Task Statement 1.2: Design DNS solutions that meet public, private, and hybrid requirements.
📘AWS Certified Advanced Networking – Specialty
1. What is Amazon Route 53?
Amazon Route 53 is AWS’s Domain Name System (DNS) service.
DNS is responsible for converting names into IP addresses so that users and applications can reach services.
In AWS networking design, Route 53 is not just a basic DNS service. It is also used for:
- Global traffic management
- High availability and failover
- Hybrid (on-premises + AWS) name resolution
- Integration with AWS services
For the Advanced Networking – Specialty exam, you must understand how Route 53 works, what features it provides, and when to use each feature.
2. Public, Private, and Hybrid DNS Requirements
Before learning Route 53 features, you must understand where DNS is being used.
Public DNS
- Used for resources accessible from the internet
- Examples:
- Public websites
- Public APIs
- Internet-facing load balancers
Private DNS
- Used inside AWS networks (VPCs)
- Not accessible from the internet
- Examples:
- Internal applications
- Backend services
- Internal load balancers
Hybrid DNS
- DNS must work both on-premises and in AWS
- Requires integration between:
- On-premises DNS servers
- Amazon Route 53 Resolver
The exam tests your ability to design DNS solutions for all three scenarios.
3. Route 53 Hosted Zones
A hosted zone is a container for DNS records.
Public Hosted Zone
- Used for internet-facing DNS names
- DNS records are publicly resolvable
- Example use:
- Public websites hosted in AWS
- Internet-facing services
Private Hosted Zone
- Used inside one or more VPCs
- DNS records are not visible on the internet
- Used for internal service discovery
Key exam point:
- Private hosted zones can be associated with multiple VPCs
- VPCs can be in different AWS accounts using authorization
4. Route 53 Record Types (Exam-Relevant)
You should know the common record types:
- A record – Maps a name to an IPv4 address
- AAAA record – Maps a name to an IPv6 address
- CNAME record – Maps one name to another name
- Alias record – AWS-specific replacement for CNAME
- MX record – Mail routing
- TXT record – Verification and metadata
The exam strongly focuses on Alias records, so we cover them in detail.
5. Alias Records (Very Important for Exam)
What is an Alias Record?
An Alias record is an AWS-specific DNS record that:
- Points to AWS resources
- Does not require an IP address
- Automatically tracks changes in the target resource
Alias records behave like A or AAAA records but work differently internally.
Alias Records vs CNAME Records
| Feature | Alias Record | CNAME Record |
|---|---|---|
| AWS-specific | Yes | No |
| Root domain support | Yes | No |
| Points to AWS services | Yes | Limited |
| Cost | Free | Standard DNS cost |
| Automatic IP updates | Yes | No |
Exam rule:
If the target is an AWS service → Use Alias
AWS Resources Supported by Alias Records
Alias records can point to:
- Application Load Balancer (ALB)
- Network Load Balancer (NLB)
- Classic Load Balancer
- CloudFront distributions
- S3 static website endpoints
- API Gateway endpoints
- Another Route 53 record
Why Alias Records Matter for Design
- No hard-coded IP addresses
- Works at the root domain
- Integrated with AWS health and scaling
- Recommended best practice by AWS
6. Route 53 Health Checks
What Are Health Checks?
Health checks monitor the availability and health of endpoints.
Route 53 uses health checks to:
- Determine whether a resource is healthy
- Control DNS responses based on health
Types of Route 53 Health Checks
1. Endpoint Health Checks
- Monitor:
- HTTP
- HTTPS
- TCP
- Can check:
- Response codes
- Response time
- Specific response text
2. Calculated Health Checks
- Combine multiple health checks
- Uses logical rules:
- AND
- OR
- Useful for complex failover decisions
3. CloudWatch Alarm Health Checks
- Use CloudWatch alarms instead of direct probing
- Useful when endpoints are not publicly reachable
Key Exam Points for Health Checks
- Health checks are global
- They run from multiple AWS regions
- Health checks can be associated with:
- Failover routing
- Weighted routing
- Latency routing
7. Routing Policies in Route 53
Routing policies control how Route 53 responds to DNS queries.
You must know each routing policy and its purpose.
1. Simple Routing
- Returns a single record
- No health checks
- Used when only one endpoint exists
2. Failover Routing
- Used for high availability
- Has:
- Primary record
- Secondary record
- Route 53 responds based on health check status
Exam focus:
- Health checks are mandatory
- Only one primary and one secondary
3. Weighted Routing
- Distributes traffic based on weights
- Useful for:
- Gradual migrations
- Load distribution
Example logic:
- Record A → weight 70
- Record B → weight 30
4. Latency-Based Routing
- Sends users to the lowest-latency endpoint
- Uses AWS latency measurements
- Requires endpoints in multiple regions
5. Geolocation Routing
- Routes traffic based on user location
- Location is determined by IP address
- Used to control access by country or region
6. Geoproximity Routing (Advanced)
- Routes traffic based on distance
- Allows traffic bias
- Requires Route 53 Traffic Flow
Exam tip:
- Know difference between Geolocation vs Geoproximity
7. Multi-Value Answer Routing
- Returns multiple healthy IP addresses
- Works like simple load balancing
- Health checks are supported
8. Route 53 Traffic Policies and Traffic Flow
What Are Traffic Policies?
Traffic policies define complex routing rules using a visual editor or JSON.
They allow:
- Combining multiple routing policies
- Versioned traffic control
- Reusable routing logic
Traffic Flow
Traffic Flow is a visual DNS management tool in Route 53.
Key features:
- Visual editor
- Policy versioning
- Easy rollback
- Supports:
- Failover
- Latency
- Weighted routing
- Geolocation
Exam note:
- Traffic Flow is not free
- Used for advanced global DNS designs
9. Route 53 Resolver (Critical for Hybrid DNS)
What Is Route 53 Resolver?
Route 53 Resolver provides DNS resolution inside VPCs and supports hybrid DNS.
By default:
- Every VPC has a Route 53 Resolver
- AWS assigns a .2 IP address in each subnet
Resolver Endpoints
1. Inbound Resolver Endpoint
- Allows on-premises DNS servers to query AWS DNS
- Used when on-premises systems need to resolve:
- Private hosted zones
- AWS internal names
2. Outbound Resolver Endpoint
- Allows AWS workloads to query on-premises DNS servers
- Used when AWS needs to resolve:
- On-premises domain names
Resolver Rules
Resolver rules define where DNS queries should go.
Types:
- Forwarding rules
- System rules
- Auto-defined rules
Rules are associated with VPCs.
Exam-Level Hybrid DNS Design
Typical hybrid DNS design includes:
- Private hosted zones
- Inbound resolver endpoints
- Outbound resolver endpoints
- Conditional forwarding rules
- VPN or Direct Connect connectivity
10. Security and Access Control
Route 53 integrates with IAM.
You can control:
- Who can create hosted zones
- Who can modify records
- Who can manage health checks
Private hosted zones are only accessible by:
- Associated VPCs
- Authorized AWS accounts
11. Cost Considerations (Exam Relevant)
You should know that Route 53 pricing is based on:
- Hosted zones
- DNS queries
- Health checks
- Traffic Flow usage
Alias records:
- Do not add extra query cost
12. How AWS Tests This Topic in the Exam
In the exam, you will be asked to:
- Choose the correct routing policy
- Decide between public vs private hosted zones
- Design hybrid DNS resolution
- Select Alias vs CNAME
- Use health checks for availability
- Understand resolver endpoints
Expect scenario-based questions, not definitions.
13. Summary for Exam Success
To pass this section, you must clearly understand:
- What Route 53 is and why it is used
- Differences between public, private, and hybrid DNS
- Alias records and their advantages
- Routing policies and when to use each
- Health checks and failover behavior
- Resolver endpoints for hybrid architectures
- Traffic Flow for complex DNS designs
