Route 53
Amazon Route 53 is a DNS web service: hosted zones, records, health checks, and traffic policies. It sits in front of many architectures — Elastic Load Balancing, CloudFront, API Gateway. For TCP/HTTP concepts, see TCP/IP Primer and HTTP for Operators.
Public vs Private Hosted Zones
Section titled “Public vs Private Hosted Zones”| Type | Resolves for |
|---|---|
| Public hosted zone | Internet clients (authoritative for your domain on the public internet). |
| Private hosted zone | Resources inside one or more VPCs (split-horizon: same name, different answers inside vs outside). |
Associate a private zone with VPCs in the same or other accounts (with RAM / sharing where needed).
Record Types (Operator View)
Section titled “Record Types (Operator View)”| Record | Use |
|---|---|
| A / AAAA | Name → IPv4 / IPv6. |
| CNAME | Name → another DNS name (cannot be used at zone apex for DNS standards — use alias on AWS). |
| Alias (Route 53) | Map to AWS resources (ALB, NLB, CloudFront, S3 website, API Gateway). No charge for queries to AWS aliases. Works at apex (example.com). |
| NS / SOA | Delegation and zone metadata. |
Routing Policies
Section titled “Routing Policies”| Policy | When to use |
|---|---|
| Simple | Single target; no health-based routing. |
| Weighted | Split traffic by percentage (canary, migration). |
| Latency | Send users to the lowest-latency region among healthy endpoints. |
| Failover | Primary/secondary with Route 53 health checks. |
| Geolocation | Route by user’s geographic location (compliance, localization). |
| Geoproximity | Traffic flow with bias toward regions (Traffic Flow). |
| Multivalue | Return multiple healthy records (not a substitute for full LB logic). |
Combine with health checks so failover and weighted routing skip unhealthy targets.
Health Checks
Section titled “Health Checks”Route 53 can probe HTTP/HTTPS/TCP endpoints (or calculated checks combining others). Failover records depend on check results. Align check path and expected status with a cheap endpoint (not a heavy DB query).
Hybrid DNS and Resolver
Section titled “Hybrid DNS and Resolver”- Inbound Resolver endpoints — On-premises DNS forwards queries into Route 53 for private zones.
- Outbound Resolver — VPC workloads resolve on-prem names via conditional forwarding rules.
- Resolver DNS Firewall — Optional filtering on DNS queries.
When documenting hybrid DNS, spell out who is authoritative for which suffix, and forwarding vs recursive paths.
Diagnosing Issues
Section titled “Diagnosing Issues”dig example.com Adig @8.8.8.8 example.com A # specific resolverdig +trace example.com # delegation chain from rootsdig -x 203.0.113.10 # PTR (reverse)Common Problems
Section titled “Common Problems”| Symptom | Likely causes |
|---|---|
| NXDOMAIN | Wrong zone, typo, delegation not updated at registrar, private record not associated with this VPC. |
| Wrong IP / stale answer | TTL caching at resolvers or clients; recent change not propagated. |
| Works from laptop, not from EC2 | Split-horizon private zone, different resolver (/etc/resolv.conf / VPC DNS), hybrid forwarding. |
| Alias to ALB wrong | Dualstack vs IPv4-only; wrong region; health all targets down (see ELB page). |
| HTTPS works by IP but not name | DNS fixed but certificate SAN does not match hostname. |
Lower TTL before migrations for faster cutover; higher TTL reduces query load and vendor API rate limits. Trade agility vs cache stability based on how often you need to change records.
Multi-Region Patterns
Section titled “Multi-Region Patterns”Latency-based or failover records in front of regional ALBs are a standard active/active or active/passive story. Mention health checks and data replication assumptions (DNS does not fix app consistency).
Related
Section titled “Related”- Elastic Load Balancing — Targets behind names.
- Networking — VPC DNS (
enableDnsHostnames,enableDnsSupport). - Linux network configuration — Resolver behavior on instances.
- Network troubleshooting flow.