
Amazon Route 53 - A New DNS Service from AWS - base
http://aws.amazon.com/about-aws/whats-new/2010/12/06/announcing-amazon-route-53-dns-service/
======
RyanGWU82
Very interesting. We currently use DNS Made Easy but I see two huge advantages
to Route 53:

1\. It's API-driven, so we can modify our DNS entries programmatically. You
can't do that with DNS Made Easy. (They've been "planning to implement an API
in the future" for a long time now.)

2\. At our scale, it's exactly 1/4th the cost of DNS Made Easy. That'll be a
nice chunk of change. Plus, like other AWS services, you only pay for the
number of queries that you actually use.

~~~
eli
Yup, same here. DME additional query & overage fees are killing me.

Has anyone tried this out though? My impression is that R53 is _exclusively_
API driven, at least for now. I'd kinda like to have a web interface to fall
back on.

~~~
smountcastle
Based on the web interfaces available for the other AWS services, I'm sure it
won't be long before someone cooks up a simple CRUD web front-end.

EDIT: I forgot to ask, what kind of overages are you seeing? With Route 53
you'll be charged $501/month if your zone gets 1B queries.

~~~
eli
The pricing is a little complicated and I think there are volume discounts,
but I believe I'm paying something like $2/million in advance and $6/million
if I go over plan.

------
TomOfTTB
As someone who uses Nettica for Dynamaic DNS (which this seems to be
targeting) I think it's great that Amazon is creating some competition in this
area. Not enough web developers consider Dynamic, programmable DNS and that's
a shame because I think it's a must. I monitor every site I have from an
external location and if there's ever a host outage I have the DNS re-routed
to a backup host within 10 minutes (it doesn't always propagate as quickly as
I like but there's little that can be done about that)

I'm happy with Nettica but Amazon's offering will draw attention to this
important point. Plus competition leads to more features, better service and
so on.

~~~
jrockway
What do you set your TTL to? Do caches actually respect it?

(My experience with this is that the downtime that I want to route around
usually lasts longer than the TTL. And even if it doesn't, the recursive
resolver / OS cache / browser cache ends up persisting the record longer than
the TTL advises.)

~~~
TomOfTTB
Actually they don't but in the opposite direction. I set it at 7200 initially
just to see if it would work and found not only did it work but updates came
even quicker in most cases. Google's DNS for example will update after about
10 to 20 minutes regardless of the TTL setting.

------
jacquesm
Amazon got a lot less interesting in the last couple of weeks, I hear they
will take down your site without so much as a warrant.

~~~
tptacek
Thank you, Jacques. Nobody else was thinking that. Very insightful. Much
better that we talk about Wikileaks... again... than discuss a programmable
dynamic DNS service run by one of the largest tech companies on the Internet.

~~~
jacquesm
I think Amazon trying to sell a mission critical service like DNS right after
rolling over at the first prod from some politician (and a pretty lousy one at
that) serves as a good reminder that if you want to use services from them
you'd better make sure that you are not going to do anything at all that
challenges the powers that be or you'll be out faster than a warrant can be
served.

Service providers of all sorts should stand by their customers until a court
order to the contrary is served, especially when institutions like the EFF are
solidly on the side of those customers.

[http://www.eff.org/deeplinks/2010/12/amazon-and-wikileaks-
fi...](http://www.eff.org/deeplinks/2010/12/amazon-and-wikileaks-first-
amendment-only-strong)

Amazon releasing more critical infrastructure that can be shut-down at
someone's whim is bad timing to put it very mildly.

~~~
poet
_Amazon trying to sell a mission critical service like DNS right after rolling
over at the first prod from some politician_

I think it's pretty clear that Amazon didn't roll over because of Lieberman's
remarks. Rather, Amazon did what they did because they thought it was the
right to do: "it is not credible that the extraordinary volume of 250,000
classified documents that WikiLeaks is publishing could have been carefully
redacted in such a way as to ensure that they weren’t putting innocent people
in jeopardy".

I understand you're passionate about this, but let's not conflate what
actually happened.

~~~
jellicle
Joe Lieberman called Amazon and said [something] to them.

Late that evening, Wikileaks was cut off.

The next day, Lieberman put out a press release: "This morning Amazon informed
my staff that it has ceased to host the Wikileaks website. I wish that Amazon
had taken this action earlier based on Wikileaks’ previous publication of
classified material. The company’s decision to cut off Wikileaks now is the
right decision and should set the standard for other companies Wikileaks is
using to distribute its illegally seized material. I call on any other company
or organization that is hosting Wikileaks to immediately terminate its
relationship with them."

Lieberman's spokesperson added: "Senator Lieberman hopes that what has
transpired with Amazon will send a message to other companies."

The next day, Lieberman introduced a bill in Congress that would make it a
Federal crime to do what Amazon was doing, hosting the Wikileaks material.

You could characterize that as "pretty clear that Amazon didn't roll over
because of Lieberman", but that characterization would be utterly mendacious.

~~~
dailo10
men·da·cious/menˈdāSHəs/ Adjective: Not telling the truth; lying

------
tomstuart
Here's hoping that this is the first step towards making ELB actually usable
-- i.e. dropping the requirement that you must point a CNAME at the ELB
hostname, which prevents you from using a zone's root record (you can balance
www.foo.com but not foo.com). To wit:

 _In the future, we plan to add additional integration features such as the
ability to automatically tie your Amazon Elastic Load Balancer instances to a
DNS name_

As demonstrated by <https://forums.aws.amazon.com/thread.jspa?threadID=32044>,
lots of people want this.

------
rosejn
Routing traffic to wikileaks would have been a perfect demonstration of this
new system. Instead they decided to show how much they respect freedom of
speech.

And tptacek, yes we should speak about wikileaks when discussing Amazon, from
now on. This isn't a fanboy site, this is a place to discuss the real
ramifications of a company's actions.

------
619Cloud
Does anybody else think $1/Mo a zone/domain is high? Sure its nice that a
million queries is only going to run you $0.50, but I suspect most people have
a lot of domains, but little queries. Makes sense if you have a single domain,
that gets a boat load of DNS requests, but if you have a lot of domains, with
very little requests, its not cost effective.

~~~
8ig8
I was thinking the same thing upon first inspection. We have about 200 domains
with DNS Made Easy. We don't even get close to the allotted queries for the
account. I think we pay about $180 per year for all 200.

I'll need to read up on this a bit more. It does appear to be significantly
more economical to stay with DNS/ME.

~~~
RyanGWU82
It's a lot more favorable when you have few domains and many queries. We have
many tens-of-millions of queries per month, on only two domains. This would
cut 75% off our DNS hosting.

~~~
haploid
Same here. This would be a nice little cost saver, except it appears they
don't support anycast. As such, it's a nonstarter for us.

~~~
jgreen10
"The query resolution functionality of Route 53 is based on anycast, which
will route the request automatically to the DNS server that is the closest."

[http://www.allthingsdistributed.com/2010/12/dns_amazon_route...](http://www.allthingsdistributed.com/2010/12/dns_amazon_route_53.html)

------
there
if anyone is wondering about the name, 53 is the port that dns operates over.

~~~
mleonhard
It's an unfortunate name choice since '53' looks so similar to 'S3'.

~~~
daxelrod
My first guess was that that was intentional. It seemed clever at first, but
now I'm not so sure.

------
mgkimsal
There's no mention of IPv6 support. Given the situation that IPv4 addresses
will be running out shortly, it'd be nice to see some acknowledgment of
forward-thinking IPv6 plans.

edit: sorry to be so out of step - I guess I should have tied wikileaks to
ipv6 to fit in with the rest of the comments.

~~~
francoisdevlin
The FAQ says they support AAAA

<http://aws.amazon.com/route53/faqs/>

~~~
mgkimsal
Great - would have done good to put that somewhere on the main page (imo).
Thanks.

------
kmfrk
Say what you want about the whole Wikileaks affair, but regardless of where
you stand, Amazon's sense of timing seems really bad. Couldn't they at least
have waited a week after they declined to host Wikileaks?

People will undoubtedly tie the two things together, and Wikileaks supporters
will make a big effort to point out Amazon's recent misstep.

I would probably have waited just a couple of days or weeks before this recent
event was out of most people's minds.

~~~
jgreen10
No such thing as bad publicity. Seriously, I don't think Amazon will even
notice the tiniest drop in sales, that's just not how it works.

~~~
pierrefar
Not immediately, no. You can't really just stop using AWS and switch
overnight. In the long term, this will factor in decisions whether to expand
on AWS or for someone starting new, just like other factors like price,
benfits, and lock-in.

------
rmoriz
If you like AWS or not: It's not a good idea to have everything in one
account.

It's a single point of failiure anway and you want to distribute your core
infrastructure between different parties. It's cool to run a DNS by AWS but
not cool if you don't have mirrors/secondary nameservers, too.

------
chrismiller
I hope they eventually build in the ability to do location based DNS load
balancing. For me that would be a killer feature.

------
gfodor
A big reason this is important is that it's a stepping stone to location based
DNS routing. That'd be the very last showstopper for some deployments being
exclusively AWS.

~~~
eli
"In the future, we plan to add additional integration features such as the
ability to automatically tie your Amazon Elastic Load Balancer instances to a
DNS name, and the ability to route your customers to the closest EC2 region."

------
WALoeIII
This combined with the recently rolled out SSL termination in the Elastic Load
Balancer product ([http://aws.typepad.com/aws/2010/10/elastic-load-balancer-
sup...](http://aws.typepad.com/aws/2010/10/elastic-load-balancer-support-for-
ssl-termination.html)) makes supporting custom domains a cinch.

------
j_baker
"It is designed to give developers and businesses a reliable and cost
effective way to route end users to Internet applications by translating human
readable names like www.example.com into the numeric IP addresses like
192.0.2.1 that computers use to connect to each other."

Maybe this isn't a big deal, but wouldn't someone who needs a DNS service
either already know this or have a developer or IT guy who has explained to
them why they need a DNS service?

~~~
jacquesm
I'd like to see how far you get on the public portion of the internet with a
192.x.x.x anyway.

~~~
nimms
you mean 192.168.X.X?? 192.0.X.X is a public ip address range

~~~
nbm
192.0.2.0/24 is actually intended for use in examples and documentation, just
as it was used in this announcement.

Per RFC5737 - <http://www.rfc-editor.org/rfc/rfc5737.txt>:

"The use of designated address ranges for documentation and examples reduces
the likelihood of conflicts and confusion arising from the use of addresses
assigned for some other purpose."

------
snissn
Amazon should add a feature for geographic load balancing that could
compliment their aws locations

~~~
eli
I believe that was in the email announced under planned features for the
future.

------
nikcub
Great, so now they can also switch off your DNS if they don't like what you
are hosting.

------
sramov

      DJ Bernstein TinyDNS 1.05
    

Anycast djbdns, nice :)

~~~
smountcastle
Did you use fpdns (<http://code.google.com/p/fpdns/>) to finger-print Amazon's
service? If so, I've never heard good things about djbdns :( NSD
(<http://nlnetlabs.nl/projects/nsd/>) seems to be the new hotness as far as
authoritative DNS servers go.

~~~
sramov
No, I've set up Route 53 on my own domain (ramov.com) and queried the results
via DNSCog (<http://www.dnscog.com/>).

I've used NSD once, it was good. Other than djb 'non standard' conventions and
installation procedures, I see no other issues with his software and am happy
Amazon opted for djbdns, especially since I don't have to manage it :)

~~~
fanf2
This announcement would have been worth something if they supported DNSSEC
automatically for all the domains they host. Using unmaintained broken
software prevents them from supporting advanced protocol features.

For another example, the DNS already has a standard update API, but Amazon
chose crippled software and reinvented the wheel instead of interoperating
with the dynamic update code that is already out there.

------
wwortiz
Can anyone explain what this hosted zone part is, I must be too sleepy or am
just missing what it is.

~~~
zbailey
I believe a hosted zone simply corresponds to a single domain you want to host
the DNS for.

If you've ever ran your own DNS server this would be equivalent to a "zone
file": <http://en.wikipedia.org/wiki/Zone_file>

~~~
dabeeeenster
If I wanted to point

www.domain.com

and

svn.domain.com

to separate IP's, would both of these count as a single domain or would I need
to pay for two?

~~~
dangrossman
Those would be part of one zone, the domain.com namespace.

------
nphase
I take it Wikileaks won't be using this as their DNS provider.

~~~
TomOfTTB
Oh for God's sakes let it be. If you want to boycott Amazon then Fine. Do it.
No one's stopping you. But don't spam other threads with your political views.

~~~
cma
A hidden boycott? Doesn't make a lot of sense.

~~~
pyre
Depends on your aim. If you are voting with your wallet and you want Amazon to
know why, then spamming these threads doesn't do a lot of good. If you are
boycotting and you want to recruit others to do so, then spamming these treads
does do a lot of good (for you, the boycotter), but in the end it _is_ a
solicitation.

~~~
cma
I agree with his "don't spam other threads" (and I think a real spamming would
make any boycott less effective); I just don't think the comment amounted to
spam (which is subjective of course).

------
shykes
We're very happy Zerigo DNS customers. Great API, great infrastructure, great
support.

~~~
pquerna
Us too, Zerigo has been awesome, and is already API driven :)

------
mrinterweb
I'm excited about the API available for AWS 53, but I just love the old crusty
looking Zone Edit. <http://legacy.zoneedit.com>

If you're dealing with low volume DNS for a couple domains, Zone Edit is hard
to beat.

------
philfreo
Did anyone else see "Amazon 53" and think "Amazon S3"?

------
charlesju
It seems to me that GoDaddy does this for free? I've also used Slicehost for
free.

Is there a difference between their free DNS offering and Amazon's paid
version?

~~~
chopsueyar
TTL minimums.

------
jpcx01
I'm currently using Zerigo. They've been awesome so probably wont switch
anytime soon. Tough competition going up against AMZN for this though.

------
MrRumblefish
The pricing is $1/zone and 1 billion (!!) queries per month.

Which seems quite good for a globally hosted DNS service.

Only potential limitations are that its listed as "beta" and that as far as I
can tell you have to use the scripts in the Route 53 developer tools (or write
your own) to manipulate the zone and do the initial set up.

~~~
amock
The pricing is $1/month and $0.50 per million queries for the first billion
queries.

~~~
MrRumblefish
My mistake - you are correct.

Its a shame - it would be nice for them to throw in a the first billion!

------
trotsky
needs more RRSIG - I don't understand why you'd launch a new DNS product at
this point without DNSSEC support.

~~~
jgreen10
because like... the whole world uses DNSSEC right?

~~~
mike-cardwell
What is your point?

A significant number of people don't use DNSSEC because they're tied to DNS
services which don't support it. And that is an argument for creating more
services without support for it?

~~~
jgreen10
I imagine the argument is that it's harder and they need time and it's not a
critical component so it's better to bootstrap their business first. You know,
entrepreneurship.

~~~
mike-cardwell
I don't buy it. They provide support for the "SPF" record type, but not
"RRSIG". They would be equally simple to implement, yet DNSSEC would be hugely
more beneficial.

I've never come across anyone using the SPF record type. nearly everyone just
uses TXT for that.

I think DNSSEC was just an oversight on Amazons behalf. A mistake that they
will hopefully fix in the not too distant future.

------
nextparadigms
Yeah, as if anyone wants to leave the DNS info in your hands too, Amazon,
after pulling Wikileaks at a senator's call.

Amazon should offer domain names next, so it's just one stop for politicians
who want to completely eliminate a website from the web when they feel like
it.

------
benologist
$0.50 per million queries – first 1 Billion queries / month

$0.25 per million queries – over 1 Billion queries / month

bleh.

~~~
eli
Where are you getting service now? I'm paying something like $2.00 per million
at Dns Made Easy.

~~~
benologist
<http://dnspark.net/>

Not sure how many dns lookups get done a day but I see about 6 - 7 million
people daily.

20m lookups per month for $14/year, and they don't actually track or bill the
excess stuff, I've asked them about it before and it's not implemented with no
ETA.

Been with them for a long time and love them although their interface is ugly.

------
oomkiller
What's the big deal here? Linode provides me all of the DNS I need.

------
elliottcarlson
One thing I couldn't find is if it supports wildcard DNS (granted I only did a
quick in page search both here and the service description page). Anyone have
any insight?

~~~
capstone
From Amazon:

Amazon Route 53 supports wildcard entries for all record types. A wildcard
entry is a record in a DNS zone that will match requests for any domain name
based on the configuration you set. For example, a wildcard DNS record such as
*.example.com will match queries for www.example.com and
subdomain.example.com.

------
JeffL
Is there any performance reason to use this as DNS as opposed to the DNS
servers on register.com for just a regular web site?

------
lhnz
This is awful timing on their part, re: wikileaks, and talks of decentralised
DNS safe from politics.

------
plusbryan
Would love to see some reliability and speed metrics in the coming weeks as
adoption increases!

------
javan
It would be nice if they added this service to their management console; I'm
lazy.

------
PonyGumbo
It would be nice if they supported vanity nameservers.

------
BenjieGillam
Finally! I've been wanting this for AGES!

