Task Statement 2.3: Implement complex hybrid and multi-account DNS architectures.
📘AWS Certified Advanced Networking – Specialty
🔹 What is a DNS Record?
A DNS record is an entry in a DNS database that tells the DNS system:
➡️ “How should a domain name be translated or handled?”
When a user or application requests a domain, DNS records provide the answer.
In AWS, these records are mainly managed using Amazon Route 53.
🔑 Why DNS Record Types Matter in AWS Exam
You must understand:
- Which record type to use
- How they behave in AWS
- Differences between standard DNS and AWS-specific features
- When to use Alias vs CNAME
- Forward vs reverse DNS concepts
🧩 Common DNS Record Types
We will explain the most important ones for the exam:
1️⃣ A Record (Address Record)
✔️ Purpose
Maps a domain name to an IPv4 address
✔️ Example Format
app.example.com → 192.0.2.10
✔️ Key Points
- Most commonly used DNS record
- Used for:
- Web servers
- Application endpoints
- Works with public and private IPs
✔️ AWS Usage
- Point domain to:
- EC2 instance
- Load balancer (via alias)
- Static IP
2️⃣ AAAA Record (IPv6 Address Record)
✔️ Purpose
Maps a domain name to an IPv6 address
✔️ Example Format
app.example.com → 2001:db8::1
✔️ Key Points
- Same as A record, but for IPv6
- Important for modern networking and scalability
✔️ AWS Usage
- Used when IPv6 is enabled in:
- VPC
- Load balancers
- CloudFront
3️⃣ CNAME Record (Canonical Name Record)
✔️ Purpose
Maps one domain name to another domain name
✔️ Example Format
api.example.com → app.example.com
✔️ Key Points
- Used for domain aliasing
- DNS resolver must do extra lookup
- Cannot be used at root domain (zone apex)
✔️ AWS Exam Tip
❗ You cannot use CNAME for:
example.com (root domain)
4️⃣ Alias Record (AWS-Specific)
✔️ Purpose
AWS version of CNAME, but more powerful
✔️ Key Features
- Can point to AWS resources directly
- Works at root domain (zone apex)
- No extra DNS lookup → better performance
- No cost for Route 53 queries to AWS resources
✔️ Supported AWS Targets
- Application Load Balancer
- Network Load Balancer
- CloudFront distribution
- S3 static website
- API Gateway
- Another Route 53 record
✔️ Example
example.com → ALB (via Alias)
✔️ AWS Exam Tip (VERY IMPORTANT)
👉 Always choose Alias instead of CNAME when:
- Target is an AWS resource
- You are at root domain
5️⃣ TXT Record (Text Record)
✔️ Purpose
Stores text information
✔️ Common Uses
- Domain ownership verification
- Email security:
- SPF
- DKIM
- DMARC
✔️ Example
example.com → "v=spf1 include:mail.example.com -all"
✔️ AWS Usage
- Used in:
- SES email verification
- ACM certificate validation
6️⃣ MX Record (Mail Exchange Record)
✔️ Purpose
Specifies mail servers for a domain
✔️ Example
example.com → mail.example.com (priority 10)
✔️ Key Points
- Includes priority (lower = higher priority)
- Used for email routing
7️⃣ NS Record (Name Server Record)
✔️ Purpose
Specifies authoritative DNS servers for a domain
✔️ Example
example.com → ns-123.awsdns.com
✔️ Key Points
- Required for DNS delegation
- Used in multi-account and hybrid DNS setups
✔️ AWS Usage
- Route 53 automatically creates NS records
- Important for:
- Cross-account DNS delegation
- Subdomain delegation
8️⃣ SOA Record (Start of Authority)
✔️ Purpose
Stores administrative information about the domain
✔️ Contains
- Primary DNS server
- Admin email
- Serial number
- Refresh timers
✔️ Key Points
- Only one SOA record per hosted zone
- Managed automatically in Route 53
9️⃣ PTR Record (Pointer Record)
✔️ Purpose
Used for reverse DNS lookup
➡️ Converts IP → domain name
✔️ Example
192.0.2.10 → app.example.com
✔️ Key Points
- Used in:
- Email servers (anti-spam validation)
- Logging and auditing
✔️ AWS Usage
- Common with:
- Elastic IP
- Reverse DNS configuration (via AWS support or settings)
🔄 Forward vs Reverse DNS (Important Concept)
✔️ Forward DNS
Domain → IP
Uses:
- A
- AAAA
- CNAME
✔️ Reverse DNS
IP → Domain
Uses:
- PTR
⚖️ Key Differences (Exam Focus)
| Feature | CNAME | Alias |
|---|---|---|
| Works at root domain | ❌ No | ✅ Yes |
| AWS specific | ❌ No | ✅ Yes |
| Extra DNS lookup | ✅ Yes | ❌ No |
| Supports AWS resources | ❌ No | ✅ Yes |
🧠 Exam Tips (VERY IMPORTANT)
⭐ 1. Alias vs CNAME (Most Asked)
- Use Alias for AWS resources
- Use Alias at root domain
- Avoid CNAME at zone apex
⭐ 2. IPv6 Support
- Use AAAA when IPv6 is enabled
⭐ 3. Reverse DNS
- Uses PTR
- Important for email systems
⭐ 4. Email Configuration
- MX → mail routing
- TXT → SPF, DKIM, verification
⭐ 5. Hybrid & Multi-Account DNS
- NS records → delegation
- PTR → reverse DNS in hybrid setups
🧾 Summary (Quick Revision)
- A → Domain → IPv4
- AAAA → Domain → IPv6
- CNAME → Domain → Domain
- Alias → AWS resource mapping (best option in AWS)
- TXT → Verification & email security
- MX → Mail servers
- NS → Name servers / delegation
- SOA → Domain metadata
- PTR → Reverse DNS (IP → Domain)
