Mastering AWS Route 53: Configuring DNS Records for Global & Hybrid Architectures

This study guide covers the critical aspects of Domain Name System (DNS) configuration within AWS, specifically tailored for the Advanced Networking Specialty (ANS-C01) exam. We explore record types, routing policies, and hybrid DNS resolution.

Learning Objectives

By the end of this guide, you should be able to:

• Differentiate between standard DNS records (A, CNAME) and AWS-specific Alias records.
• Design split-horizon DNS using Public and Private Hosted Zones.
• Configure domain delegation for subdomains across multiple AWS accounts.
• Implement hybrid DNS resolution using Route 53 Resolver Inbound and Outbound endpoints.
• Select appropriate routing policies (Latency, Geolocation, Failover) based on business requirements.

Key Terms & Glossary

• TTL (Time to Live): The duration, in seconds, for which a DNS record is cached by resolvers. Low TTLs allow for faster changes but increase query load.
• Zone Apex: The root of a domain (e.g., example.com without a www prefix). Standard CNAME records cannot be placed at the apex.
• FQDN (Fully Qualified Domain Name): The complete domain name for a specific host (e.g., server1.sub.example.com.).
• Recursive Resolver: The DNS server that queries other servers on behalf of a client to find an IP address.
• Authoritative Name Server: The final holder of the DNS record that provides the definitive answer to the resolver.

The "Big Idea"

DNS is the backbone of global traffic management. In AWS, Route 53 is not just a registrar; it is a programmable steering engine. By choosing the right record types and routing policies, you ensure that traffic is directed to the healthiest, closest, and most cost-effective resources, whether they reside in a VPC, on-premises, or in a different AWS Region.

Formula / Concept Box

Hierarchical Outline

1. Route 53 Hosted Zones
   • Public Hosted Zones: Accessible from the internet.
   • Private Hosted Zones (PHZ): Associated with specific VPCs; used for internal service discovery.
2. Essential DNS Record Types
   • A & AAAA: Mapping to IPv4 and IPv6.
   • CNAME: Canonical name for aliasing hostnames.
   • SRV: Service locator records for specific protocols (VoIP/IM).
   • TXT: Text records for verification (SPF, DKIM).
3. Advanced Routing Policies
   • Weighted: Split traffic by percentage (e.g., A/B testing).
   • Latency: Route to the region with the lowest round-trip time.
   • Failover: Active-Passive configuration based on health checks.
4. Hybrid DNS Architectures
   • Inbound Endpoints: Allow on-premises to resolve VPC records.
   • Outbound Endpoints: Allow VPC resources to resolve on-premises records.

Visual Anchors

Subdomain Delegation Flow

This diagram illustrates how a parent domain delegates authority to a subdomain hosted in a different account.

Hybrid DNS Resolution Architecture

Definition-Example Pairs

• Record Type: PTR (Pointer Record)
  • Definition: Maps an IP address back to a domain name (Reverse DNS).
  • Example: A mail server receives an IP 1.2.3.4 and checks the PTR record to ensure it resolves to mail.example.com to prevent spam.
• Record Type: SRV (Service Record)
  • Definition: Defines the hostname and port number for specific services.
  • Example: _sip._tcp.example.com. 86400 IN SRV 10 60 5060 bigbox.example.com. (Priority 10, Weight 60, Port 5060).
• Alias Record
  • Definition: An AWS-specific extension to DNS that allows you to point your domain name to certain AWS resources.
  • Example: Pointing example.com directly to an Application Load Balancer DNS name using an Alias A record.

Worked Examples

Example 1: Delegating a Subdomain

Scenario: You own cloudcorp.com in Account A and want the development team in Account B to manage dev.cloudcorp.com.

1. In Account B: Create a Public Hosted Zone for dev.cloudcorp.com. Route 53 assigns four unique Name Servers (NS).
2. In Account A: In the cloudcorp.com hosted zone, create a new record named dev.
3. Select Type: Choose NS (Name Server).
4. Value: Paste the four NS addresses provided by Account B.
5. Verification: Run dig NS dev.cloudcorp.com to ensure it returns the Name Servers from Account B.

Example 2: Configuring a Failover Policy

Scenario: Route traffic to a primary site in us-east-1 and failover to us-west-2 if the primary is down.

1. Health Check: Create a Route 53 Health Check monitoring the endpoint in us-east-1.
2. Primary Record: Create an A record for app.example.com in us-east-1 with the "Failover" routing policy. Mark it as Primary and associate the health check.
3. Secondary Record: Create an A record for app.example.com in us-west-2 with the "Failover" routing policy. Mark it as Secondary.

Checkpoint Questions

1. Why can't you use a CNAME record for your zone apex (e.g., mydomain.com)?
2. Which Route 53 feature allows an on-premises server to resolve names in a Private Hosted Zone?
3. If you have two records with the same name but different weights (20 and 80), what percentage of traffic goes to the first record?
4. True or False: Alias records incur standard DNS query charges when pointing to an S3 bucket website endpoint.

Muddy Points & Cross-Refs

• CNAME vs. Alias: This is the most common point of confusion. Remember: Alias is always preferred for AWS resources because it handles the apex and is cost-effective.
• Private Hosted Zone Visibility: A PHZ is only visible to the VPCs you explicitly associate it with. It does not respond to queries from the public internet.
• DNSSEC: While Route 53 supports DNSSEC, it requires careful management of Key-Signing Keys (KSK). Check the Network Security chapter for implementation details.

Comparison Tables

Routing Policy Selection Matrix