What is the purpose of an Inbound Endpoint in Amazon Route 53 Resolver?
An Inbound Endpoint in Route 53 Resolver allows your on-premises DNS resolvers to resolve domain names for AWS resources (like EC2 instances) and records in Private Hosted Zones.
It enables DNS queries from an on-premises data center to reach AWS over a VPN or Direct Connect (DX) connection, resolving names such as app.aws.private within the VPC’s private hosted zone.
What is a DNS resolver?
A DNS resolver is a server or software that translates domain names (like example.com) into IP addresses (like 93.184.216.34). It performs the lookup process so devices can connect to the correct servers on the internet.
Recursive resolvers find answers by querying other DNS servers.
Authoritative resolvers store and return the official DNS records for domains.
What is a Private Hosted Zone in Amazon Route 53?
A Private Hosted Zone is a DNS zone in Route 53 that’s accessible only within specified VPCs. It allows you to create internal DNS records (e.g., app.aws.private) for AWS resources that are not exposed to the public internet.
What is Hybrid DNS in AWS?
Hybrid DNS is a setup that enables DNS query resolution between AWS VPCs and on-premises networks. It connects Route 53 Resolvers in AWS with other DNS resolvers in external networks (like on-premises systems) using Direct Connect or AWS VPN.
This allows seamless name resolution across cloud and on-premises environments
What is a Hosted Zone in Amazon Route 53?
A Hosted Zone is a container for DNS records that define how traffic is routed for a domain, such as example.com. It acts as the DNS database for that domain.
Public Hosted Zone: Routes traffic on the internet.
Private Hosted Zone: Routes traffic only within specified VPCs
How can you use GoDaddy as your registrar and Amazon Route 53 as your DNS service?
You can buy your domain from GoDaddy and manage its DNS through Amazon Route 53 by:
Creating a Public Hosted Zone for the domain in Route 53.
Updating the nameservers in GoDaddy’s settings to use the Route 53 name servers provided.
After this, GoDaddy remains the registrar, but Route 53 handles all DNS resolution for the domain.
What is the Multi-Value Routing Policy in Amazon Route 53?
The Multi-Value Routing Policy routes traffic to multiple resources by returning several IP addresses or records in a single DNS response.
Can include health checks to return only healthy resources.
Returns up to 8 healthy records per query.
Not a replacement for Elastic Load Balancing (ELB).
What is IP-based Routing in Amazon Route 53?
IP-based Routing directs traffic based on the client’s IP address. You define CIDR blocks (ranges of IPs) and map them to specific endpoints or locations.
Used to optimize performance or reduce network costs.
Example: Route users from a specific ISP or region to a designated endpoint.
What is Geoproximity Routing in Amazon Route 53?
Geoproximity Routing routes traffic based on the geographic location of users and resources.
Lets you shift traffic toward or away from resources using a bias value:
+1 to +99: Expand region → more traffic to the resource.
–1 to –99: Shrink region → less traffic to the resource.
Works with AWS resources (by region) or non-AWS resources (by latitude/longitude).
Must be configured using Route 53 Traffic Flow.
What is Geolocation Routing in Amazon Route 53?
Geolocation Routing directs traffic based on the geographic location of the user — such as continent, country, or U.S. state.
Different from latency-based routing (which focuses on performance).
Route 53 picks the most specific match if overlaps occur.
Always create a default record for unmatched locations.
Common uses: website localization, content restrictions, load balancing.
Can be combined with health checks to route only to healthy endpoints.
What is the Failover (Active-Passive) Routing Policy in Amazon Route 53?
The Failover Routing Policy routes traffic to a primary resource (active) and automatically switches to a secondary resource (passive) if the primary fails.
Requires a mandatory health check on the primary resource.
Commonly used for disaster recovery setups.
Example: If the primary EC2 instance becomes unhealthy, Route 53 redirects traffic to the secondary EC2 instance.
How do Health Checks work with Private Hosted Zones in Amazon Route 53?
Route 53 health checkers operate outside your VPC, so they cannot access private resources (like internal VPC endpoints or on-prem servers).
To monitor private endpoints:
Create a CloudWatch metric and CloudWatch alarm for the resource.
Configure a Route 53 health check that tracks the CloudWatch alarm status instead of directly probing the endpoint.
What is a Calculated Health Check in Amazon Route 53?
A Calculated Health Check combines the results of multiple health checks into a single overall status.
Supports logical operators: AND, OR, NOT.
Can include up to 256 child health checks.
You can set how many checks must pass for the parent to be considered healthy.
Useful for maintenance scenarios where you don’t want all checks to fail during partial downtime.
What happens when Route 53 Health Checks are used to monitor an endpoint?
Route 53 Health Checks use about 15 global health checkers to monitor an endpoint via HTTP, HTTPS, or TCP.
Default thresholds: 3 consecutive successes or failures.
Interval: Every 30 seconds (or 10 seconds at higher cost).
Considered healthy if over 18% of checkers report it healthy.
Pass criteria: Endpoint returns 2xx or 3xx status codes (or optional specific text in the first 5120 bytes).
You can select specific regions for health checks.
Must ensure router/firewall allows incoming requests from Route 53 checkers.
What are Health Checks in Amazon Route 53 and how are they used?
Route 53 Health Checks monitor the health of resources to enable automated DNS failover.
HTTP health checks work only for public resources.
Three types of health checks:
Endpoint checks – monitor apps, servers, or AWS resources.
Calculated checks – combine results of multiple health checks.
CloudWatch alarm checks – monitor metrics or alarms (ideal for private resources).
Fully integrated with CloudWatch metrics for visibility and automation.
What are Routing Policies in Amazon Route 53?
Routing Policies in Route 53 define how DNS queries are answered, not how traffic is routed like a load balancer.
DNS only returns IP addresses based on the policy—it doesn’t move the traffic itself.
Route 53 supports these policies:
Simple
Weighted
Failover
Latency-based
Geolocation
Multi-Value Answer
Geoproximity (via Traffic Flow)
What is the Simple Routing Policy in Amazon Route 53?
The Simple Routing Policy routes traffic to a single resource.
You can include multiple values in one record, but the client randomly selects one.
When using an Alias record, only one AWS resource can be specified.
Cannot be associated with health checks.
What is the Weighted Routing Policy in Amazon Route 53?
The Weighted Routing Policy lets you control the percentage of DNS traffic sent to each resource by assigning relative weights to records.
Records must have the same name and type.
Weights don’t need to total 100; traffic is distributed proportionally.
Can be associated with health checks.
Weight = 0 stops routing traffic to that resource.
Common uses: load balancing across regions and testing new app versions.
What is the Latency-based Routing Policy in Amazon Route 53?
The Latency-based Routing Policy directs users to the AWS resource with the lowest network latency relative to their location.
Latency is measured between user locations and AWS Regions.
Ensures users connect to the fastest-performing endpoint.
Can be associated with health checks for automatic failover.
Example: A user in Germany may be routed to the US region if it offers lower latency.
What are Alias Record targets in Amazon Route 53?
Alias Records in Route 53 can point DNS names directly to certain AWS resources instead of IP addresses.
Supported targets include:
Elastic Load Balancers (ELB)
CloudFront Distributions
API Gateway endpoints
Elastic Beanstalk environments
S3 static websites
VPC Interface Endpoints
AWS Global Accelerator
Another Route 53 record in the same hosted zone
⚠️ You cannot create an Alias record for an EC2 instance’s DNS name.
What is an Alias Record in Amazon Route 53?
An Alias Record maps a hostname to an AWS resource and extends standard DNS functionality.
Automatically updates when the target resource’s IP address changes.
Unlike CNAME, it can be used at the zone apex (e.g., example.com).
Always of type A (IPv4) or AAAA (IPv6).
TTL is managed automatically — you can’t set it manually.
What is the difference between a CNAME record and an Alias record in Amazon Route 53?
CNAME:
Points one hostname to another hostname (e.g., app.mydomain.com → api.example.com).
Works only for subdomains, not the root domain.
Standard DNS feature.
Alias:
Points a hostname directly to an AWS resource (e.g., ELB, CloudFront).
Works for both root and non-root domains.
Free of charge and supports native health checks.
What is TTL (Time To Live) in Amazon Route 53 DNS records?
TTL (Time To Live) defines how long a DNS record is cached by clients and resolvers before checking Route 53 again.
High TTL (e.g., 24 hrs):
Reduces Route 53 traffic (lower cost).
Increases chance of outdated records.
Low TTL (e.g., 60 sec):
More frequent lookups (higher cost).
Records update faster and are easier to change.
TTL is required for all records except Alias records.
What is a Hosted Zone in Amazon Route 53?
A Hosted Zone is a container for DNS records that define how Route 53 routes traffic for a domain and its subdomains.
Public Hosted Zone: Routes traffic on the internet (e.g., app.mydomain.com).
Private Hosted Zone: Routes traffic within one or more VPCs (e.g., app.internal).
Cost: $0.50 per hosted zone per month.
