R53

What is Route 53?

Route 53 is Amazon’s DNS (Domain Name System) service. Think of DNS as the phonebook of the internet:

• You type www.example.com → DNS finds the correct server’s IP (like looking up a friend’s phone number).

👉 Route 53 helps:

• Register domains (like buying a new phone number).

• Manage DNS records (like deciding where calls should be directed).

• Route traffic smartly (like forwarding calls depending on location, health, or speed).

🛠 Core Functions of Route 53

1. Domain Registration

   • You can buy a domain directly from Route 53 (like myshop.com).

   • Or use an existing domain from GoDaddy, Namecheap, etc., and connect it.

2. DNS Service

   • Maps domain names → IP addresses.

   • Example: www.myshop.com → 192.0.2.44.

3. Health Checking

   • Monitors your servers/websites.

   • If one server is down, Route 53 sends users to a healthy one.

4. Traffic Routing Policies

   • Decide how users get routed.

   • Like GPS navigation choosing the fastest, closest, or safest route.

🏗 DNS Records in Route 53 (Simple Breakdown)

DNS records = instructions for traffic.

Record Type	Purpose	Example
A Record	Domain → IPv4 address	myshop.com → 192.0.2.44
AAAA Record	Domain → IPv6 address	myshop.com → 2001:db8::44
CNAME	Domain alias → another domain	blog.myshop.com → myshop.wordpress.com
MX Record	Mail server	myshop.com → mail.google.com
NS Record	Nameservers (who’s managing DNS)	ns-123.awsdns.com
TXT Record	Verification/security info	spf=myshop.com allows only AWS SES

Routing Policies

Route 53 can do basic and smart routing:

1. Simple Routing

   • One domain → One resource.

   • Example: myshop.com → single EC2 server.

2. Weighted Routing

   • Split traffic by percentage.

   • Example: 80% users → old site, 20% → new beta site.

3. Latency-Based Routing

   • Send users to the fastest region.

   • Example: UK users → London servers, US users → Virginia servers.

4. Failover Routing

   • Primary server active; if down, send to backup.

   • Example: myshop.com → main EC2 (if fails → S3 static backup site).

5. Geolocation Routing

   • Route by where users are.

   • Example: India users → in.myshop.com, UK users → uk.myshop.com.

6. Geoproximity Routing

   • Route based on geographic region + weight (can bias traffic).

   • Example: Send more users to cheaper AWS region.

7. Multi-Value Answer

   • Return multiple healthy servers randomly.

   • Example: myshop.com → {192.0.2.44, 192.0.2.45, 192.0.2.46}.

💡 Real-World Examples

• E-commerce Store

  • Main domain on Route 53 (myshop.com).

  • Weighted routing for A/B testing new website.

  • Failover routing for disaster recovery.

• Global SaaS App

  • Latency routing: US users go to US servers, Europe users go to EU servers.

  • Health checks keep bad servers out.

• Email Setup

  • MX records point to Microsoft 365 or Gmail servers.

  • TXT records secure email with SPF/DKIM.

🛡 Security with Route 53

• DNSSEC (Domain Name System Security Extensions) → Protects against DNS spoofing.

• Private Hosted Zones → Keep internal DNS records private within your VPC.

• IAM Policies → Control who can change DNS records.

⚡ Tips

• Always use health checks with failover → No downtime.

• Combine routing policies → Example: geolocation + failover.

• Alias records → Special AWS feature:

  • Use instead of CNAME at root domain.

  • Example: myshop.com → CloudFront or S3 bucket.

  • Free inside AWS (no extra query charges).

• Integrations:

  • With CloudFront → For global CDN.

  • With Elastic Load Balancer (ELB) → Route 53 → ELB → EC2 servers.

  • With API Gateway → For custom API domains.

DNS /R53

Public hosted zone

A public hosted zone is a container that holds information about how you want to route traffic on the internet for a specific domain which is accessible from the public internet

private hosted zone

A private hosted zone is a container that holds information about how you want Amazon Route 53 to respond to DNS queries for a domain and its subdomains within one or more VPCs that you create with the Amazon VPC service

Split View

Cname vs Alias

Simple routing

Simple routing lets you configure standard DNS records, with no special Route 53 routing such as weighted or latency. With simple routing, you typically route traffic to a single resource, for example, to a web server for your website.

Health Check

Amazon Route 53 health checks monitor the health and performance of your web applications, web servers, and other resources. Each health check that you create can monitor one of the following:

• The health of a specified resource, such as a web server

• The status of other health checks

• The status of an Amazon CloudWatch alarm

Failover routing

Failover routing lets you route traffic to a resource when the resource is healthy or to a different resource when the first resource is unhealthy

Multivalue answer routing lets you configure Amazon Route 53 to return multiple values, such as IP addresses for your web servers, in response to DNS queries. You can specify multiple values for almost any record, but multivalue answer routing also lets you check the health of each resource, so Route 53 returns only values for healthy resources

Weighted routing lets you associate multiple resources with a single domain name (catagram.io) and choose how much traffic is routed to each resource. This can be useful for a variety of purposes, including load balancing and testing new versions of software.

If your application is hosted in multiple AWS Regions, you can improve performance for your users by serving their requests from the AWS Region that provides the lowest latency.

Geolocation routing lets you choose the resources that serve your traffic based on the geographic location of your users, meaning the location that DNS queries originate from.

Geoproximity routing lets Amazon Route 53 route traffic to your resources based on the geographic location of your users and your resources. You can also optionally choose to route more traffic or less to a given resource by specifying a value, known as a bias. A bias expands or shrinks the size of the geographic region from which traffic is routed to a resource.

DNSSec

DNSSEC strengthens authentication in DNS using digital signatures based on public key cryptography. With DNSSEC, it's not DNS queries and responses themselves that are cryptographically signed, but rather DNS data itself is signed by the owner of the data. This video steps though how DNSSEC is implemented in AWS Route53 and demos DNSSEC signing enabling on a hosted zone, including trust chain establishment.