Route 53 — Concept
What it is
Amazon Route 53 = AWS's authoritative DNS service, domain registrar, and health-check / traffic-routing engine.
Why it exists
DNS is the entry point of every user request. Route 53 gives global, low-latency resolution; integrates tightly with AWS resources (alias records); and supports routing policies that act like a "smart load balancer" at DNS level (latency, failover, geo, weighted).
Record types you must know
- A — IPv4 address.
- AAAA — IPv6 address.
- CNAME — alias to another DNS name. Cannot be at the zone apex (root).
- Alias — Route 53-specific. Points to AWS resources (ALB, NLB, CloudFront, S3 website, API Gateway, Elastic Beanstalk, Global Accelerator, another Route 53 record). Free, can be at the apex, automatically tracks resource changes.
- NS / SOA — zone authority.
- MX — mail exchange.
- TXT — text (SPF, domain verification).
- CAA — which CAs may issue certificates.
Routing policies (BIG exam topic)
| Policy | Use |
|---|---|
| Simple | One static answer (round-robin if multiple IPs). No health checks. |
| Weighted | Split traffic by weight (e.g. blue/green deployment, A/B test). |
| Latency-based | Route user to the region with lowest measured latency. |
| Failover | Active/passive with health check (e.g. primary region down → DR). |
| Geolocation | Route by user's continent / country / state. |
| Geoproximity | Route by geographic distance with optional bias (Traffic Flow only). |
| Multi-value answer | Up to 8 healthy records returned (simple client-side LB, not full LB). |
| IP-based | Map specific client CIDRs to specific endpoints. |
Health checks
- Endpoint (HTTP/HTTPS/TCP), calculated (combine other checks), CloudWatch alarm-based.
- Used by Failover & multi-value policies.
- Latency-based policy does not require health check, but combining is wise.
TTL
- Lower TTL = faster failover, more queries (cost + load).
- For DR scenarios use 60 s TTL on records used by failover.
Hosted zones
- Public = internet DNS.
- Private = DNS inside one or more VPCs (split-horizon DNS).
When to use vs alternatives
| Use ... | Instead of ... | When ... |
|---|---|---|
| Route 53 Alias | CNAME | Pointing zone apex to AWS resource — alias is free + works at apex |
| Latency policy | CloudFront alone | True regional routing across multi-region active-active app |
| Geolocation policy | Latency policy | Compliance ("EU users must go to EU region") |
| Failover policy | Manual DNS change | Automated active/passive DR |
| Global Accelerator | Route 53 latency | Need TCP/UDP, static anycast IPs, sub-minute failover |
Common exam scenarios
- "Apex (example.com) must point to ALB" → Alias A record (CNAME not allowed at apex).
- "50/50 split between blue and green environment" → Weighted policy.
- "Send EU users to eu-west-1, US users to us-east-1" → Latency or Geolocation.
- "Comply with data residency: only French users hit French endpoint" → Geolocation.
- "Active/passive DR — fail over to standby region if primary unhealthy" → Failover policy + health check.
- "Lower DNS RTO" → reduce TTL on critical records before cutover.
- "DNS inside VPC for private hostnames" → Private hosted zone.
Exam tip
- Alias vs CNAME: always pick Alias for AWS resources, especially at the apex.
- Geolocation (compliance) ≠ Latency (performance).
- For TCP/UDP failover faster than DNS TTL allows → Global Accelerator.