Hacker News new | comments | show | ask | jobs | submit login
Amazon Route 53 - A New DNS Service from AWS (amazon.com)
191 points by base on Dec 6, 2010 | hide | past | web | favorite | 171 comments

Very interesting. We currently use DNS Made Easy but I see two huge advantages to Route 53:

1. It's API-driven, so we can modify our DNS entries programmatically. You can't do that with DNS Made Easy. (They've been "planning to implement an API in the future" for a long time now.)

2. At our scale, it's exactly 1/4th the cost of DNS Made Easy. That'll be a nice chunk of change. Plus, like other AWS services, you only pay for the number of queries that you actually use.

Even more important, you won't need to solve that pesky captcha each time you wish to log in!

God, I know.

Ditto. We're making use of DME dynamic DNS updates, but it's no substitute for a real API. I'd like to be able to add/remove A records, not just adjust the IP's of existing records, which is all you can currently do with DME.

The reason I do this is so I can have the root of a zone pointed at an ELB, since you can't use a CNAME for that. So I mirror the IP address(es) of the ELB into the zone root. With DME, I rotate the IP every few minutes, but with Route 53 I could publish all its IPs. (Of course, it would be nice if Route 53 was integrated with Amazon's other services so I didn't have to do this at all…)

Yup, same here. DME additional query & overage fees are killing me.

Has anyone tried this out though? My impression is that R53 is exclusively API driven, at least for now. I'd kinda like to have a web interface to fall back on.

Yes I've set one domain up and atm it's via API only.

They do provide scripts that take care of most of the work but ther is still more involved than a web front end.

For example you make changes in batches of records, and they can be create or delete. So to change an IP in an A record you make an XML document with both a delete request and a create request with the new value then poll the API for a sat us of in-sync.

Based on the web interfaces available for the other AWS services, I'm sure it won't be long before someone cooks up a simple CRUD web front-end.

EDIT: I forgot to ask, what kind of overages are you seeing? With Route 53 you'll be charged $501/month if your zone gets 1B queries.

The pricing is a little complicated and I think there are volume discounts, but I believe I'm paying something like $2/million in advance and $6/million if I go over plan.

As someone who uses Nettica for Dynamaic DNS (which this seems to be targeting) I think it's great that Amazon is creating some competition in this area. Not enough web developers consider Dynamic, programmable DNS and that's a shame because I think it's a must. I monitor every site I have from an external location and if there's ever a host outage I have the DNS re-routed to a backup host within 10 minutes (it doesn't always propagate as quickly as I like but there's little that can be done about that)

I'm happy with Nettica but Amazon's offering will draw attention to this important point. Plus competition leads to more features, better service and so on.

What do you set your TTL to? Do caches actually respect it?

(My experience with this is that the downtime that I want to route around usually lasts longer than the TTL. And even if it doesn't, the recursive resolver / OS cache / browser cache ends up persisting the record longer than the TTL advises.)

Actually they don't but in the opposite direction. I set it at 7200 initially just to see if it would work and found not only did it work but updates came even quicker in most cases. Google's DNS for example will update after about 10 to 20 minutes regardless of the TTL setting.

Amazon got a lot less interesting in the last couple of weeks, I hear they will take down your site without so much as a warrant.

Thank you, Jacques. Nobody else was thinking that. Very insightful. Much better that we talk about Wikileaks... again... than discuss a programmable dynamic DNS service run by one of the largest tech companies on the Internet.

I think Amazon trying to sell a mission critical service like DNS right after rolling over at the first prod from some politician (and a pretty lousy one at that) serves as a good reminder that if you want to use services from them you'd better make sure that you are not going to do anything at all that challenges the powers that be or you'll be out faster than a warrant can be served.

Service providers of all sorts should stand by their customers until a court order to the contrary is served, especially when institutions like the EFF are solidly on the side of those customers.


Amazon releasing more critical infrastructure that can be shut-down at someone's whim is bad timing to put it very mildly.

Amazon trying to sell a mission critical service like DNS right after rolling over at the first prod from some politician

I think it's pretty clear that Amazon didn't roll over because of Lieberman's remarks. Rather, Amazon did what they did because they thought it was the right to do: "it is not credible that the extraordinary volume of 250,000 classified documents that WikiLeaks is publishing could have been carefully redacted in such a way as to ensure that they weren’t putting innocent people in jeopardy".

I understand you're passionate about this, but let's not conflate what actually happened.

Joe Lieberman called Amazon and said [something] to them.

Late that evening, Wikileaks was cut off.

The next day, Lieberman put out a press release: "This morning Amazon informed my staff that it has ceased to host the Wikileaks website. I wish that Amazon had taken this action earlier based on Wikileaks’ previous publication of classified material. The company’s decision to cut off Wikileaks now is the right decision and should set the standard for other companies Wikileaks is using to distribute its illegally seized material. I call on any other company or organization that is hosting Wikileaks to immediately terminate its relationship with them."

Lieberman's spokesperson added: "Senator Lieberman hopes that what has transpired with Amazon will send a message to other companies."

The next day, Lieberman introduced a bill in Congress that would make it a Federal crime to do what Amazon was doing, hosting the Wikileaks material.

You could characterize that as "pretty clear that Amazon didn't roll over because of Lieberman", but that characterization would be utterly mendacious.

men·da·cious/menˈdāSHəs/ Adjective: Not telling the truth; lying

They actually were pretty careful about that from what I gather, with the 5 news agencies they worked with telling them how to redact them and what to release:


You're attempting to make the argument that newspapers (most of which are not even American) can make accurate judgements about the effects of releasing US intelligence. That's a poor argument. What is it about news agencies that qualifies them to make such judgments? Compare this to the Pentagon Papers where someone with intimate knowledge of the situation decided what to leak.

Regardless, that doesn't change the fact that your original claim that Amazon rolled over because of Lieberman is false and unsubstantiated.

Where did the US gain the moral ground here, such that only US papers would be best judges? Almost everything the US does has large effects in the rest of the world. I think it's a very good thing that US media isn't in control of the story.

Did you even bother to read the post I wrote? The thrust of the argument is that no paper is the best judge. In fact, newspapers are categorically unqualified to make judgments in this case.

I agree with you that newspapers are unqualified to make judgements; that's why it's very important that the raw unedited stuff comes out eventually.

The risk with newspapers is that they publish too little, not too much, as they rely on their closeness to elites to do their job.

The American Government was given an opportunity to redact the data themselves, they refused.

> Regardless, that doesn't change the fact that your original claim that Amazon rolled over because of Lieberman is false and unsubstantiated.


If that's the best "proof" you have, it's not even worth discussing. Amazon explicitly denied that they booted Wikileaks because of Lieberman. Lieberman isn't even saying that either. He's claiming that his staffers, were informed by Amazon, which probably is an exaggeration.

Do you think Amazon is habitually informing staffers of any particular Senator that they booted a client off their servers ?

Sorry, but until you show me more proof than the verbal statements of one of the most corrupt US Senators, I'm not convinced it actually even happened.

If a US Senator is not good enough then I don't think I'll be able to meet your exacting standards of proof.

If the conversation was about anything else, using only the word of Joe Lieberman as proof would be a joke. I'm honestly shocked that you think my standards are exacting.

This is why Wikileaks is needed. You're so brainwashed by the current political system you're willing to take a politician's words at face value. The only way we'd know what actually happened is if someone leaked Lieberman's communications with Amazon, and Amazon's internal communications about the issue.

Rather, Amazon did what they did because they thought it was the right to do...

Which is far worse than if they would've had succumbed to the political pressure. ISP that is also a jury to content that is not a clear case is evil.

>ISP that is also a jury to content that is not a clear case is evil.

User: Amazon, I found child pornography on one of your hosted pages. Amazon: Sorry we're not legal experts we'll keep the content until a court case delivers a verdict.

Yeah, right.

You're living in cloud cuckoo land if you believe that an ISP has to forgo all moral judgement on content and only remove or deny hosting if something is proven to be illegal.

Are the 250,000 leaks available on their site?

The number of leaks available on the site jives nicely with the figure of 837 reddit says: http://www.reddit.com/r/worldnews/comments/egmiu/just_a_remi....

News agencies have had access to more cables, but that has nothing to do with the point.

Could it be that you are the one conflating what is happening? :)

Repost #3 (I should make this into a macro or something): This is a threaded comment system. We can have as many discussions about something (post or other comment) as we want: go off on wild tangents, point out the spelling, have a pun thread, mention patterns of blogging/commenting the parent fits into, reply to the author on a separate subject, share anecdotes related to the subject of the post, and actually talk about the content of a post or comment, all at the same time, without breaking anything. That's what's so neat about threaded discussion: it doesn't require the "comparative notability" that a linear conversation needs in order to function.

jacquesm's comment (and this thread descending from it) does not in any way take away from our ability to talk about Route 53 as a technology.

Don't repost that comment again; it's wrong. 67 of 127 comments on this thread are about Wikileaks; just as importantly, the first 40% of the thread is dedicated to a pointless political argument ("Did Joe Lieberman shut down Wikileaks? Did you know government documents can't be copyrighted?") that have nothing to do with the story.

"The first 40% of the thread" is not dedicated to Wikileaks; one comment branch is. This page is a tree, not a list, and should be treated as such. It currently has 27 children, 3 of which mention Wikileaks.

That you have to scroll past the entirety of those 3 children's discussion to get to what interests you is an incident of the way the comment tree is rendered by default. If tangential threads started collapsed and had to be expanded (assuming there's come clever way to detect tangential threads, or just people such as yourself to tag them), your complaint would vanish, with no change to the ratio of Wikileaks posts:"on-topic" posts.

And just as, well, a tangential argument: if someone is planning to avoid using all AWS products, they will avoid using this one as well, thus making such avoidance relevant to the story. What you're reacting to is the fact that the topic has already been beaten to death in other HN threads, not that it's particularly irrelevant to this one. For a while now, I've been thinking that we need some form of super-threading (such that article posts which form a sequence will have a single, merged comment thread), but now I'm starting to think we need aspect-oriented threading as well—such that this sub-thread, with its connection between this article and Wikileaks, would actually appear in the comments of both super-threads, and if you had hit "ignore" on the Wikileaks thread, the comments in here that also apply to it would disappear. Sound workable?

I don't disagree with anything you have to say here. The problem is, you're talking about how things would work on a site that isn't Hacker News, and I'm talking about how things are not working on a site that is.

I think it's fair to say, even from the perspective of an impartial observer (I'm not one), that Wikileaks ran this whole comment thread off the rails. This is a discussion about what will probably be the biggest news about DNS over the next 2 quarters, and DNS has --- literally --- taken a back seat to someone trying to explain to Jacques what Joe Lieberman represents in US politics.

The arguments in favor of injecting WL into these discussions strike me as very similar to the arguments Ron Paul advocates used to inject Paul into discussions in early 2008.

True, I don't think it's working as-is. I'm picturing HN the way it could be, and it's clouding my judgement of its current UX (I picture "jumping down to the next sibling node to this node" as a single atomic action, so my brain doesn't record the time I spend doing it.) And, since people had to scroll so far to get to something relevant, they were more likely to give up and comment on the tangential sub-thread instead, which deprives the relevant threads of comments (assuming posters that don't read the entirety of the discussion.)

However, we do have the Arc source; what is needed now is a good incentive to actually implement/fix this stuff, other than just scratching itches (because if that was enough, it would have been done by now.) "A competitor to HN that does it, runs ads, steals traffic, and makes money" wouldn't work, because the value of HN is 99% the community...

I respect and admire the ingenuity and initiative HN hacker-types have, but also recognize that those qualities tend to lead to feature-y tech-y solutions to every problem.

The problem we're having isn't technical. It's simply bad-faith comments: comments made to advance an agenda (along the theme of "what's the point of a silent boycott", ie, "yes, we're protesting, not discussing the actual topic") instead of a topical discussion. In the WL case, the fact that WL approval trends 3-1 in favor means those bad-faith comments get jacked up in rank.

This thread is also a non-topical digression from Amazon Route 53, but the whole HN item is a lost cause and the meta discussion about how HN is mishandling this is more valuable than what's actually leading here --- again: arguments about Joe Lieberman.

If I were a different sort of HN user, I'd post a "Tell HN: Please Stop With The Wikileaks Stuff". But we all know what would happen if that got posted: two Lieberman discussions.

> But we all know what would happen if that got posted: two Lieberman discussions.

And that's the thing... you can't expect people to not try to advance their own agendas. You have to make a system that's robust in the face of human nature, not expect humans to subvert their nature to use the system. There will always be something like Wikileaks (on Reddit, that something is omnipresent pun threads that can sometimes eat ten pages before you find the rest of the discussion) and asking the userbase to stop won't help (I don't think...) as long as it doesn't visibly harm anyone the user cares about ('round here, if pg says stop, you'd stop, because he's in everyone's Monkeysphere, but that's not a principle that can work in every forum.) In the tragedy of the commons, the best solution is to get better commons.

Pot, Kettle, Black.

The only part of this comment thread that you are posting in is exactly rhe one about whose length you complain so loudly, and it would have been at least 50% shorter if you had not done so.

You did not discuss anything whatsoever in the rest of this thread and in spite of 'leaving people to help themselves to the last word' you keep coming back for more.

The Wikileaks incident is pretty good example of the risks of a "cloud model". Same sort of warrantless dropping of service will happen to you when something you've built is deemed undesirable (but not necessarily illegal) by the authorities.

Build a web service that people may use to share links related to piracy, or photos that may be pornographic, and you'll experience the same.

Amazon's policy is the Apple App Store all over again.

This reminds me that this would be a great time for a hosting or DNS provider to profile themselves on expense of Amazon now.

Privacy is the new green because of the Facebook scare. Maybe this could be another interesting trend to capitalize on.

Privacy is hot in the echo chamber. Most of the world isn't scared by Facebook; it owns its market utterly. Similarly, nothing Amazon does vis a vis WL is going to make a dent in its numbers. A substantial chunk of Amazon's market thinks "Wikileaks is a traitor"; they may pick up yardage.

Doesn't the same apply to going green, though? At least on a consumer level.

So is there a userscript for HN that provides Reddit-style "collapse this thread" buttons? I think that's all we really need to keep everyone happy here.

They have a Terms of Service, and like (literally) every hosting provider on the planet, they will take down your site if you violate the agreement that you agreed to when you signed up.

And like every other webhosting provider on the planet they'll have to decide when they think it is time to stand up for their customers and when to let it go.

Suppose you have a newspaper and you want to co-locate, Amazon is suddenly no longer an option.

Really, the speed and ease with which they rolled over after some political pressure is quite amazing to me, I had them pegged as 'solid' before.

If they were solid in your experience in the past, perhaps this time there were special mitigating factors in this case we are not aware of, or have not recognized?

One thing that pops to mind is WikiLeaks was promising to expose the secrets of all big businesses everywhere. It makes no sense whatsoever for Amazon to support someone promising to do that, unless Amazon has no secrets they wish to keep.

esp considering that they spent a few days defending the child pedo guide on the grounds of free speech

The Guardian used Amazon to host the app they built that allowed readers to filter through and flag the Afghan war logs. No takedown from Amazon there!


Even the Neo Nazis have a right to free speech. And they're despicable too. That does not mean that free speech as such is wrong, just that some speech is reprehensible.

"I hate Illinois Nazis."

There is a school of thought that once Nazis are invoked, the argument is automatically forfeit by whomever issued the remark.

It was somewhat craven of them, on the other hand; I can see it from their point of view Senator Lieberman can make life very difficult for them vis-a-vis local sales tax charged on goods sold across state lines. In my mind Amazon is reacting in a way that protects their short-term interests but they do not realize that they have now given a clear signal that they will cave to pressure.

BS, if they hosted the NYT and the NYT posted a leaked document, they wouldn't take them down. It all depends on power relations, perceived legitimacy, etc.; the only thing it has nothing to do with is their terms of service.

I too think Amazon wouldn't have taken down the NYT.

On the other hand, had WL not violated the AWS AUP, I also don't think Amazon would have taken them down, either.

The point is, if you don't violate the Amazon ToS, this is a non-issue (outside of personal politics, which is a fine reason not to do business with them, but a bit out of scope for this discussion.)

If you post public-domain material to your site, you don't "own, or otherwise control all the rights" to it. There is no jurisprudence that says posting public-domain material isn't exactly what Wikileaks did. (People with security clearance have been successfully prosecuted for publicly leaking/publishing classified information; no recipient lacking security clearance ever has)

If the rest of the TOS is full of stuff like that, it would be doubtful it would even be possible to run a significant site without in some way violating the TOS. According to that TOS, one user-submitted comment of copyrighted content and your website could immediately be permanently pulled, even if you took the comment down as fast as humanly possible.

>If you post public-domain material to your site, you don't "own, or otherwise control all the rights" to it.

I think you'll find that you do.

You own that copy that you are presenting for distribution, no one else owns it nor has rights over it, you do (at least in copyright terms, PD could still have trademark and other issues).

The right to prevent other people copying it is exhausted, there is no [copy]right there to own so it's not a legal right that you don't have. That other people own other copies and have control of all the available rights to their copies is immaterial.

That said I think you're clutching at straws classified documents are not in the public domain unless they have been published by someone with the right to do so and the copyright term in the relevant jurisdiction has expired.

There are about 30 states IIRC that aren't signatories to Berne Convention or relevant parts of TRIPS, etc..

[if] one user-submitted comment of copyrighted content and your website could immediately be permanently pulled, even if you took the comment down as fast as humanly possible.

Does that sound credible to you? Does that seem like a reasonable comparison? I'm done arguing about WL on a thread about a new Amazon web service now.

No, it doesn't sound credible. Add back in "according to that TOS" and it does again.

What exactly was the violation of the ToS again? Honest question, I really don't know.

At any rate, I'd amend your "if you don't violate the ToS" to "if you don't attract a phone call from a cranky old senator's office", since that's what seems to have prompted the action.

The violation was cited as being that Wikileaks does not own the content they posted.

Those who don't know history...:


Right, except Wikileaks did not violate the TOS. Classified material cannot, by law, be copyrighted. Once leaked, it is public domain. Amazon's claim otherwise was completely disingenuous and dishonest.

Yeah, OK. Try this, "disclosure does not equate to declassification".

Is classification copyright? I get the feeling that people are conflating the two issues. I don't know if classification goes with copyright but my general sense is that they aren't linked.

I'd say disclosure of classified information presents a greater risk than distributing copyrighted materials. I really don't think "copyright" is the issue at all here.

Amazon never once mentioned copyright. (Please, help yourself to the last word.)

Humans generally argue to seek truth or status or both. It's a disaster that status-seeking gets involved in the process of truth-seeking, and I wish that we all would recognize that and avoid it when we can (to the extent that we can). "Please, help yourself to the last word" strikes me as motivated by status competition.

It's not.

Try taking the words at their face value, instead. The motivation is avoiding another 20-comment thread that spends 70% of its time dancing around the subtext of one commenter liking WL and the other commenter not liking WL.

Try what Wikipedia tries to do: Assume Good Faith. There are people on HN I, too, have a hard time doing that with, so if you're not assuming good faith because of a 'tptacek issue, please feel free to email me about it.

Pedantry doesn't suit this discussion well. You are correct that the word copyright was not specified. What was specified was that they hosted content they do not own.

By this standard, I fully expect AWS to terminate services to EVERY SINGLE forum, review site, message board, webmail service, and any other site that does not explicitly state in their own terms of service that every byte of user-generated content is the exclusive property of the site itself.

In addition, I expect any AWS customer hosting IETF RFCs, software with public domain licenses, and public domain poetry to be shut down immediately.

If AWS fails to do this, they are being discriminatory and capricious in pursuing TOS violations.

Your reply seems pedantic as well. All your examples have implicit or explicit permission from the authors for the sites to post their material, as I'm sure you're well aware of.

The agreement states you must "own or otherwise control all rights to the content". Merely having permission to display the content is not sufficient.

If I were to be cynical, I'd say that the purpose of that clause is to allow Amazon to take down any site they want and have a credible excuse. Realistically it's probably just some over-zealous lawyer, but either way it has that very effect (as Amazon has demonstrated).

What saddens me is that people are parroting this "violated ToS" line without even thinking about it. It doesn't matter whether you support WL or not; but at least do the bare minimum and _think_ about what you're writing? Where in the ToS does it say that "site can't host classified information" ? And why hasn't NYT's access be pulled yet, because NYT is serving the _same_ documents ?

Here's a fact: US Government publications can't be copyrighted. Period.

So while Amazon tries to hide behind these lies, they're also busy making money off of books about similar "leaks", like the Pentagon Papers, Watergate, etc.

Books and newspapers are protected by the First Amendment, maybe?

Its not clear that wikileaks.org, self-publishing is "the press". Does Lovell v. City of Griffin hold? I don't know. Do you?

And neither does Amazon. And yet they claim to.

Replace "Terms of Service" with "beliefs" and "ethics" and see if that comment just sounds a little weird? :)

Everyone has different opinions (Terms of Services), but why can we not judge someone on those?

I'd expect Amazon to at least wait for a court order before just shutting down a client like that.

Yes, thank you! Amazon could've easily told them they're going to wait for a court order since that is what's needed to prove Wikileaks was in the wrong here. Clearly, they shouldn't have rejected them as fast as they did when it was sucha controversial issue.

Even the paedophile book lasted longer than Wikileaks on Amazon. This should speak volumes about the political pressure Amazon was under when Lieberman called.

Me too, and in that case I would not have a problem with it.

It's not as if they didn't know what wikileaks was up to before this happened.

Totally agreed. Using Amazon services for anything that involves content that could potentially offend the government of any country looks pretty risky right about now.

This timing of this is indeed quite ironic.

Here's hoping that this is the first step towards making ELB actually usable -- i.e. dropping the requirement that you must point a CNAME at the ELB hostname, which prevents you from using a zone's root record (you can balance www.foo.com but not foo.com). To wit:

In the future, we plan to add additional integration features such as the ability to automatically tie your Amazon Elastic Load Balancer instances to a DNS name

As demonstrated by https://forums.aws.amazon.com/thread.jspa?threadID=32044, lots of people want this.

Routing traffic to wikileaks would have been a perfect demonstration of this new system. Instead they decided to show how much they respect freedom of speech.

And tptacek, yes we should speak about wikileaks when discussing Amazon, from now on. This isn't a fanboy site, this is a place to discuss the real ramifications of a company's actions.

Does anybody else think $1/Mo a zone/domain is high? Sure its nice that a million queries is only going to run you $0.50, but I suspect most people have a lot of domains, but little queries. Makes sense if you have a single domain, that gets a boat load of DNS requests, but if you have a lot of domains, with very little requests, its not cost effective.

I was thinking the same thing upon first inspection. We have about 200 domains with DNS Made Easy. We don't even get close to the allotted queries for the account. I think we pay about $180 per year for all 200.

I'll need to read up on this a bit more. It does appear to be significantly more economical to stay with DNS/ME.

It's a lot more favorable when you have few domains and many queries. We have many tens-of-millions of queries per month, on only two domains. This would cut 75% off our DNS hosting.

Same here. This would be a nice little cost saver, except it appears they don't support anycast. As such, it's a nonstarter for us.

"The query resolution functionality of Route 53 is based on anycast, which will route the request automatically to the DNS server that is the closest."


Just to clarify: All sources I've read claim it is anycast.

I'm the same as you, and have a few hundred domains that I use with DNS Made Easy. I had just started looking for an alternative to them to try to lower our costs, so I was excited to see this until I saw the price. This will work well for people with a few domains that receive a large number of queries. Anyone know a cheaper alternative to DNS Made Easy?

I host a ccTLD domain with Godaddy's Off-site DNS. I'm amazed by the fact that it's completely free even for domains not purchased from Godaddy, in compare to other DNS hosting services like DynDNS or Nettica. They limit 40 records per domain but i don't think you'll use more than that. The service fits perfectly if you have a domain portfolio with low traffic.


Disclaimer: I don't know/care about support since my site is non-critical but Godaddy promises premium service coming soon. My site is running smoothly serving 10+ mil. pageviews per month. Time using Godaddy's DNS until now: 3 months

The DNS hosting service we used in the past charged us $13.95/year per zone.

Slicehost doesn't charge you anything for DNS hosting if you use them for some kind of VPS hosting. We use their DNS for our (dev and staging) servers that aren't even hosted on Slicehost and it doesn't seem to be a problem. It's the one reason why we continue to keep a few of our VPS servers hosted there since competitors such as Linode are so much cheaper now.

It's very high. Slicehost offers the service free!

Uh... when you pay them at least $20/month already, yes.

Mine has been free even though I have no slices running.

Dns Made Easy is $1.95 per zone beyond what's included in your plan.

if anyone is wondering about the name, 53 is the port that dns operates over.

It's an unfortunate name choice since '53' looks so similar to 'S3'.

My first guess was that that was intentional. It seemed clever at first, but now I'm not so sure.

There's no mention of IPv6 support. Given the situation that IPv4 addresses will be running out shortly, it'd be nice to see some acknowledgment of forward-thinking IPv6 plans.

edit: sorry to be so out of step - I guess I should have tied wikileaks to ipv6 to fit in with the rest of the comments.

The FAQ says they support AAAA


Great - would have done good to put that somewhere on the main page (imo). Thanks.

Say what you want about the whole Wikileaks affair, but regardless of where you stand, Amazon's sense of timing seems really bad. Couldn't they at least have waited a week after they declined to host Wikileaks?

People will undoubtedly tie the two things together, and Wikileaks supporters will make a big effort to point out Amazon's recent misstep.

I would probably have waited just a couple of days or weeks before this recent event was out of most people's minds.

No such thing as bad publicity. Seriously, I don't think Amazon will even notice the tiniest drop in sales, that's just not how it works.

Not immediately, no. You can't really just stop using AWS and switch overnight. In the long term, this will factor in decisions whether to expand on AWS or for someone starting new, just like other factors like price, benfits, and lock-in.

I would say it perfectly displays what wikileaks was for them: just another regular client and they are not going to bend over just for one "small fish", no matter how beloved and important this one fish is amongst the tech savvy crowd.

I think it's important to separate a rejection from a termination. Apparently, Wikileaks has been hosted on EC2 for over a month[1], which makes Amazon's decision a termination instead of a rejection.

I could also understand if Amazon didn't notice Wikileaks for a few days, but weeks?

Getting rejected poses no problem for anyone; there are grey areas, and everyone needs to draw a line.

But getting pulled after being hosted for several weeks? What changed?

Amazon pulling Wikileaks has created a Damoclean sword in the minds of people who consider to use AWS in the future.

If you like AWS or not: It's not a good idea to have everything in one account.

It's a single point of failiure anway and you want to distribute your core infrastructure between different parties. It's cool to run a DNS by AWS but not cool if you don't have mirrors/secondary nameservers, too.

I hope they eventually build in the ability to do location based DNS load balancing. For me that would be a killer feature.

A big reason this is important is that it's a stepping stone to location based DNS routing. That'd be the very last showstopper for some deployments being exclusively AWS.

"In the future, we plan to add additional integration features such as the ability to automatically tie your Amazon Elastic Load Balancer instances to a DNS name, and the ability to route your customers to the closest EC2 region."

This combined with the recently rolled out SSL termination in the Elastic Load Balancer product (http://aws.typepad.com/aws/2010/10/elastic-load-balancer-sup...) makes supporting custom domains a cinch.

"It is designed to give developers and businesses a reliable and cost effective way to route end users to Internet applications by translating human readable names like www.example.com into the numeric IP addresses like that computers use to connect to each other."

Maybe this isn't a big deal, but wouldn't someone who needs a DNS service either already know this or have a developer or IT guy who has explained to them why they need a DNS service?

I'd like to see how far you get on the public portion of the internet with a 192.x.x.x anyway.

you mean 192.168.X.X?? 192.0.X.X is a public ip address range is actually intended for use in examples and documentation, just as it was used in this announcement.

Per RFC5737 - http://www.rfc-editor.org/rfc/rfc5737.txt:

"The use of designated address ranges for documentation and examples reduces the likelihood of conflicts and confusion arising from the use of addresses assigned for some other purpose."

Hehe, oops! You're completely right! My bad.

Amazon should add a feature for geographic load balancing that could compliment their aws locations

I believe that was in the email announced under planned features for the future.

Great, so now they can also switch off your DNS if they don't like what you are hosting.

  DJ Bernstein TinyDNS 1.05
Anycast djbdns, nice :)

Did you use fpdns (http://code.google.com/p/fpdns/) to finger-print Amazon's service? If so, I've never heard good things about djbdns :( NSD (http://nlnetlabs.nl/projects/nsd/) seems to be the new hotness as far as authoritative DNS servers go.

No, I've set up Route 53 on my own domain (ramov.com) and queried the results via DNSCog (http://www.dnscog.com/).

I've used NSD once, it was good. Other than djb 'non standard' conventions and installation procedures, I see no other issues with his software and am happy Amazon opted for djbdns, especially since I don't have to manage it :)

This announcement would have been worth something if they supported DNSSEC automatically for all the domains they host. Using unmaintained broken software prevents them from supporting advanced protocol features.

For another example, the DNS already has a standard update API, but Amazon chose crippled software and reinvented the wheel instead of interoperating with the dynamic update code that is already out there.

Can anyone explain what this hosted zone part is, I must be too sleepy or am just missing what it is.

I believe a hosted zone simply corresponds to a single domain you want to host the DNS for.

If you've ever ran your own DNS server this would be equivalent to a "zone file": http://en.wikipedia.org/wiki/Zone_file

If I wanted to point




to separate IP's, would both of these count as a single domain or would I need to pay for two?

Those would be part of one zone, the domain.com namespace.

I take it Wikileaks won't be using this as their DNS provider.

Oh for God's sakes let it be. If you want to boycott Amazon then Fine. Do it. No one's stopping you. But don't spam other threads with your political views.

Amazon as a provider is not an option if you are going to host any material that will upset politicians in Washington. A simple phone call from a senator and your site will be down. This is a big deal if you run a media organization, a political activism organization, or a disruptive startup that politicians want to regulate to death (like Paypal back in the day, and ironic that today they cooperate with Washington against those who disrupt Government's secrecy).

A hidden boycott? Doesn't make a lot of sense.

Depends on your aim. If you are voting with your wallet and you want Amazon to know why, then spamming these threads doesn't do a lot of good. If you are boycotting and you want to recruit others to do so, then spamming these treads does do a lot of good (for you, the boycotter), but in the end it is a solicitation.

I agree with his "don't spam other threads" (and I think a real spamming would make any boycott less effective); I just don't think the comment amounted to spam (which is subjective of course).

You can scream boycott from the top of the highest mountain for all I care. Up vote every item that posts on your boycott. Just don't disrupt every other conversation on HN.

A "conversation" on HN is something with a diagonal shape (a comment replying to a comment replying to a comment, etc.) Adding a comment to something (a post or a comment) that already has other comments doesn't "disrupt" the conversation, it branches it. This isn't a phpBB.

I think you're mistaken. In this discussion, I actually found it quite disruptive to have to scroll past 60 comments talking about politics so that I could find the discussion about the thing we're actually here to discuss.

They have lots of places on the internet to talk about politics. If you want to do so, I bet you'll have no problem finding an appropriate place.

This, however, is not that place.

There's only the one thread, with those 60 comments in it—so that's really just an artifact of the fact that comment threads can't be collapsed on HN like they can on Reddit. With that addition, this system really does support as many tangents as the userbase cares to follow for any given post, without any egregious annoyance per user, up to a certain scale.

Past that scale (probably 1000 individual threads or so; rarely seen on Reddit, and never on HN), a secondary voting mechanism purely to sort threads by "on-topic-ness" might be required, or perhas an automatic sort on how similar in word usage the comments are to their parent, to derive some crude sense of topicality.

The way I see it, people are not going on random threads and spamming this sentiment. They are only commenting on companies relevant to the recent events. Like anything else it'll die off with a long-tail...

We're very happy Zerigo DNS customers. Great API, great infrastructure, great support.

Us too, Zerigo has been awesome, and is already API driven :)

I'm excited about the API available for AWS 53, but I just love the old crusty looking Zone Edit. http://legacy.zoneedit.com

If you're dealing with low volume DNS for a couple domains, Zone Edit is hard to beat.

Did anyone else see "Amazon 53" and think "Amazon S3"?

It seems to me that GoDaddy does this for free? I've also used Slicehost for free.

Is there a difference between their free DNS offering and Amazon's paid version?

TTL minimums.

I'm currently using Zerigo. They've been awesome so probably wont switch anytime soon. Tough competition going up against AMZN for this though.

The pricing is $1/zone and 1 billion (!!) queries per month.

Which seems quite good for a globally hosted DNS service.

Only potential limitations are that its listed as "beta" and that as far as I can tell you have to use the scripts in the Route 53 developer tools (or write your own) to manipulate the zone and do the initial set up.

The pricing is $1/month and $0.50 per million queries for the first billion queries.

My mistake - you are correct.

Its a shame - it would be nice for them to throw in a the first billion!

needs more RRSIG - I don't understand why you'd launch a new DNS product at this point without DNSSEC support.

because like... the whole world uses DNSSEC right?

What is your point?

A significant number of people don't use DNSSEC because they're tied to DNS services which don't support it. And that is an argument for creating more services without support for it?

I imagine the argument is that it's harder and they need time and it's not a critical component so it's better to bootstrap their business first. You know, entrepreneurship.

I don't buy it. They provide support for the "SPF" record type, but not "RRSIG". They would be equally simple to implement, yet DNSSEC would be hugely more beneficial.

I've never come across anyone using the SPF record type. nearly everyone just uses TXT for that.

I think DNSSEC was just an oversight on Amazons behalf. A mistake that they will hopefully fix in the not too distant future.

Which record types does it support?

Ah, it's on their FAQ page - http://aws.amazon.com/route53/faqs/

They support A, AAAA, CNAME, MX, NS, PTR, SOA, SPF, SRV, TXT, which is better than most. But I agree, why on Earth would they not support the DNSSEC record types? It's not as if it would have been any extra work for them...

They're probably using an open source authoritative DNS server which doesn't yet support DNSSEC. If they upgrade to BIND 9.7 or NSD they'll get DNSSEC support for free.

Yeah, as if anyone wants to leave the DNS info in your hands too, Amazon, after pulling Wikileaks at a senator's call.

Amazon should offer domain names next, so it's just one stop for politicians who want to completely eliminate a website from the web when they feel like it.

$0.50 per million queries – first 1 Billion queries / month

$0.25 per million queries – over 1 Billion queries / month


At these rates, it looks like the minimum cost per year per zone is $18 ($1.50/month, $1.00 for the zone and $.50 for the first million queries). This is extremely competitive for folks who only need to manage a very small number of zones. For those with many zones, one of the existing services from UltraDNS or VeriSign would be more appropriate.

Where are you getting service now? I'm paying something like $2.00 per million at Dns Made Easy.


Not sure how many dns lookups get done a day but I see about 6 - 7 million people daily.

20m lookups per month for $14/year, and they don't actually track or bill the excess stuff, I've asked them about it before and it's not implemented with no ETA.

Been with them for a long time and love them although their interface is ugly.

What's the big deal here? Linode provides me all of the DNS I need.

One thing I couldn't find is if it supports wildcard DNS (granted I only did a quick in page search both here and the service description page). Anyone have any insight?

From Amazon:

Amazon Route 53 supports wildcard entries for all record types. A wildcard entry is a record in a DNS zone that will match requests for any domain name based on the configuration you set. For example, a wildcard DNS record such as *.example.com will match queries for www.example.com and subdomain.example.com.

Is there any performance reason to use this as DNS as opposed to the DNS servers on register.com for just a regular web site?

This is awful timing on their part, re: wikileaks, and talks of decentralised DNS safe from politics.

Would love to see some reliability and speed metrics in the coming weeks as adoption increases!

It would be nice if they added this service to their management console; I'm lazy.

It would be nice if they supported vanity nameservers.

Finally! I've been wanting this for AGES!

Guidelines | FAQ | Support | API | Security | Lists | Bookmarklet | Legal | Apply to YC | Contact