vs. the campus or AWS datacenters. For systems querying

dns1.cc.nd.edu or dns2.cc.nd.edu (Campus view) some dc.nd.edu records will return campus accessible IPs instead of datacenter IPs. 6.3 Resolving identity.nd.edu The identity.nd.edu is a split horizon domain managed in Route53. It uses Route53 health checks to determine whether to return a campus or AWS public address for public services. Within the AWS and Campus datacenters identity.nd.edu names resolve to AWS datacenter private addresses. In the Campus and Public views identity.nd.edu names resolve to public addresses, for public services.

2024 © DocPlayer.net Privacy Policy | Terms of Service | Feedback  | Do Not Sell My Personal Information