2

I have a static web application being hosted in an S3 Bucket that I am currently hosting with Amazon CloudFront. It is a travel site, so I would like for users around the world to be able to quickly use it. I also want to use TLS for free with ACM (Amazon Certificate Manager).

What is the best practice architecture for doing this? I'm not trying to start a discussion or ask an open-ended question. Hear me out.

I don't know much about how DNS works, so correct me if I'm wrong. If I have GoDaddy DNS records to two GoDaddy NS servers/addresses/domains/whatever-they-are, does that mean that any time a user in Hong Kong wants to access my website, they have to contact those GoDaddy DNS servers, wherever they are, THEN contact DNS servers for CloudFront, THEN actually contact the nearest CloudFront server and retrieve my super-fast, locally-cached copy of my website?

As you might guess, I am afraid that this will slow down access to my site and defeat the purpose of using CloudFront to begin with. Is this a valid concern? How should I set this up? Would Route 53 help or make things worse?

Andrew Davidson
  • 23
  • 1
  • 1
  • 5
  • https://serverfault.com/questions/406786/godaddy-vs-route53-for-dns – AlexD Apr 25 '18 at 07:49
  • You are putting too much thoughts on it for two reasons. First DNS uses caching so the first query will be slow, for a given client and all users of the same nameserver, but later ones will be quick, and the DNS time is a small amount in the total time to retrieve an HTTP resource (by the way since content is static do not forget about HTTP cachine either). And two, why not start with what you have and **only if you observe performance problems** start to investigate solutions, including changing DNS providers if really needed. "Premature optimization is the root of all evil". – Patrick Mevzek Apr 27 '18 at 02:40
  • Sounds like a good plan! – Andrew Davidson Apr 27 '18 at 05:07

1 Answers1

2

If you have your domains registered with GoDaddy but use Route53 for DNS - no problems. Short version of my answer is that's the fastest / best way to do it.

Here's how I think it DNS works. If I'm not right I'm happy to make edits or remove the answer.

The browser looks up DNS for your domain, which is with GoDaddy DNS servers, wherever they are. It might take 20 - 200ms to do the DNS lookup to GoDaddy to get the CNAME (which is an alias to an AWS CloudFront IP). Then another DNS lookup of result of the first DNS lookup is done against an AWS DNS server which will most likely return an A record / IP address, which is probably 10 - 40ms. So, yes, there are two DNS lookups.

DNS servers are in a hierarchy, so if your local DNS server doesn't have the records you need it might take even longer.

If you had a Route53 DNS record then the first DNS lookup would be faster. CloudFlare, which has a good free tier, also has a very fast, well distributed DNS system.

One small hitch is you can't put a CNAME at the root of a domain (ie example.com), but you can on a subdomain (ie www.example.com). Both Route53 and CloudFlare have workarounds for that. If you're using GoDaddy DNS I'm not sure how it works - could be a custom feature, or you could have a web server listening to requests on the root of the domain, doing a 301 redirect to the www subdomain. That's another hop though.

Short version: best use Route53, it costs 50c per month plus 40 cents per million lookups.

Tim
  • 30,383
  • 6
  • 47
  • 77
  • A `CNAME` maps a name to another name. There is no IP address involved at this stage. – Patrick Mevzek Apr 27 '18 at 02:34
  • DNS uses caches. The numbers you quote (I do not know based on what data, but anyway) apply to the first requests of a client, the following ones from the same client (and all others using the same nameserver) will be replied "immediately", without needing to query again the authoritative nameservers of the domain. – Patrick Mevzek Apr 27 '18 at 02:36
  • Yes those numbers are initial lookup for any individual client. After that they're cached on the client. Those numbers are mostly around latency to the local DNS server, if that local server has to contact another server to get IP addresses it could be slower. Yes, a CNAME looks up another name, and that next name usually leads you to an A record / IP address. – Tim Apr 27 '18 at 02:40
  • I was curious on how you arrive at 20-200 ms to query one set of nameservers and 10-40ms for the other set, without even specifying where are the clients... Do you have any source for this data or test samples? – Patrick Mevzek Apr 27 '18 at 03:00
  • Also, if you want to be complete, the browser (or more precisely the OS on which it runs) starts resolution at root nameservers (one lookup), then at TLD nameservers (another lookup) and then only at the specific domain name authoritative nameservers (whatever number of lookups depending on CNAME and other redelegations). Of course, again because of caches, queries to root servers and TLD ones are "rare" as they will be immediately cached and reused. – Patrick Mevzek Apr 27 '18 at 03:02
  • My timings were a guess based on average latency between Australia / NZ and the USA, based on an assumption that GoDaddy DNS servers are in the USA. If you use Route53 / CloudFlare they have DNS servers everywhere, within 30ms of most people. – Tim Apr 27 '18 at 03:47
  • Yeah so maybe that's another part of what I'm wondering. Does GoDaddy have global DNS servers that are reliable? – Andrew Davidson Apr 27 '18 at 05:10
  • 1
    That's the 200ms question – Tim Apr 27 '18 at 08:28