Amazon Route 53
Managed DNS service — domain registration, routing policies, health checks, hosted zones, and DNS failover for high-availability architectures.
Overview
Amazon Route 53 is a highly available, scalable Domain Name System (DNS) web service — it translates domain names to IP addresses, routes end users to applications, and supports health-checked failover for high-availability architectures.
Route 53 provides three main functions: domain registration, DNS routing, and health checking. It achieves 100% availability SLA, making it one of the few AWS services with this guarantee.
Core Concepts
| Concept | Description |
|---|---|
| Hosted Zone | A container for DNS records for a specific domain; public (internet) or private (VPC-only) |
| Record Set | A DNS record mapping a domain name to an IP address, alias, or other value |
| Alias Record | AWS-specific extension — maps a domain directly to an AWS resource (ALB, CloudFront, S3, etc.) without an extra lookup |
| Routing Policy | Determines how Route 53 responds to DNS queries (Simple, Weighted, Latency, etc.) |
| Health Check | Monitors endpoint health; unhealthy targets are removed from DNS responses |
| TTL | Time to Live — how long DNS resolvers cache a record before querying Route 53 again |
| Domain Registration | Route 53 can register and manage domain names (integrated registrar) |
Record Types
| Type | Purpose | Example |
|---|---|---|
| A | Maps domain to IPv4 address | example.com → 54.23.100.1 |
| AAAA | Maps domain to IPv6 address | example.com → 2001:db8::1 |
| CNAME | Maps domain to another domain name | www.example.com → example.com |
| MX | Mail exchange — routes email to mail servers | example.com → mail.example.com |
| NS | Name server — identifies DNS servers for a zone | Auto-created in hosted zone |
| SOA | Start of Authority — zone metadata | Auto-created in hosted zone |
| TXT | Arbitrary text — domain verification, SPF, DKIM | example.com → "v=spf1 include:..." |
| SRV | Service locator — port and host for a service | _sip._tcp.example.com |
Exam Trap: CNAME records cannot be used at the zone apex (naked domain
like example.com). Use an Alias record instead to map the apex to an AWS
resource like ALB, CloudFront, or S3.
Alias vs CNAME
| Feature | Alias Record | CNAME Record |
|---|---|---|
| Zone apex support | Yes | No |
| DNS query charge | Free (for AWS resources) | Standard Route 53 charges |
| Target | AWS resources only (ALB, CloudFront, S3, etc.) | Any domain name |
| TTL | Inherited from the target | Configurable |
| Record type | A or AAAA only | CNAME |
Routing Policies
| Policy | Behaviour | Use Case |
|---|---|---|
| Simple | Returns one or more values randomly (no health check integration) | Single resource, basic routing |
| Weighted | Distributes traffic by percentage weights across records | A/B testing, gradual deployments |
| Latency-based | Routes to the region with lowest network latency for the requester | Multi-region active-active |
| Failover | Primary/secondary — routes to secondary when primary health check fails | Active-passive disaster recovery |
| Geolocation | Routes based on the geographic location of the requester | Content localisation, compliance restrictions |
| Geoproximity | Routes based on geographic proximity; supports bias to shift traffic | Fine-grained geographic traffic control |
| Multi-value Answer | Returns up to 8 healthy records randomly (like Simple but with health checks) | Simple load distribution with health checks |
| IP-based | Routes based on the client's source IP CIDR range | ISP-specific routing, compliance |
SAA/SAP Tip: Failover routing + health checks is the standard pattern for active-passive DR. Latency-based routing + health checks is used for active-active multi-region architectures to route users to the fastest healthy endpoint.
Health Checks
| Health Check Type | Monitors |
|---|---|
| Endpoint | HTTP/HTTPS/TCP to an IP or domain; configurable path and interval |
| Calculated | Combines results of other health checks (AND/OR logic) |
| CloudWatch Alarm-based | Treats a CloudWatch alarm state as the health signal |
Key settings:
- Request interval: 30 seconds (standard) or 10 seconds (fast, higher cost)
- Failure threshold: Number of consecutive failures before marking unhealthy (default: 3)
- String matching: Verify response body contains a specific string (first 5,120 bytes)
Exam Trap: Route 53 health checkers run from multiple global locations. Security groups and NACLs must allow inbound traffic from Route 53 health checker IP ranges, or the endpoint will always appear unhealthy.
Private Hosted Zones
- Resolve DNS names within one or more VPCs (not accessible from the internet)
- Associate the hosted zone with specific VPCs (same account or cross-account via RAM)
- Enable DNS hostnames and DNS resolution on the VPC
- Use case: internal service discovery (
api.internal.company.com)
Common Use Cases
- Domain management — Register and manage domains with integrated DNS hosting.
- Active-passive failover — Failover routing policy with health checks for DR.
- Multi-region load balancing — Latency-based routing to direct users to the closest healthy region.
- Blue/green deployments — Weighted routing to gradually shift traffic between environments.
- Geolocation compliance — Restrict content delivery to specific countries or regions.
- Internal service discovery — Private hosted zones for VPC-internal DNS resolution.
SAA/SAP Exam Tips
SAA/SAP Tip: Alias records are free for queries to AWS resources and work at the zone apex. The exam frequently presents scenarios where CNAME is offered as a distractor for apex domains — always choose Alias for these.
Exam Trap: Geolocation routing returns a response only if a record matches the user's location (must set a default record for unmatched locations). Geoproximity with bias allows shifting traffic toward or away from a region — requires Traffic Flow.
SAA/SAP Tip: Route 53 is a global service — it is not region-scoped. This is important for disaster recovery: Route 53 itself remains available even if an entire region is down.
Cross-Cloud Equivalents
| Provider | Service / Solution | Notes |
|---|---|---|
| AWS | Amazon Route 53 | Baseline |
| Azure | Azure DNS + Azure Traffic Manager | Separate DNS and traffic routing services |
| GCP | Google Cloud DNS + Cloud Load Balancing | DNS hosting separate from traffic management |
| On-Premises | BIND, PowerDNS, Windows DNS Server | Self-hosted authoritative DNS |
Pricing Model
| Dimension | Unit | Notes |
|---|---|---|
| Hosted zones | Per zone/month | $0.50/month per zone (first 25 included) |
| Standard queries | Per million | $0.40 per million queries |
| Latency/Geo queries | Per million | $0.60–$0.70 per million queries |
| Alias queries to AWS | Free | No charge for queries to ALB, CloudFront, S3, etc. |
| Health checks | Per check/month | $0.50–$0.75/month per health check |
| Domain registration | Per domain/year | Varies by TLD (~$12/year for .com) |
Related Services / See Also
- Amazon CloudFront — CDN often fronted by Route 53 Alias records
- Elastic Load Balancing — common Alias target for Route 53 records
- Amazon VPC — private hosted zones resolve within VPCs
- AWS Certificate Manager — TLS certificates for HTTPS endpoints routed by Route 53
Elastic Load Balancing
Managed load balancers — ALB, NLB, and GWLB covering target groups, listeners, sticky sessions, cross-zone balancing, and health checks.
Amazon VPC
Virtual Private Cloud — isolated network environment covering subnets, route tables, NAT Gateways, NACLs, security groups, VPC endpoints, and peering.