Amazon Route 53 - DNS & Routing
Chapter 13: Amazon Route 53 - DNS Service
Section titled “Chapter 13: Amazon Route 53 - DNS Service”Highly Available and Scalable DNS
Section titled “Highly Available and Scalable DNS”13.1 Overview
Section titled “13.1 Overview”Amazon Route 53 is a highly available and scalable Domain Name System (DNS) web service.
Route 53 Overview+------------------------------------------------------------------+| || +------------------------+ || | Route 53 | || | (DNS Service) | || +------------------------+ || | || +---------------------+---------------------+ || | | | || v v v || +----------+ +----------+ +----------+ || | Domain | | DNS | | Health | || | Registration| | Routing | | Checks | || | | | Policies | | | || +----------+ +----------+ +----------+ || || Domain Registration: Register and manage domains || DNS Routing: Route traffic to AWS resources || Health Checks: Monitor endpoint health || |+------------------------------------------------------------------+13.2 DNS Concepts
Section titled “13.2 DNS Concepts”DNS Hierarchy
Section titled “DNS Hierarchy” DNS Hierarchy+------------------------------------------------------------------+| || Root (.) || | || +----------------+----------------+ || | | | || TLD TLD TLD || (.com) (.org) (.net) || | | | || +----+----+ +----+----+ +----+----+ || | | | | | | || Domain Domain Domain Domain Domain Domain || example.com a.com b.org c.org d.net e.net || | || +--+--+ || | | || www api || || FQDN: www.example.com. (Fully Qualified Domain Name) || |+------------------------------------------------------------------+Record Types
Section titled “Record Types” DNS Record Types+------------------------------------------------------------------+| || Record Type | Description || ------------|--------------------------------------------------|| A | Maps domain to IPv4 address || AAAA | Maps domain to IPv6 address || CNAME | Maps domain to another domain (alias) || MX | Mail exchange servers || NS | Name servers for the zone || PTR | Maps IP to domain (reverse DNS) || SOA | Start of authority record || SRV | Service location (port, weight, priority) || TXT | Text records (SPF, DKIM, verification) || CAA | Certificate authority authorization || || Route 53 Specific: || ------------|--------------------------------------------------|| Alias | Maps to AWS resources (special record type) || |+------------------------------------------------------------------+13.3 Route 53 Routing Policies
Section titled “13.3 Route 53 Routing Policies”Simple Routing
Section titled “Simple Routing” Simple Routing Policy+------------------------------------------------------------------+| || Use Case: Single resource || +----------------------------------------------------------+ || | | || | DNS Query: www.example.com | || | | | || | v | || | +----------+ | || | | Route 53 | | || | +----------+ | || | | | || | v | || | +----------+ | || | | 1.2.3.4 | <-- Single IP returned | || | +----------+ | || | | || +----------------------------------------------------------+ || || Configuration: || { || "Name": "www.example.com", || "Type": "A", || "TTL": 300, || "ResourceRecords": ["1.2.3.4"] || } || |+------------------------------------------------------------------+Weighted Routing
Section titled “Weighted Routing” Weighted Routing Policy+------------------------------------------------------------------+| || Use Case: Load distribution, A/B testing || +----------------------------------------------------------+ || | | || | DNS Query: www.example.com | || | | | || | v | || | +----------+ | || | | Route 53 | | || | +----------+ | || | | | || | +----------------+----------------+ | || | | | | | || | v v v | || | +----------+ +----------+ +----------+ | || | | Region A | | Region B | | Region C | | || | | Weight: 3| | Weight: 2| | Weight: 1| | || | | (50%) | | (33%) | | (17%) | | || | +----------+ +----------+ +----------+ | || | | || +----------------------------------------------------------+ || || Configuration: || Record 1: Weight 3 -> Region A || Record 2: Weight 2 -> Region B || Record 3: Weight 1 -> Region C || || Probability: Weight_i / Sum(All Weights) || |+------------------------------------------------------------------+Latency-Based Routing
Section titled “Latency-Based Routing” Latency-Based Routing Policy+------------------------------------------------------------------+| || Use Case: Route to lowest latency endpoint || +----------------------------------------------------------+ || | | || | User Location: US-East | || | | | || | v | || | +----------+ | || | | Route 53 | | || | | Measures | | || | | Latency | | || | +----------+ | || | | | || | +----------------+----------------+ | || | | | | | || | v v v | || | +----------+ +----------+ +----------+ | || | | US-East | | EU-West | | AP-South | | || | | Latency: | | Latency: | | Latency: | | || | | 10ms | | 120ms | | 250ms | | || | | SELECTED | | | | | | || | +----------+ +----------+ +----------+ | || | | || +----------------------------------------------------------+ || || Note: Route 53 maintains latency data between regions || and user locations || |+------------------------------------------------------------------+Failover Routing
Section titled “Failover Routing” Failover Routing Policy+------------------------------------------------------------------+| || Use Case: Active-passive failover || +----------------------------------------------------------+ || | | || | DNS Query: www.example.com | || | | | || | v | || | +----------+ | || | | Route 53 | | || | | Health | | || | | Checks | | || | +----------+ | || | | | || | +----------------+----------------+ | || | | | | || | v v | || | +----------+ +----------+ | || | | Primary | | Secondary| | || | | (Active) | | (Passive)| | || | | Health:OK| | Standby | | || | +----------+ +----------+ | || | | ^ | || | | Failover Scenario | | || | v | | || | +----------+ +----------+ | || | | Primary | -- Health FAIL ----> | Secondary| | || | | (Down) | | (Active) | | || | +----------+ +----------+ | || | | || +----------------------------------------------------------+ || |+------------------------------------------------------------------+Geolocation Routing
Section titled “Geolocation Routing” Geolocation Routing Policy+------------------------------------------------------------------+| || Use Case: Location-based routing (country/continent) || +----------------------------------------------------------+ || | | || | User Location: Germany | || | | | || | v | || | +----------+ | || | | Route 53 | | || | | Geo | | || | | Lookup | | || | +----------+ | || | | | || | +----------------+----------------+ | || | | | | | || | v v v | || | +----------+ +----------+ +----------+ | || | | US | | EU | | APAC | | || | | Endpoint | | Endpoint | | Endpoint | | || | | | | SELECTED | | | | || | +----------+ +----------+ +----------+ | || | | || +----------------------------------------------------------+ || || Location Sources: || - Country (e.g., DE, US, JP) || - Continent (e.g., Europe, Asia) || - Default (catch-all) || |+------------------------------------------------------------------+Geoproximity Routing
Section titled “Geoproximity Routing” Geoproximity Routing Policy+------------------------------------------------------------------+| || Use Case: Route based on location with bias || +----------------------------------------------------------+ || | | || | Bias: Shift traffic to/from region | || | | || | Without Bias: | || | +----------+ +----------+ | || | | Region A | | Region B | | || | | 50% | | 50% | | || | +----------+ +----------+ | || | | || | With Bias (Region A: +50): | || | +----------+ +----------+ | || | | Region A | | Region B | | || | | 75% | | 25% | | || | | Bias:+50 | | | | || | +----------+ +----------+ | || | | || | Bias Range: -99 to +99 | || | Positive: More traffic to region | || | Negative: Less traffic to region | || +----------------------------------------------------------+ || |+------------------------------------------------------------------+Multivalue Answer Routing
Section titled “Multivalue Answer Routing” Multivalue Answer Routing Policy+------------------------------------------------------------------+| || Use Case: Return multiple IPs, client-side load balancing || +----------------------------------------------------------+ || | | || | DNS Query: www.example.com | || | | | || | v | || | +----------+ | || | | Route 53 | | || | +----------+ | || | | | || | v | || | Returns up to 8 healthy IPs: | || | +----------+ | || | | 1.2.3.4 | | || | | 1.2.3.5 | | || | | 1.2.3.6 | | || | +----------+ | || | | | || | v | || | Client selects one IP (random or round-robin) | || | | || +----------------------------------------------------------+ || || Features: || - Up to 8 healthy records returned || - Health checks per record || - Client-side load balancing || - Simple DNS caching || |+------------------------------------------------------------------+13.4 Route 53 Alias Records
Section titled “13.4 Route 53 Alias Records” Alias Records vs CNAME+------------------------------------------------------------------+| || CNAME Record || +----------------------------------------------------------+ || | | || | Limitations: | || | - Cannot use for root domain (example.com) | || | - Additional DNS query required | || | - Not integrated with AWS services | || | | || | Example: | || | www.example.com -> my-alb.us-east-1.elb.amazonaws.com | || | | || +----------------------------------------------------------+ || || Alias Record (Route 53 Specific) || +----------------------------------------------------------+ || | | || | Benefits: | || | - Works for root domain (example.com) | || | - No additional DNS query | || | - Free (no query charges) | || | - Automatic IP updates | || | | || | Supported AWS Resources: | || | - CloudFront distributions | || | - Elastic Load Balancers | || | - API Gateway | || | - S3 website buckets | || | - VPC interface endpoints | || | - Global Accelerator | || | | || | Example: | || | example.com -> ALB (Alias) | || | | || +----------------------------------------------------------+ || |+------------------------------------------------------------------+13.5 Health Checks
Section titled “13.5 Health Checks” Route 53 Health Checks+------------------------------------------------------------------+| || Health Check Types || +----------------------------------------------------------+ || | | || | 1. Endpoint Health Check | || | - Monitor specific endpoint | || | - HTTP/HTTPS/TCP | || | - String matching | || | | || | 2. Calculated Health Check | || | - Combine multiple health checks | || | - AND/OR logic | || | - Parent/child relationship | || | | || | 3. CloudWatch Alarm Health Check | || | - Use CloudWatch alarm as health status | || | - Complex metrics | || | | || +----------------------------------------------------------+ || || Health Check Configuration || +----------------------------------------------------------+ || | | || | Settings: | || | - Protocol: HTTP/HTTPS/TCP | || | - Port: 80/443/custom | || | - Path: /health | || | - Interval: 10s (fast) or 30s (standard) | || | - Failure threshold: 3 consecutive failures | || | - String matching: "OK" in response body | || | | || | Locations: | || | - Multiple AWS regions | || | - Can specify which locations to use | || | | || +----------------------------------------------------------+ || |+------------------------------------------------------------------+13.6 Route 53 Resolver (DNS Resolver)
Section titled “13.6 Route 53 Resolver (DNS Resolver)” Route 53 Resolver+------------------------------------------------------------------+| || Inbound Resolver Endpoint || +----------------------------------------------------------+ || | | || | On-Premises -> AWS VPC | || | | || | On-Premises AWS VPC | || | +------------+ +------------+ | || | | DNS Query | | Resolver | | || | | for VPC IP |--------->| Endpoint | | || | +------------+ | (Inbound) | | || | +------------+ | || | | | || | v | || | +------------+ | || | | VPC Resource| | || | +------------+ | || | | || +----------------------------------------------------------+ || || Outbound Resolver Endpoint || +----------------------------------------------------------+ || | | || | AWS VPC -> On-Premises | || | | || | AWS VPC On-Premises | || | +------------+ +------------+ | || | | EC2 | | DNS Server | | || | | DNS Query |--------->| (On-Prem) | | || | +------------+ +------------+ | || | | | || | v | || | +------------+ | || | | Resolver | | || | | Endpoint | | || | | (Outbound) | | || | +------------+ | || | | || +----------------------------------------------------------+ || || Resolver Rules: || +----------------------------------------------------------+ || | - Forwarding rules: Forward specific domains | || | - System rules: Default VPC DNS | || | - Priority: 1-9999 (lower = higher priority) | || +----------------------------------------------------------+ || |+------------------------------------------------------------------+13.7 Practical Configuration
Section titled “13.7 Practical Configuration”Route 53 with Terraform
Section titled “Route 53 with Terraform”# ============================================================# Route 53 Zone# ============================================================
resource "aws_route53_zone" "main" { name = "example.com"
tags = { Name = "main-zone" }}
# ============================================================# A Record (Simple)# ============================================================
resource "aws_route53_record" "www" { zone_id = aws_route53_zone.main.zone_id name = "www.example.com" type = "A" ttl = 300
records = ["1.2.3.4"]}
# ============================================================# Alias Record to ALB# ============================================================
resource "aws_route53_record" "alb" { zone_id = aws_route53_zone.main.zone_id name = "example.com" type = "A"
alias { name = aws_lb.main.dns_name zone_id = aws_lb.main.zone_id evaluate_target_health = true }}
# ============================================================# Weighted Routing# ============================================================
resource "aws_route53_record" "weighted_us" { zone_id = aws_route53_zone.main.zone_id name = "api.example.com" type = "A"
weighted_routing_policy { weight = 70 }
set_identifier = "us-east" records = ["1.2.3.4"]}
resource "aws_route53_record" "weighted_eu" { zone_id = aws_route53_zone.main.zone_id name = "api.example.com" type = "A"
weighted_routing_policy { weight = 30 }
set_identifier = "eu-west" records = ["5.6.7.8"]}
# ============================================================# Latency Routing# ============================================================
resource "aws_route53_record" "latency_us" { zone_id = aws_route53_zone.main.zone_id name = "app.example.com" type = "A"
latency_routing_policy { latency_region = "us-east-1" }
set_identifier = "us-east" records = ["1.2.3.4"]}
resource "aws_route53_record" "latency_eu" { zone_id = aws_route53_zone.main.zone_id name = "app.example.com" type = "A"
latency_routing_policy { latency_region = "eu-west-1" }
set_identifier = "eu-west" records = ["5.6.7.8"]}
# ============================================================# Failover Routing# ============================================================
resource "aws_route53_record" "primary" { zone_id = aws_route53_zone.main.zone_id name = "failover.example.com" type = "A"
failover_routing_policy { type = "PRIMARY" }
set_identifier = "primary" records = ["1.2.3.4"]
health_check_id = aws_route53_health_check.primary.id}
resource "aws_route53_record" "secondary" { zone_id = aws_route53_zone.main.zone_id name = "failover.example.com" type = "A"
failover_routing_policy { type = "SECONDARY" }
set_identifier = "secondary" records = ["5.6.7.8"]}
# ============================================================# Geolocation Routing# ============================================================
resource "aws_route53_record" "geo_us" { zone_id = aws_route53_zone.main.zone_id name = "geo.example.com" type = "A"
geolocation_routing_policy { country = "US" }
set_identifier = "us" records = ["1.2.3.4"]}
resource "aws_route53_record" "geo_eu" { zone_id = aws_route53_zone.main.zone_id name = "geo.example.com" type = "A"
geolocation_routing_policy { continent = "EU" }
set_identifier = "eu" records = ["5.6.7.8"]}
resource "aws_route53_record" "geo_default" { zone_id = aws_route53_zone.main.zone_id name = "geo.example.com" type = "A"
geolocation_routing_policy { country = "*" }
set_identifier = "default" records = ["9.10.11.12"]}
# ============================================================# Health Check# ============================================================
resource "aws_route53_health_check" "primary" { fqdn = "primary.example.com" port = 443 type = "HTTPS" resource_path = "/health" failure_threshold = 3 request_interval = 30
tags = { Name = "primary-health-check" }}
# ============================================================# Resolver Endpoint# ============================================================
resource "aws_route53_resolver_endpoint" "inbound" { name = "inbound-resolver" direction = "INBOUND"
security_group_ids = [aws_security_group.resolver.id]
ip_address { subnet_id = aws_subnet.private[0].id }
ip_address { subnet_id = aws_subnet.private[1].id }
tags = { Name = "inbound-resolver" }}
# ============================================================# Resolver Rule (Forwarding)# ============================================================
resource "aws_route53_resolver_rule" "forward" { domain_name = "corp.example.com" name = "forward-corp" rule_type = "FORWARD" resolver_endpoint_id = aws_route53_resolver_endpoint.outbound.id
target_ip { ip = "10.0.1.10" }
target_ip { ip = "10.0.2.10" }
tags = { Name = "forward-corp-rule" }}
# Associate rule with VPCresource "aws_route53_resolver_rule_association" "main" { resolver_rule_id = aws_route53_resolver_rule.forward.id vpc_id = aws_vpc.main.id}13.8 Why This Matters in DevOps/SRE
Section titled “13.8 Why This Matters in DevOps/SRE”DNS is the first thing that breaks and the last place people look. Route 53 is critical for traffic management, failover, blue/green deployments, and disaster recovery. SREs use DNS routing policies as the primary mechanism for production traffic steering.
13.9 Linux Systems Perspective
Section titled “13.9 Linux Systems Perspective”DNS Management from Arch Linux
Section titled “DNS Management from Arch Linux”# Install DNS toolssudo pacman -S bind-tools jq aws-cli-v2
# DNS record audit script#!/bin/bash# ~/bin/dns-audit.shZONE_ID="$1"echo "=== Route 53 Zone Records ==="aws route53 list-resource-record-sets \ --hosted-zone-id "$ZONE_ID" \ --query 'ResourceRecordSets[*].{Name:Name,Type:Type,TTL:TTL}' \ --output table
# Quick DNS propagation checkdns-check() { local domain="$1" echo "=== DNS Resolution for $domain ===" echo "--- dig ---" dig +short "$domain" echo "--- Route 53 Health ---" aws route53 get-health-check-count --query 'HealthCheckCount'}13.10 Troubleshooting Guide
Section titled “13.10 Troubleshooting Guide”| Issue | Cause | Solution |
|---|---|---|
| DNS not resolving | Wrong NS records at registrar | Verify NS records match Route 53 hosted zone |
| Failover not working | Health check misconfigured | Verify health check endpoint, check SG/NACL |
| Stale DNS responses | High TTL caching | Lower TTL before changes, wait for propagation |
| Alias record 502/503 | Target resource unhealthy | Check ALB/CloudFront target health |
| Geolocation wrong region | Missing default record | Always add a default geolocation record |
13.11 Interview Questions
Section titled “13.11 Interview Questions”-
Q: What’s the difference between Alias records and CNAME records?
- A: Alias is Route 53-specific: works for zone apex (example.com), no extra DNS query, free, auto-updates target IPs. CNAME: standard DNS, cannot be used at zone apex, additional DNS lookup, charges per query. Always prefer Alias for AWS resources.
-
Q: How would you implement a multi-region active-active architecture with Route 53?
- A: Use latency-based routing with health checks on each regional endpoint. Route 53 routes users to the lowest-latency healthy region. Combined with weighted routing for gradual traffic shifting during deployments. Add calculated health checks for complex health logic.
13.12 Exam Tips
Section titled “13.12 Exam Tips”
- Routing Policies: Simple, Weighted, Latency, Failover, Geolocation, Geoproximity, Multivalue
- Alias Records: Free, works for root domain, auto-updates
- Health Checks: HTTP/HTTPS/TCP, 10s or 30s intervals
- Failover: Active-passive (PRIMARY/SECONDARY)
- Latency vs Geolocation: Latency = performance, Geolocation = location
- Resolver: Inbound (on-prem to VPC), Outbound (VPC to on-prem)
- Resolver Rules: Forward specific domains to on-prem DNS
- TTL: Lower = faster changes, higher = less queries
- CNAME vs Alias: Alias for AWS resources, CNAME for external
- Domain Registration: Route 53 can register domains
Next Chapter
Section titled “Next Chapter”Chapter 14: Amazon CloudFront - CDN Service
Last Updated: March 2026