AWS Route 53
Route 53 is a highly available and scalable Domain Name System (DNS) web service.
Route 53 provides three main functions:
Domain registration
- allows domain names registration
Domain Name System (DNS) service
translates friendly domains names like example.com into IP addresses like 192.0.2.1
responds to DNS queries using a global network of authoritative DNS servers, which reduces latency
can route Internet traffic to CloudFront, Elastic Beanstalk, ELB, or S3. There’s no charge for DNS queries to these resources
Health Checking
can monitor the health of resources such as web and email servers.
sends automated requests over the Internet to the application to
verify that it’s reachable, available, and functionalCloudWatch alarms can be configured for the health checks to send notifications when a resource becomes unavailable.
can be configured to route Internet traffic away from resources that are unavailable
Security
- supports both DNSSEC for domain registration and DNSSEC signing
Supported DNS Resource Record Types
A (Address) Format
- is an IPv4 address in dotted decimal notation for e.g. 192.0.2.1
AAAA Format
- is an IPv6 address in colon-separated hexadecimal format
CNAME Format
is the same format as a domain name
DNS protocol does not allow creation of a CNAME record for the top node of a DNS namespace, also known as the zone apex*for e.g. the DNS name example.com registration, the zone apex is example.com,* a CNAME record for example.com cannot be created, but CNAME records can be created for example.com, newproduct.example.com etc.
If a CNAME record is created for a subdomain, any other resource record sets for that subdomain cannot be created for e.g. if a CNAME created for example.com, no other resource record sets for which the value of the Name field is example.com can be created
MX (Mail Xchange) Format
- contains a decimal number that represents the priority of the MX record, and the domain name of an email server
NS (Name Server) Format
- An NS record identifies the name servers for the hosted zone. The value for an NS record is the domain name of a name server.
PTR Format
- A PTR record Value element is the same format as a domain name.
SOA (Start of Authority) Format
- SOA record provides information about a domain and the corresponding Amazon Route 53 hosted zone
SPF (Sender Policy Framework) Format
SPF records were formerly used to verify the identity of the sender of email messages, however is not recommended
Instead of an SPF record, a TXT record that contains the applicable value is recommended
SRV Format
- An SRV record Value element consists of four space-separated values.The first three values are decimal numbers representing priority, weight, and port. The fourth value is a domain name for e.g. 10 5 80 hostname.example.com
TXT (Text) Format
- A TXT record contains a space-separated list of double-quoted strings. A single string include a maximum
of 255 characters. In addition to the characters that are permitted unescaped in domain names, space
is allowed in TXT strings.
- A TXT record contains a space-separated list of double-quoted strings. A single string include a maximum
Route 53 Hosted Zone
Hosted Zone is a container for records, which include information about how to route traffic for a domain (such as example.com) and all of its subdomains (such as example.com, retail.example.com, and seattle.accounting.example.com).
A hosted zone has the same name as the corresponding domain.
Routing Traffic to the Resources
Create a hosted zone with either a public hosted zone or a private hosted zone:
Public Hosted Zone – for routing internet traffic to the resources for a specific domain and its subdomains
Private hosted zone – for routing traffic within a VPC
Create records in the hosted zone
Records define where to route traffic for each domain name or subdomain name.
Name of each record in a hosted zone must end with the name of the hosted zone.
For public/private and private Hosted Zones that have overlapping
namespaces, Route 53 Resolvers routes traffic to the most specific match.IAM permissions apply only at the Hosted Zone level
Route 53 Health Checks
Route 53 health checks monitor the health and performance of the underlying resources.
Health check types
Health checks that monitor an endpoint, such as a web server.
Health checkers are located in locations around the world.
The health checker location and interval can be specified.
Health checker evaluates the health of the endpoint based
Response time
Specified failure threshold – Whether the endpoint responds to a number of consecutive health checks
The endpoint is considered healthy if more than 18% of health checkers report that an endpoint is healthy.
Health check is considered healthy if
HTTP and HTTPS health checks
TCP connection can be established within four seconds.
Returns 2xx or 3xx within two seconds after connecting.
TCP health checks
- TCP connection can be established within ten seconds.
HTTP and HTTPS health checks with string matching
TCP connection can be established within four seconds.
Returns 2xx or 3xx within two seconds after connecting.
Route 53 searches the response body for the specified string which must appear entirely in the first 5,120 bytes of the response body or the endpoint fails the health check.
Calculated health checks – Health checks that monitor the status of other health checks.
Health check that does the monitoring is the parent health check, and the health checks that are monitored are child health checks.
One parent health check can monitor the health of up to 255 child health checks
Health checks that monitor the status of a CloudWatch alarm.
- Route 53 monitors the data stream for the corresponding alarm instead of monitoring the alarm state.
Route 53 checks the health of an endpoint by sending an HTTP, HTTPS, or TCP request to the specified IP address and port.
For a health check to succeed, the router and firewall rules must allow inbound traffic from the IP addresses that the health checkers use.