Google Certified Associate Cloud Engineer 2020

Sign Up Free or Log In to participate!

DNS Section towards the end confused me

Hello, I was a little confused at the end of this video when you talked about using DNS is a bad thing to front end your web application and I would like a little clarification. For example I work for a SaaS company and specifically work on a product hosted in GCP. The architecture is fronted by Cloudflare DNS with A recrods for our websites pointed at the GCP load balancing external IPs. Is the section about DNS saying that this is an improper thing to do or am I missing something?

4 Answers

Here is what I got out of that discussion. 

Firstly you have to consider the issues with DNS based routing. The primary problem that I understood other that DNS lookups are sticky and chunky 😀 is that the routing does not consider URLs of your application. For example if you have set up for product catalog one region (/product-catalog) and your promotion engine logic in another (/promotion-engine) you want send the traffic to correct instances with minimum lookups. If routing decision is solely made by DNS lookup then the urls are not considered (since this is happening below the Application later) in the network stack. 

Secondly if IPs change or things move then there might also be an issue with Cached DNS which I have not personally experienced but have heard about.

Having said all that your application might be doing the right thing if you dont have to route based on the URLS. CloudFlare caching from a high level mantain cached resources in multiple locations with TTLs. So it might be working out OK for you. Lot of considerations there.

Thank you and I would like to know Mattias perspective on this as well. Have a nice one!

This is a really interesting discussion, and I like Asad Siddiqi’s answer as well. To add my own two cents to this:

DNS is always necessary for name resolution. The question becomes whether you should also be using it as your primary load balancing mechanic. Even when using GCP’s anycasting global IP’s, you are probably still going to need a public DNS record to make your site user-friendly.

I don’t think the point is that using DNS as part of your load balancing scheme is wrong; it just has limitations which engineers may not be aware of, nor consider. These same limitations aren’t true for Anycast addresses, and most of the con’s of Anycast addresses are handled by Google in GCP. It all comes down to analyzing your use case and determining what is the best fit based on the needs, and technology available

If you’re looking at services which would benefit from geo-specific Layer 7 routing, Anycast IP’s may provide a measurable boost to performance. Otherwise, the differences may be fairly minimal.

After re-watching the video I realized that he specifically on the DNS part talks about how some Cloud providers or I guess a method of Loadbalancing can be with DNS. For example AWS Route 53 has a multi-value option routing policy that they released a little bit ago which is basically a basic load balancer. So instead of pointing your DNS at the IP or CNAME of a Load balancer you are rather pointing your DNS at 2 instances and their IPs and allow route 53 to do the loadbalancing for you. At least that is how I am interrupting it now. Which is something he is explicitly telling you is a bad idea due to the extra things DNS needs to do it can be detrimental to the operational performance of your systems.

So now I have another question due to something that happened a couple of weeks ago at my job and basically why I know how we do our load balancing (As I was inherited the tech stack rather than designing it myself). A couple of weeks ago I got a ticket stating that a few customers were receiving notifications that our GCP IP was reaching out to China. These customers explicitly has traffic going to China blocked or they got a warning and were making sure that is not where we are hosted. This is where I did my research of the global load balancing in GCP and I assumed that the person before me who set it up put it that way so if our customers were in Japan they would get better performance. I am now curious on how the global load balancing works in GCP. Is the IP cached at an Edge location and it so happens that those customers were routed to an edge location in China. Does anyone have insight on this or could possible point me to a whitepaper as I was not able to find much on the actual design of how this works.

I appreciate your answers 🙂 I hope you guys are enjoying this course as much as me!

Really glad you’re enjoying the course! 🙂  And I’m glad there’s been good discussion about your DNS question.

You’re right that I was meaning to refer to "load balancing that happens because of DNS" as a bad idea (whether with a multi-value A record like you mentioned or just several A records and the client picks one), as I actually think it’s a great idea to use DNS to point to your load balancer.

That said, there can also be a bit of trouble if you try to respond to DNS differently in different parts of the world in an attempt to send traffic to different regions in your architecture–even if you’re pointing to a load balancer in each of those regions.

As for your last question about China, I’m not really sure about the situation.  Are you meaning that those instances are reaching out to China, or are they merely responding to requests that happened to originate in China?

Sign In
Welcome Back!

Psst…this one if you’ve been moved to ACG!

Get Started
Who’s going to be learning?