DNS can be confusing for those unfamiliar with networking, fortunately Amazon has made Route 53 so easy to manage, even for those who have difficulties with networks, you can define how AWS will route traffic to your resources with a few easy steps. We’ve put together this Route 53 cheat sheet to help you organize informations about this service.
Before jumping to Amazon Route 53 service it’s important that you understand the DNS system, bellow is the main points you should know about DNS:
Top-Level Domains (TLD):
- The TLD is the farthest portion to the right (as separated by a dot).
- Parties can distribute domain names under the TLD, usually through a domain registrar.
- Two types of top-level domains:
- Generic TLDs:
- are global in nature and recognized across the globe (.com .net .org…..).
- also include specialty domains (.cloud, .coffee……).
- Geographic TLDs: associated with geographical areas such as countries or cities (.fr for France, .us for the USA……).
- Generic TLDs:
Domain Names, Subdomains, and Hosts:
- Human-friendly name associated with an internet resource (awsboy.com is a domain name example.awsboy.com is also a domain name).
- Every domain name except the root domain name is a subdomain. (example.awsboy.com is a subdomain of awsboy.com which itself is a subdomain of .com TLD).
- Hosts are computers or services accessible through a domain.
Fully Qualified Domain Names (FQDN):
- A FQDN ( or absolute domain name) is a domain name that specifies its exact location in the tree hierarchy of DNS
- It usually consists of a host name and at least one higher-level domain (label) separated by the symbol “.” and always ends in the top-level domain. (api.aws.amazon.com. is an FQDN).
- Name Servers are servers in the DNS that translate domain names into IP addresses.
- Authoritative servers provide answers to queries about domains under their control.
- Non-authoritative servers point to other servers or serve cached copies of other Name Servers data.
- A zone file is a simple text file that contains mappings between domain names and IP addresses.
- zone files reside in name servers.
- The more zone files that a name server has, the more requests it will be able to answer authoritatively.
Domain Name Registrars:
- A domain name registrar is an organization or commercial entity that manages the reservation of Internet domain names.
How DNS resolution works:
How DNS resolution works?
- Checking the local cache: when you type a domain (www.awsboy.com) name in the browser your computer checks it’s host to see if it has that domain name stored locally if it does not have it will contact a DNS server (resolver) to resolve it.
- Checking the resolving name server: the computer sends the request to the resolving name server and waits to receive the IP address of the resource. If it doesn’t find it, it will forward the request to the root server.
- Checking the root server: the root server won’t actually know where the domain is hosted but it’s able to direct the requester to the name server that handles the specifically-requested TLD. (.com)
- Checking the TLD server: the TLD server searches its zone file and it will not find the domain, However, it will find a listing for the IP address of the name server responsible for awsboy.com
- Checking the Domain-level name server: the requester has the IP address of the name server that is responsible for knowing the actual IP address of the resource, it sends a new request to the name server asking if it can resolve www.awsboy.com. the name server finds the zone file associated with awsboy.com that contains the record which holds the IP for the .www host and it returns the IP to the requester.
- A record is a mapping between a resource and a name.
- Each zone file contains records.
There are several types of records:
Start Of Authority Record (SOA):
- this record identifies the base DNS information about the domain.
- Each zone contains a single SOA record.
- stores the following information:
- The name of the DNS server for the zone,
- the administrator of the zone,
- The current version of the data file, The number of seconds that a secondary name server should wait before checking for updates.
- The number of seconds that a secondary name server should wait before retrying a failed zone transfer.
- The maximum number of seconds that a secondary name server can use data before it must either be refreshed or expire.
- The default TTL value (in seconds) for resource records in the zone.
A and AAAA record:
- The A record is used to map an IPv4 IP address to a host.
- The AAAA record is used to map an IPv6 IP address to a host.
Canonical Name (CNAME):
- is a record that points to another domain address rather than an IP address.
Name Server (NS):
- Name Server (NS) records are used by TLD servers to direct traffic to the DNS servers that contain the authoritative DNS records.
- Mail Exchange (MX) records are used to define the mail servers used for a domain and ensure that email messages are routed correctly.
- The MX record should point to a host defined by an A or AAAA record and not one defined by a CNAME.
- PTR records map an IP address to a DNS name (reverse of an A record).
Sender Policy Framework (SPF):
- Sender Policy Framework (SPF) records are used by mail servers to combat spam.
- Text (TXT) records are used to hold text information. This record provides the ability to associate some arbitrary and unformatted text with a host or other name, such as human readable information about a server, network, data center, and other accounting information.
- A Service (SRV) record is a specification of data defining the location (the hostname and port number) of servers for specified services.
Comparison of alias and CNAME records:
Alias records are similar to CNAME records, but there are some important differences.
- Alias recors:
- An alias record can only redirect queries to selected AWS resources (example: S3 buckets, CloudFront distributions, another record in the same Route 53 hosted zone)
- You need to use Route 53 as the DNS service for the domain that you’re redirecting queries to.
- You can create an alias record that has the same name as the hosted zone (the zone apex). The one exception is when you want to redirect queries from the zone apex (such as example.com) to a record in the same hosted zone that has a type of CNAME (such as zenith.example.com).
- CNAME record:
- A CNAME record can redirect DNS queries to any DNS record.
- You don’t need to use Route 53 as the DNS service for the domain that you’re redirecting queries to.
- You can’t create a CNAME record that has the same name as the hosted zone (the zone apex)
- A hosted zone is a collection of resource record sets hosted by Amazon Route 53.
- A hosted zone represents resource record sets that are managed together under a single domain name.
- There are two types of hosted zones:
- Private hosted zone: holds information about how you want to route traffic for a domain and its subdomains within one or more VPCs.
- Public hosted zone: holds information about how you want to route traffic on the Internet for a domain and its subdomains.
- Use an alias record, not a CNAME, if you want to provide IP addresses for the zone itself. CNAMEs are not allowed for hosted zones in Amazon Route 53 or any other DNS service.
Amazon Route 53 main functions:
Amazon Route 53 can perform one of the three functions listed bellow:
- You can register a domain name with Amazon Route 53.
- You can register the domain name with other registrars and still use Amazon Route 53 to perform other functions.
- You can transfer your domain to Route 53 from another registrar.
- You can register your domain with Route 53 and not use other functions such as DNS service or health checking if you want to.
- Route 53 translates domain names to IPs.
- Route 53 responds to DNS queries using a global network of authoritative DNS servers.
- You can transfer DNS service (from another registrar) to Amazon Route 53, with or without transferring registration for the domain.
- If you register a new domain name with Amazon Route 53, Amazon Route 53 will be automatically configured as the DNS service for the domain, and a hosted zone will be created for your domain.
- Health checking helps your application to be highly available and resilient to failures.
- Route 53 checks if your applications are up and running (reachable, available and functional).
- You can configure Amazon CloudWatch alarms for your health checks so that you receive notification when a resource becomes unavailable.
- You can configure Amazon Route 53 to route Internet traffic away from resources that are unavailable.
- Amazon health checks are run periodically by AWS.
When you create a resource record set, you set a routing policy that determines how Amazon Route 53 responds to queries.
Diffrent routing policies available:
Simple Routing Policy:
- Default routing policy for Amazon Route 53.
- Used when you have a single resource that performs a given function for your domain ( ex: EC2 web server for example.com).
Weighted Routing Policy:
- Used when you have multiple resources that perform the same function (example: EC2 web servers that serve the same website).
- with the weighted policy, you can route traffic to your ressources in proportions that you specify (for example, 20% of the traffic goes to server1, 80% goes to server2).
- When processing a DNS query, Route 53 uses the formula: (Weight for a Specific Record / Sum of the Weights for All Records) to calculate the probability of any resource record set being selected. (for example, you want to send small traffic to a test server and the rest to the prod server you might specify weights of 5 and 95 the resource with the weight 5 will get (5/5+95= 5% of the traffic).
Latency-Based Routing Policy:
- Used when you have resources that perform the same function in multiple Availability Zones or AWS Regions.
- allows you to route your traffic based on the lowest network latency for your end-user.
- Latency-based routing is based on latency measurements that are continually reevaluated by Amazon Route 53.
Failover Routing Policy:
- Used to configure active-passive failover, in which one resource takes all the traffic when it is available and the other resource takes all of the traffic when the first resource fails health checks.
- After you have configured a health check, AWS will monitor the health of your selected DNS endpoint. If your health check fails, then failover routing policies will be applied.
Geolocation Routing Policy:
- lets you choose where Amazon Route 53 will send your traffic based on the geographic location of your users.
- You can specify geographic locations by continent, by country, or by the state in the United States.
- You can also use geolocation routing to restrict distribution of content only to those locations in which you have distribution rights.
Multivalue answer routing:
- Multivalue answer routing lets you configure Route 53 to return multiple values, such as IP addresses for your web servers, in response to DNS queries.
- Any DNS record type except for NS and CNAME is supported
- If you associate a health check with a multivalue answer record, Amazon Route 53 responds to DNS queries with the corresponding IP address only when the health check is healthy.
- If you do not associate a health check with a multivalue answer record, Amazon Route 53 always considers the record to be healthy.
- lets Amazon Route 53 route traffic to your resources based on the geographic location of your resources (not end-users!!).
- Allows you to shift traffic from one resource in one location to resources in another location.
- gives you the option to route more traffic or less traffic to a particular resource by specifying the value bias.
AWS charges several monthly rates depending on your usage:
- DNS zones: $0.50 per hosted DNS zone / month. (for the first 25 zones, 0.1 for additional).
- Policy records: $50 per DNS name.
- Standard queries: $0.4 per million queries for the first billion queries / month, thereafter $0.2 per million queries / month.
- Latency-based routing queries—$0.6 per million queries for the first billion queries / month, thereafter $0.3 per million queries / month.
- Geo-based queries—$0.7 per million queries for the first billion queries / month, thereafter $0.35 per million queries / month.
- Health checks—first 50 AWS endpoints free, thereafter $0.5 / endpoint / month.
- Domain registration—AWS provides a price sheet for domains across different TLDs.
Route 53 practice questions:
Notice: we keep updating this material.
AWSBOY Cheat sheets:
You can report a mistake or suggest new points to add to this Route 53 cheat sheet…let us know in the comment section.