Route 53

PreviousBasics of DNS Next08_VPC

Last updated 4 months ago

Route 53

Icon

About

A highly available, scalable, fully managed and Authoritative (i.e., you can update the DNS records) DNS.
Route 53 is also a Domain Registrar and can register your domain name in the service.
The only AWS service that provides 100% availability SLA.
Each record of the domain consists of,
- Domain/SubDomain Name - (domain name like example.com).
- RecordType - (DNS Record Types).
- Value - (IP addresses/DNS entry).
- Routing Policy
- TTL - (Cache duration at DNS resolver end).

Domain Registrar

Domain Registrar in AWS ecosystem is Amazon Registrar.
Domain Registrar is not same as DNS service. They may have DNS capability.

Hosted Zone

A container for records, and records contain information about how you want to route traffic for a specific domain, such as example.com, and its subdomains (acme.example.com, zenith.example.com).
A hosted zone and the corresponding domain have the same name.
Any type of hosted zone created charges $0.50 per month per hosted zone. And separate charged for domain registration.
There are two types of hosted zones.

Public Hosted Zone

Contains records that specify how to route the traffic on the Internet.
Can be queried by resources anywhere on internet.

Private Hosted Zone

Contains records that specify how to route the traffic within one or more VPCs (private domain names).
Can only be queried by resources in your VPC.

Record Types

Some of them are as A, AAAA, CNAME, NS etc.

CNAME

Points a hostname to any other hostname.
CNAME records can only be made for non root domain. They cannot be created for top node of DNS (Zone Apex).

Alias

Points a hostname to an AWS resource.
This is an extension specific to Route53 domain registrar.
Works for both root and non-root domain.
Free of charge, does not incur charges on querying.
Cannot set TTL for these record, this is set automatically by Route53.
Alias can have following target
- Elastic load balancer
- CloudFront Distributions
- API Gateway
- ElasticBeanStalk environments
- S3 Websites
- VPC Interface Endpoints
- Global Accelerator accelerator
- Route 53 record in the same Hosted Zone.
Note that only one target can be specified for these type of records.
Alias cannot be set for a EC2 DNS name.
Alias Records are always of type A or AAAA.
They also have native health checks support.

Routing Policy

A routing policy, determines how Amazon Route 53 responds to queries.
Types of routing policy
- Simple -> Can only have one record for alias, does not allow health checks.
- Weighted
- Failover
- Latency Based
- Geolocation
- Multi-Value
- Geoproximity
- IP Based

Health checks

Configuring health checks enables Automatic DNS failover.
These health checks are only for public health resources.
About 15 global health checkers will check for the endpoint health.
Parameters such as for healthy or unhealthy threshold (3 by default), interval for health checks (30 seconds but can be 10 seconds for fast health checks), protocol etc can be configured.
These health checkers support protocol such as HTTP, HTTPS and TCP.
If 18% of health checkers report the endpoint is healthy, then Route53 considers the resource as healthy.
Health checks are considered good when response are of status 2xx and 3xx. It can also set up to setup pass/fail based on text in first 5120 bytes of the response.
Ensure the router/firewall has rules to allow incoming requests from Route 53 health checkers.
Ability to configure the global health checker from a specific region is available.
Not supported by simple routing policy.
Health checks are integrated with Cloud Watch metrics.

Calculated health checks

Combine the results of multiple health checks into a single health check.
One can combine the multiple health checks using AND, OR or NOT.
Upto 256 child health checks can be monitored at a time.
Parent health check pass ratio can be configured based on the number of child health checks that have passed.

Private resource health checks

As Route53 health checkers are outside the VPC, they cant access private VPC or on-premise resource.
Private resources can be configured with CloudWatch Metric and associate them with a CloudWatch Alarm.
This configured CloudWatch Alarm can be attached to the health checker so that health check checks the CloudWatch alarm itself.

Traffic Flow

Traffic flow allows to configure complicated DNS Policy.
This feature is not included in Free tier.
It provides a visual UI editor to manage complex routing decision trees.

PreviousBasics of DNS Next08_VPC

Last updated 4 months ago

Icon

About

A highly available, scalable, fully managed and Authoritative (i.e., you can update the DNS records) DNS.
Route 53 is also a Domain Registrar and can register your domain name in the service.
The only AWS service that provides 100% availability SLA.
Each record of the domain consists of,
- Domain/SubDomain Name - (domain name like example.com).
- RecordType - (DNS Record Types).
- Value - (IP addresses/DNS entry).
- Routing Policy
- TTL - (Cache duration at DNS resolver end).

Domain Registrar

Domain Registrar in AWS ecosystem is Amazon Registrar.
Domain Registrar is not same as DNS service. They may have DNS capability.

Hosted Zone

A container for records, and records contain information about how you want to route traffic for a specific domain, such as example.com, and its subdomains (acme.example.com, zenith.example.com).
A hosted zone and the corresponding domain have the same name.
Any type of hosted zone created charges $0.50 per month per hosted zone. And separate charged for domain registration.
There are two types of hosted zones.

Public Hosted Zone

Contains records that specify how to route the traffic on the Internet.
Can be queried by resources anywhere on internet.

Private Hosted Zone

Contains records that specify how to route the traffic within one or more VPCs (private domain names).
Can only be queried by resources in your VPC.

Record Types

There are several of DNS records.
Some of them are as A, AAAA, CNAME, NS etc.

CNAME

Points a hostname to any other hostname.
CNAME records can only be made for non root domain. They cannot be created for top node of DNS (Zone Apex).

Alias

Points a hostname to an AWS resource.
This is an extension specific to Route53 domain registrar.
Works for both root and non-root domain.
Free of charge, does not incur charges on querying.
Cannot set TTL for these record, this is set automatically by Route53.
Alias can have following target
- Elastic load balancer
- CloudFront Distributions
- API Gateway
- ElasticBeanStalk environments
- S3 Websites
- VPC Interface Endpoints
- Global Accelerator accelerator
- Route 53 record in the same Hosted Zone.
Note that only one target can be specified for these type of records.
Alias cannot be set for a EC2 DNS name.
Alias Records are always of type A or AAAA.
They also have native health checks support.

Routing Policy

A routing policy, determines how Amazon Route 53 responds to queries.
Types of routing policy
- Simple -> Can only have one record for alias, does not allow health checks.
- Weighted
- Failover
- Latency Based
- Geolocation
- Multi-Value
- Geoproximity
- IP Based
More details about types of routing policies and how to choose them can be found .

Health checks

Configuring health checks enables Automatic DNS failover.
These health checks are only for public health resources.
About 15 global health checkers will check for the endpoint health.
Parameters such as for healthy or unhealthy threshold (3 by default), interval for health checks (30 seconds but can be 10 seconds for fast health checks), protocol etc can be configured.
These health checkers support protocol such as HTTP, HTTPS and TCP.
If 18% of health checkers report the endpoint is healthy, then Route53 considers the resource as healthy.
Health checks are considered good when response are of status 2xx and 3xx. It can also set up to setup pass/fail based on text in first 5120 bytes of the response.
Ensure the router/firewall has rules to allow incoming requests from Route 53 health checkers.
Ability to configure the global health checker from a specific region is available.
Not supported by simple routing policy.
The ip ranges of these global health checkers can be found
Health checks are integrated with Cloud Watch metrics.

Calculated health checks

Combine the results of multiple health checks into a single health check.
One can combine the multiple health checks using AND, OR or NOT.
Upto 256 child health checks can be monitored at a time.
Parent health check pass ratio can be configured based on the number of child health checks that have passed.

Private resource health checks

As Route53 health checkers are outside the VPC, they cant access private VPC or on-premise resource.
Private resources can be configured with CloudWatch Metric and associate them with a CloudWatch Alarm.
This configured CloudWatch Alarm can be attached to the health checker so that health check checks the CloudWatch alarm itself.

Traffic Flow

Traffic flow allows to configure complicated DNS Policy.
This feature is not included in Free tier.
It provides a visual UI editor to manage complex routing decision trees.