Route 53: DNS Management
Every time someone types your domain name into a browser, a DNS query translates it into an IP address. Amazon Route 53 is AWS's highly available DNS service that not only resolves domain names but also routes traffic based on health checks, geography, and load. In this lesson, we'll explore how to manage DNS with Route 53.
What You'll Learn
By the end of this lesson, you'll understand how DNS works, how to register domains, create hosted zones, configure different record types, and use Route 53's traffic routing policies.
What is DNS?
The Domain Name System (DNS) translates human-readable domain names (like www.example.com) into IP addresses (like 192.0.2.1) that computers use to connect.
How DNS Resolution Works
1. User types: www.example.com
│
▼
2. Browser asks: DNS Resolver (usually your ISP)
│
▼
3. Resolver queries: Root nameserver (.)
│
▼
4. Root refers to: TLD nameserver (.com)
│
▼
5. TLD refers to: Authoritative nameserver (example.com)
│
▼
6. Authoritative returns: 192.0.2.1
│
▼
7. Browser connects to: 192.0.2.1
DNS Records
Different record types serve different purposes:
| Record Type | Purpose | Example |
|---|---|---|
| A | Maps domain to IPv4 address | example.com → 192.0.2.1 |
| AAAA | Maps domain to IPv6 address | example.com → 2001:0db8::1 |
| CNAME | Alias to another domain | www.example.com → example.com |
| MX | Mail server for domain | example.com → mail.example.com |
| TXT | Text data (verification, SPF) | example.com → "v=spf1 include:..." |
| NS | Nameservers for domain | example.com → ns1.awsdns.com |
| SOA | Start of authority | Administrative info |
What is Route 53?
Route 53 is AWS's DNS web service with three main functions:
- Domain registration - Buy and manage domain names
- DNS routing - Translate domains to IP addresses
- Health checking - Monitor resource availability
Why "Route 53"?
The name refers to TCP/UDP port 53, the standard port for DNS traffic.
Route 53 Features
- 100% availability SLA - One of the few AWS services with this
- Global network - DNS servers on all continents
- Integration - Works seamlessly with other AWS services
- Traffic routing - Multiple routing policies for different needs
- Health checks - Automatic failover on failures
Registering a Domain
You can register domains directly through Route 53.
Step 1: Search for Domain
- Go to Route 53 console
- Click "Registered domains" → "Register domain"
- Enter desired domain name
- Check availability and pricing
Step 2: Configure Registration
- Select registration period (1-10 years)
- Enable/disable auto-renewal
- Enter contact information
- Review and purchase
Pricing
Domain pricing varies by TLD:
- .com: ~$13/year
- .org: ~$12/year
- .io: ~$39/year
- .dev: ~$14/year
Domain registration through Route 53 automatically creates a hosted zone.
Hosted Zones
A hosted zone is a container for DNS records for a domain.
Public Hosted Zone
For internet-facing domains. Records are accessible publicly.
Private Hosted Zone
For internal DNS within a VPC. Records only resolve from within associated VPCs.
Creating a Hosted Zone
If you registered your domain elsewhere:
- Go to Route 53 → "Hosted zones"
- Click "Create hosted zone"
- Enter domain name
- Choose type (public or private)
- Create
Updating Nameservers
After creating a hosted zone, Route 53 provides 4 nameservers. If your domain is registered elsewhere, update the nameservers at your registrar:
ns-123.awsdns-12.com
ns-456.awsdns-34.net
ns-789.awsdns-56.org
ns-012.awsdns-78.co.uk
Creating DNS Records
Basic A Record
Map your domain to an IP address:
- Go to hosted zone
- Click "Create record"
- Record name: Leave blank for root (example.com) or enter subdomain (www)
- Record type: A
- Value: Your server's IP address
- TTL: 300 (5 minutes for testing, longer for production)
Alias Records
Route 53's special feature for routing to AWS resources without needing their IP:
example.com → d123456.cloudfront.net (Alias)
Alias-compatible targets:
- CloudFront distributions
- Elastic Load Balancers
- S3 buckets (configured for website hosting)
- API Gateway
- Another Route 53 record
Benefits:
- No charge for alias queries (unlike CNAME)
- Works at zone apex (root domain)
- Automatically updates if target IP changes
Common Record Examples
Website:
example.com A → 192.0.2.1
www.example.com CNAME → example.com
With CloudFront:
example.com A → Alias to CloudFront distribution
www.example.com A → Alias to CloudFront distribution
Email:
example.com MX → 10 mail.example.com
mail.example.com A → 192.0.2.100
example.com TXT → "v=spf1 include:_spf.google.com ~all"
Routing Policies
Route 53 offers several routing policies for different use cases.
Simple Routing
One record → one or more IP addresses. If multiple values, Route 53 returns all (client chooses randomly).
Use case: Single resource, no special routing needed.
Weighted Routing
Distribute traffic by percentage:
Record A: 192.0.2.1 Weight: 70 (70% of traffic)
Record B: 192.0.2.2 Weight: 30 (30% of traffic)
Use case: Gradual deployments, A/B testing, load distribution.
Latency-Based Routing
Route to the region with lowest latency for the user:
Record US: us-east-1 resources
Record EU: eu-west-1 resources
Record Asia: ap-northeast-1 resources
Route 53 measures latency and routes users to the fastest region.
Use case: Global applications needing best performance.
Failover Routing
Active-passive failover using health checks:
Primary: 192.0.2.1 (healthy → traffic goes here)
Secondary: 192.0.2.2 (standby → used if primary fails)
Use case: Disaster recovery, high availability.
Geolocation Routing
Route based on user's geographic location:
USA users → US servers
European users → EU servers
Default → fallback servers
Use case: Localized content, compliance requirements, regional restrictions.
Geoproximity Routing
Route based on geographic location with bias:
US-East resource with bias +25 → Attracts more traffic
US-West resource with bias -25 → Attracts less traffic
Use case: Fine-tuned geographic routing, shifting traffic between regions.
Multi-Value Answer Routing
Return multiple healthy IP addresses:
Returns up to 8 healthy IPs → Client chooses
Use case: Simple load balancing with health checks.
Health Checks
Health checks monitor your resources and enable automatic failover.
Creating a Health Check
- Go to Route 53 → "Health checks"
- Click "Create health check"
- Configure:
- What to monitor: Endpoint, other health checks, or CloudWatch alarm
- Endpoint: IP or domain name
- Protocol: HTTP, HTTPS, or TCP
- Path: /health (for HTTP/HTTPS)
- Interval: 30 or 10 seconds
- Failure threshold: How many failures before unhealthy
Health Check Options
| Option | Description |
|---|---|
| Request interval | 30 seconds (standard) or 10 seconds (fast) |
| Failure threshold | 1-10 consecutive failures |
| String matching | Check response body for expected text |
| Latency graphs | Monitor response times |
| Invert status | Healthy when check fails (maintenance mode) |
Using Health Checks
Associate health checks with DNS records:
- Edit record set
- Set routing policy (failover, weighted, etc.)
- Associate health check
- Route 53 only returns healthy records
Private DNS
Use Route 53 for internal DNS within VPCs.
Creating Private Hosted Zone
- Create hosted zone
- Choose "Private hosted zone"
- Associate with VPC(s)
Use Cases
- Internal service discovery (
api.internal) - Split-horizon DNS (different internal vs external IPs)
- Custom domain names for internal resources
Hybrid DNS
Connect on-premises DNS with Route 53:
- Outbound endpoints: Resolve Route 53 records from on-premises
- Inbound endpoints: Resolve on-premises records from VPCs
Domain Transfer
Move an existing domain to Route 53:
Steps
- Unlock domain at current registrar
- Get authorization code from current registrar
- In Route 53: Domains → Transfer domain
- Enter domain and authorization code
- Pay transfer fee
- Confirm transfer via email
Transfers typically complete in 5-7 days.
Best Practices
TTL Settings
| Use Case | Recommended TTL |
|---|---|
| Testing/migration | 60-300 seconds |
| Production, stable | 3600-86400 seconds |
| Failover records | 60 seconds |
Lower TTL = faster propagation but more DNS queries.
Security
- Enable DNSSEC for domain (prevents DNS spoofing)
- Use IAM to restrict who can modify records
- Monitor with CloudWatch and CloudTrail
Reliability
- Use health checks for critical records
- Have failover records for high availability
- Test failover scenarios regularly
Route 53 Pricing
| Feature | Cost |
|---|---|
| Hosted zone | $0.50/month |
| Standard queries | $0.40/million |
| Latency-based queries | $0.60/million |
| Geo queries | $0.70/million |
| Health checks | $0.50/month (endpoint) |
| Domain registration | Varies by TLD |
Free Tier
- Alias queries to AWS resources (CloudFront, ELB, S3) are free
- No free tier for hosted zones or health checks
Key Takeaways
- Route 53 provides domain registration, DNS hosting, and health checking
- Hosted zones contain DNS records for your domain
- Alias records route to AWS resources without needing IP addresses
- Routing policies enable weighted, latency-based, failover, and geo routing
- Health checks monitor endpoints and enable automatic failover
- Private hosted zones provide internal DNS within VPCs
- 100% availability SLA makes Route 53 highly reliable
What's Next
You now understand how to route users to your applications. But how do you keep those applications secure? In the next lesson, we'll explore AWS security best practices, from IAM to encryption and beyond.