I distinctly remember the excitement I felt when I created my first Virtual Private Cloud (VPC) as a customer. I had just spent months building a similar environment on-premises and had been frustrated at the complicated setup. One of the immediate benefits that the VPC provided was a magical address at
10.0.0.2 where our EC2 instances sent Domain Name Service (DNS) queries. It was reliable, scaled with our workloads, and resolved both public and private domains without any input from us.
Like a lot of customers, we connected our on-premises environment with our AWS one via Direct Connect (DX), leading to cases where DNS names required resolution across the connection. Back then we needed to build DNS servers and provide forwarders to achieve this. That’s why today I am very excited to announce Amazon Route 53 Resolver for Hybrid Clouds. It’s a set of features that enable bi-directional querying between on-premises and AWS over private connections.
Before I dive into the new functionality, I would like to provide a shout out to our old faithful .2 resolver. As part of our announcement today I would like to let you know that we have officially named the .2 DNS resolver – Route 53 Resolver, in honor of the trillions of queries the service has resolved on behalf of our customers. Route 53 Resolver continues to provide DNS query capability for your VPC, free of charge. To support DNS queries across hybrid environments, we are providing two new capabilities: Route 53 Resolver Endpoints for inbound queries and Conditional Forwarding Rules for outbound queries.
Route 53 Resolver Endpoints
Inbound query capability is provided by Route 53 Resolver Endpoints, allowing DNS queries that originate on-premises to resolve AWS hosted domains. Connectivity needs to be established between your on-premises DNS infrastructure and AWS through a Direct Connect (DX) or a Virtual Private Network (VPN). Endpoints are configured through IP address assignment in each subnet for which you would like to provide a resolver.
Conditional Forwarding Rules
Outbound DNS queries are enabled through the use of Conditional Forwarding Rules. Domains hosted within your on-premises DNS infrastructure can be configured as forwarding rules in Route 53 Resolver. Rules will trigger when a query is made to one of those domains and will attempt to forward DNS requests to your DNS servers that were configured along with the rules. Like the inbound queries, this requires a private connection over DX or VPN.
When combined, these two capabilities allow for recursive DNS lookup for your hybrid workloads. This saves you from the overhead of managing, operating and maintaining additional DNS infrastructre while operating both environments.
Route 53 Resolver in Action
1. Route 53 Resolver for Hybrid Clouds is region specific, so our first step is to choose the region we would like to configure our hybrid workloads. Once we have selected a region, we choose the query direction – outbound, inbound or both.
2. We have selected both inbound and outbound traffic for this workload. First up is our inbound query configuration. We enter a name and choose a VPC. We assign one or more subnets from within the VPC (in this case we choose two for availability). From these subnets we can assign specific IP addresses to use as our endpoints, or let Route 53 Resolver assign them automatically.
3. We create a rule for our on-premises domain so that workloads inside the VPC can route DNS queries to your DNS infrastructure. We enter one or more IP addresses for our on-premises DNS servers and create our rule.
4. Everything is created and our VPC is associated with our inbound and outbound rules and can start routing traffic. Conditional Forwarding Rules can be shared across multiple accounts using AWS Resource Access Manager.
Availability and Pricing
Route 53 Resolver remains free for DNS queries served within your VPC. Resolver Endpoints use Elastic Network Interfaces (ENIs) costing $0.125 per hour. DNS queries that are resolved by a Conditional Forwarding Rule or a Resolver Endpoint cost $0.40 per million queries up to the first billion and $0.20 per million after that. Route 53 Resolver for Hybrid Cloud is available today in US East (N. Virginia), US East (Ohio), US West (Oregon), Europe (Ireland), Asia Pacific (Sydney), Asia Pacific (Tokyo) and Asia Pacific (Singapore), with other commercial regions to follow.