1. It's API-driven, so we can modify our DNS entries programmatically. You can't do that with DNS Made Easy. (They've been "planning to implement an API in the future" for a long time now.)
2. At our scale, it's exactly 1/4th the cost of DNS Made Easy. That'll be a nice chunk of change. Plus, like other AWS services, you only pay for the number of queries that you actually use.
The reason I do this is so I can have the root of a zone pointed at an ELB, since you can't use a CNAME for that. So I mirror the IP address(es) of the ELB into the zone root. With DME, I rotate the IP every few minutes, but with Route 53 I could publish all its IPs. (Of course, it would be nice if Route 53 was integrated with Amazon's other services so I didn't have to do this at all…)
Has anyone tried this out though? My impression is that R53 is exclusively API driven, at least for now. I'd kinda like to have a web interface to fall back on.
They do provide scripts that take care of most of the work but ther is still more involved than a web front end.
For example you make changes in batches of records, and they can be create or delete. So to change an IP in an A record you make an XML document with both a delete request and a create request with the new value then poll the API for a sat us of in-sync.
EDIT: I forgot to ask, what kind of overages are you seeing? With Route 53 you'll be charged $501/month if your zone gets 1B queries.
I'm happy with Nettica but Amazon's offering will draw attention to this important point. Plus competition leads to more features, better service and so on.
(My experience with this is that the downtime that I want to route around usually lasts longer than the TTL. And even if it doesn't, the recursive resolver / OS cache / browser cache ends up persisting the record longer than the TTL advises.)
Service providers of all sorts should stand by their customers until a court order to the contrary is served, especially when institutions like the EFF are solidly on the side of those customers.
Amazon releasing more critical infrastructure that can be shut-down at someone's whim is bad timing to put it very mildly.
I think it's pretty clear that Amazon didn't roll over because of Lieberman's remarks. Rather, Amazon did what they did because they thought it was the right to do: "it is not credible that the extraordinary volume of 250,000 classified documents that WikiLeaks is publishing could have been carefully redacted in such a way as to ensure that they weren’t putting innocent people in jeopardy".
I understand you're passionate about this, but let's not conflate what actually happened.
Late that evening, Wikileaks was cut off.
The next day, Lieberman put out a press release: "This morning Amazon informed my staff that it has ceased to host the Wikileaks website. I wish that Amazon had taken this action earlier based on Wikileaks’ previous publication of classified material. The company’s decision to cut off Wikileaks now is the right decision and should set the standard for other companies Wikileaks is using to distribute its illegally seized material. I call on any other company or organization that is hosting Wikileaks to immediately terminate its relationship with them."
Lieberman's spokesperson added: "Senator Lieberman hopes that what has transpired with Amazon will send a message to other companies."
The next day, Lieberman introduced a bill in Congress that would make it a Federal crime to do what Amazon was doing, hosting the Wikileaks material.
You could characterize that as "pretty clear that Amazon didn't roll over because of Lieberman", but that characterization would be utterly mendacious.
Regardless, that doesn't change the fact that your original claim that Amazon rolled over because of Lieberman is false and unsubstantiated.
The risk with newspapers is that they publish too little, not too much, as they rely on their closeness to elites to do their job.
> Regardless, that doesn't change the fact that your original claim that Amazon rolled over because of Lieberman is false and unsubstantiated.
Which is far worse than if they would've had succumbed to the political pressure. ISP that is also a jury to content that is not a clear case is evil.
User: Amazon, I found child pornography on one of your hosted pages.
Amazon: Sorry we're not legal experts we'll keep the content until a court case delivers a verdict.
You're living in cloud cuckoo land if you believe that an ISP has to forgo all moral judgement on content and only remove or deny hosting if something is proven to be illegal.
The number of leaks available on the site jives nicely with the figure of 837 reddit says: http://www.reddit.com/r/worldnews/comments/egmiu/just_a_remi....
News agencies have had access to more cables, but that has nothing to do with the point.
Could it be that you are the one conflating what is happening? :)
jacquesm's comment (and this thread descending from it) does not in any way take away from our ability to talk about Route 53 as a technology.
That you have to scroll past the entirety of those 3 children's discussion to get to what interests you is an incident of the way the comment tree is rendered by default. If tangential threads started collapsed and had to be expanded (assuming there's come clever way to detect tangential threads, or just people such as yourself to tag them), your complaint would vanish, with no change to the ratio of Wikileaks posts:"on-topic" posts.
And just as, well, a tangential argument: if someone is planning to avoid using all AWS products, they will avoid using this one as well, thus making such avoidance relevant to the story. What you're reacting to is the fact that the topic has already been beaten to death in other HN threads, not that it's particularly irrelevant to this one. For a while now, I've been thinking that we need some form of super-threading (such that article posts which form a sequence will have a single, merged comment thread), but now I'm starting to think we need aspect-oriented threading as well—such that this sub-thread, with its connection between this article and Wikileaks, would actually appear in the comments of both super-threads, and if you had hit "ignore" on the Wikileaks thread, the comments in here that also apply to it would disappear. Sound workable?
I think it's fair to say, even from the perspective of an impartial observer (I'm not one), that Wikileaks ran this whole comment thread off the rails. This is a discussion about what will probably be the biggest news about DNS over the next 2 quarters, and DNS has --- literally --- taken a back seat to someone trying to explain to Jacques what Joe Lieberman represents in US politics.
The arguments in favor of injecting WL into these discussions strike me as very similar to the arguments Ron Paul advocates used to inject Paul into discussions in early 2008.
However, we do have the Arc source; what is needed now is a good incentive to actually implement/fix this stuff, other than just scratching itches (because if that was enough, it would have been done by now.) "A competitor to HN that does it, runs ads, steals traffic, and makes money" wouldn't work, because the value of HN is 99% the community...
The problem we're having isn't technical. It's simply bad-faith comments: comments made to advance an agenda (along the theme of "what's the point of a silent boycott", ie, "yes, we're protesting, not discussing the actual topic") instead of a topical discussion. In the WL case, the fact that WL approval trends 3-1 in favor means those bad-faith comments get jacked up in rank.
This thread is also a non-topical digression from Amazon Route 53, but the whole HN item is a lost cause and the meta discussion about how HN is mishandling this is more valuable than what's actually leading here --- again: arguments about Joe Lieberman.
If I were a different sort of HN user, I'd post a "Tell HN: Please Stop With The Wikileaks Stuff". But we all know what would happen if that got posted: two Lieberman discussions.
And that's the thing... you can't expect people to not try to advance their own agendas. You have to make a system that's robust in the face of human nature, not expect humans to subvert their nature to use the system. There will always be something like Wikileaks (on Reddit, that something is omnipresent pun threads that can sometimes eat ten pages before you find the rest of the discussion) and asking the userbase to stop won't help (I don't think...) as long as it doesn't visibly harm anyone the user cares about ('round here, if pg says stop, you'd stop, because he's in everyone's Monkeysphere, but that's not a principle that can work in every forum.) In the tragedy of the commons, the best solution is to get better commons.
The only part of this comment thread that you are posting in is exactly rhe one about whose length you complain so loudly, and it would have been at least 50% shorter if you had not done so.
You did not discuss anything whatsoever in the rest of this thread and in spite of 'leaving people to help themselves to the last word' you keep coming back for more.
Build a web service that people may use to share links related to piracy, or photos that may be pornographic, and you'll experience the same.
Amazon's policy is the Apple App Store all over again.
Privacy is the new green because of the Facebook scare. Maybe this could be another interesting trend to capitalize on.
Suppose you have a newspaper and you want to co-locate, Amazon is suddenly no longer an option.
Really, the speed and ease with which they rolled over after some political pressure is quite amazing to me, I had them pegged as 'solid' before.
One thing that pops to mind is WikiLeaks was promising to expose the secrets of all big businesses everywhere. It makes no sense whatsoever for Amazon to support someone promising to do that, unless Amazon has no secrets they wish to keep.
The Guardian used Amazon to host the app they built that allowed readers to filter through and flag the Afghan war logs. No takedown from Amazon there!
On the other hand, had WL not violated the AWS AUP, I also don't think Amazon would have taken them down, either.
The point is, if you don't violate the Amazon ToS, this is a non-issue (outside of personal politics, which is a fine reason not to do business with them, but a bit out of scope for this discussion.)
If the rest of the TOS is full of stuff like that, it would be doubtful it would even be possible to run a significant site without in some way violating the TOS. According to that TOS, one user-submitted comment of copyrighted content and your website could immediately be permanently pulled, even if you took the comment down as fast as humanly possible.
I think you'll find that you do.
You own that copy that you are presenting for distribution, no one else owns it nor has rights over it, you do (at least in copyright terms, PD could still have trademark and other issues).
The right to prevent other people copying it is exhausted, there is no [copy]right there to own so it's not a legal right that you don't have. That other people own other copies and have control of all the available rights to their copies is immaterial.
That said I think you're clutching at straws classified documents are not in the public domain unless they have been published by someone with the right to do so and the copyright term in the relevant jurisdiction has expired.
There are about 30 states IIRC that aren't signatories to Berne Convention or relevant parts of TRIPS, etc..
Does that sound credible to you? Does that seem like a reasonable comparison? I'm done arguing about WL on a thread about a new Amazon web service now.
At any rate, I'd amend your "if you don't violate the ToS" to "if you don't attract a phone call from a cranky old senator's office", since that's what seems to have prompted the action.
Try taking the words at their face value, instead. The motivation is avoiding another 20-comment thread that spends 70% of its time dancing around the subtext of one commenter liking WL and the other commenter not liking WL.
Try what Wikipedia tries to do: Assume Good Faith. There are people on HN I, too, have a hard time doing that with, so if you're not assuming good faith because of a 'tptacek issue, please feel free to email me about it.
By this standard, I fully expect AWS to terminate services to EVERY SINGLE forum, review site, message board, webmail service, and any other site that does not explicitly state in their own terms of service that every byte of user-generated content is the exclusive property of the site itself.
In addition, I expect any AWS customer hosting IETF RFCs, software with public domain licenses, and public domain poetry to be shut down immediately.
If AWS fails to do this, they are being discriminatory and capricious in pursuing TOS violations.
If I were to be cynical, I'd say that the purpose of that clause is to allow Amazon to take down any site they want and have a credible excuse. Realistically it's probably just some over-zealous lawyer, but either way it has that very effect (as Amazon has demonstrated).
Here's a fact: US Government publications can't be copyrighted. Period.
So while Amazon tries to hide behind these lies, they're also busy making money off of books about similar "leaks", like the Pentagon Papers, Watergate, etc.
Its not clear that wikileaks.org, self-publishing is "the press". Does Lovell v. City of Griffin hold? I don't know. Do you?
Everyone has different opinions (Terms of Services), but why can we not judge someone on those?
Even the paedophile book lasted longer than Wikileaks on Amazon. This should speak volumes about the political pressure Amazon was under when Lieberman called.
It's not as if they didn't know what wikileaks was up to before this happened.
In the future, we plan to add additional integration features such as the ability to automatically tie your Amazon Elastic Load Balancer instances to a DNS name
As demonstrated by https://forums.aws.amazon.com/thread.jspa?threadID=32044, lots of people want this.
And tptacek, yes we should speak about wikileaks when discussing Amazon, from now on. This isn't a fanboy site, this is a place to discuss the real ramifications of a company's actions.
I'll need to read up on this a bit more. It does appear to be significantly more economical to stay with DNS/ME.
Disclaimer: I don't know/care about support since my site is non-critical but Godaddy promises premium service coming soon. My site is running smoothly serving 10+ mil. pageviews per month. Time using Godaddy's DNS until now: 3 months
Slicehost doesn't charge you anything for DNS hosting if you use them for some kind of VPS hosting. We use their DNS for our (dev and staging) servers that aren't even hosted on Slicehost and it doesn't seem to be a problem. It's the one reason why we continue to keep a few of our VPS servers hosted there since competitors such as Linode are so much cheaper now.
edit: sorry to be so out of step - I guess I should have tied wikileaks to ipv6 to fit in with the rest of the comments.
People will undoubtedly tie the two things together, and Wikileaks supporters will make a big effort to point out Amazon's recent misstep.
I would probably have waited just a couple of days or weeks before this recent event was out of most people's minds.
I could also understand if Amazon didn't notice Wikileaks for a few days, but weeks?
Getting rejected poses no problem for anyone; there are grey areas, and everyone needs to draw a line.
But getting pulled after being hosted for several weeks? What changed?
Amazon pulling Wikileaks has created a Damoclean sword in the minds of people who consider to use AWS in the future.
It's a single point of failiure anway and you want to distribute your core infrastructure between different parties. It's cool to run a DNS by AWS but not cool if you don't have mirrors/secondary nameservers, too.
Maybe this isn't a big deal, but wouldn't someone who needs a DNS service either already know this or have a developer or IT guy who has explained to them why they need a DNS service?
Per RFC5737 - http://www.rfc-editor.org/rfc/rfc5737.txt:
"The use of designated address ranges for documentation and examples reduces the likelihood of conflicts and confusion arising from the use of addresses assigned for some other purpose."
DJ Bernstein TinyDNS 1.05
I've used NSD once, it was good. Other than djb 'non standard' conventions and installation procedures, I see no other issues with his software and am happy Amazon opted for djbdns, especially since I don't have to manage it :)
For another example, the DNS already has a standard update API, but Amazon chose crippled software and reinvented the wheel instead of interoperating with the dynamic update code that is already out there.
If you've ever ran your own DNS server this would be equivalent to a "zone file": http://en.wikipedia.org/wiki/Zone_file
to separate IP's, would both of these count as a single domain or would I need to pay for two?
They have lots of places on the internet to talk about politics. If you want to do so, I bet you'll have no problem finding an appropriate place.
This, however, is not that place.
Past that scale (probably 1000 individual threads or so; rarely seen on Reddit, and never on HN), a secondary voting mechanism purely to sort threads by "on-topic-ness" might be required, or perhas an automatic sort on how similar in word usage the comments are to their parent, to derive some crude sense of topicality.
If you're dealing with low volume DNS for a couple domains, Zone Edit is hard to beat.
Is there a difference between their free DNS offering and Amazon's paid version?
Which seems quite good for a globally hosted DNS service.
Only potential limitations are that its listed as "beta" and that as far as I can tell you have to use the scripts in the Route 53 developer tools (or write your own) to manipulate the zone and do the initial set up.
Its a shame - it would be nice for them to throw in a the first billion!
A significant number of people don't use DNSSEC because they're tied to DNS services which don't support it. And that is an argument for creating more services without support for it?
I've never come across anyone using the SPF record type. nearly everyone just uses TXT for that.
I think DNSSEC was just an oversight on Amazons behalf. A mistake that they will hopefully fix in the not too distant future.
They support A, AAAA, CNAME, MX, NS, PTR, SOA, SPF, SRV, TXT, which is better than most. But I agree, why on Earth would they not support the DNSSEC record types? It's not as if it would have been any extra work for them...
Amazon should offer domain names next, so it's just one stop for politicians who want to completely eliminate a website from the web when they feel like it.
$0.25 per million queries – over 1 Billion queries / month
Not sure how many dns lookups get done a day but I see about 6 - 7 million people daily.
20m lookups per month for $14/year, and they don't actually track or bill the excess stuff, I've asked them about it before and it's not implemented with no ETA.
Been with them for a long time and love them although their interface is ugly.
Amazon Route 53 supports wildcard entries for all record types. A wildcard entry is a record in a DNS zone that will match requests for any domain name based on the configuration you set. For example, a wildcard DNS record such as *.example.com will match queries for www.example.com and subdomain.example.com.