The Concept: AWS Route 53
Amazon Route 53 is a highly available and scalable Domain Name System
(DNS) web service designed to route end-user requests to Internet
applications running in AWS or on-premises.
The "53" refers to port 53, the port used by DNS protocols.
Key
Features of Route 53
|
Feature |
Description |
|
Domain Registration |
Register new domain names or
transfer existing ones. |
|
DNS Service |
Translates friendly domain names
(e.g., example.com) into IP addresses. |
|
Health Checks |
Monitor the health of endpoints
and route traffic away from unhealthy endpoints. |
|
Routing Policies |
Multiple advanced routing options
(detailed below). |
|
Traffic Flow |
Visual editor for complex routing
decisions. |
|
Alias Records |
Map domain names to AWS resources
like CloudFront, ELB, or S3 without additional cost. |
|
Private Hosted Zones |
Manage internal DNS for Amazon
VPCs. |
|
Latency-Based Routing |
Route traffic to the
lowest-latency AWS region. |
|
Geo DNS |
Route traffic based on the
geographic location of users. |
|
Weighted Routing |
Split traffic across multiple
resources based on weight. |
Setup
Steps for Route 53
1.
Register or Use a Domain
- Use Route 53 to register a new domain or configure DNS
for an existing domain.
2.
Create a Hosted Zone
- Hosted zone contains records (like A, CNAME) for the
domain.
3.
Add DNS Records
- Add A, AAAA, CNAME, MX, TXT, etc. records.
- For AWS resources, use Alias records (no charge,
dynamic updates).
4.
Routing Policy Configuration
Choose routing strategy:
- Simple
- Weighted
- Failover
- Latency-based
- Geolocation
- Geoproximity (with Traffic Flow)
- Multivalue Answer
5.
Health Checks (Optional)
- Configure Route 53 to monitor your endpoints and
perform failover if needed.
Benefits
of Route 53
|
Benefit |
Details |
|
Highly Available & Scalable |
Backed by AWS infrastructure
across multiple edge locations. |
|
Integrated with AWS |
Seamless with services like ELB,
CloudFront, S3, API Gateway. |
|
Global Performance |
Fast DNS resolution from AWS
global edge network. |
|
Cost-Effective |
Pay-as-you-go pricing model. |
|
Security |
Supports DNSSEC for domain
registration; integrates with IAM and VPCs. |
|
Automation Ready |
Full support via AWS CLI, SDKs,
and CloudFormation. |
Limitations of Route 53
|
Limitation |
Explanation |
|
No Built-in DNS Firewall |
Requires integration with other
services for DNS filtering. |
|
Limited GeoProximity Routing |
Only available with Traffic
Flow, not via standard records. |
|
No Native DNSSEC for Hosted Zones |
DNSSEC for domain registration
only, not for DNS records (though AWS is working on it). |
|
Vendor Lock-In Potential |
Deep integration with AWS may
complicate migration to other providers. |
twtech Use Cases
|
Use Case |
Description |
|
Website Hosting |
Point a domain to an S3 static
website or CloudFront distribution. |
|
Global Application Routing |
Use latency-based or geolocation
routing to route traffic based on user location. |
|
Disaster Recovery / Failover |
Use health checks + failover
routing to reroute traffic during outages. |
|
Load Balancing |
Use weighted routing to distribute
traffic across multiple regions or services. |
|
Private DNS in VPCs |
Use private hosted zones for
internal service discovery. |
|
Custom Domain for APIs |
Map custom domains to AWS API
Gateway endpoints. |
Tools & Integrations
- AWS CLI:
Manage hosted zones and records from the command line.
- Terraform/CloudFormation: Infrastructure-as-code for DNS.
- Boto3 / SDKs:
Programmatically manage DNS from code.
- Monitoring:
Integrate health checks with CloudWatch alarms and SNS
notifications.
Example: Route 53 Setup for a Web App
# bash
# Step 1: Create a hosted zone
aws
route53 create-hosted-zone \
--name twtech.com \
--caller-reference "twtech-unique-id"
# Step 2: Add an A record pointing to an ELB
aws
route53 change-resource-record-sets \
--hosted-zone-id Z123456ABCDxxx \
--change-batch file://record-set.json
record-set.json:
# json
{
"Changes": [{
"Action": "UPSERT",
"ResourceRecordSet": {
"Name": "www.twtech.com",
"Type": "A",
"AliasTarget": {
"HostedZoneId": "Z35SXDOTRQ7XXX",
"DNSName": "dualstack.twtech-load-balancer.amazonaws.com.",
"EvaluateTargetHealth": true
}
}
}]
}
twtech-insights:
Amazon Route 53 is a powerful DNS
solution tightly integrated with AWS. It's ideal for:
- Scalable, global apps
- Disaster recovery
- Hybrid DNS setups
- Secure and monitored routing
The terms Root DNS Server, TLS DNS Server,
and SLD DNS Server refer to different roles or technologies in the DNS (Domain Name
System) ecosystem. Let's break each one down and compare them.
1.
Root DNS Server
- Role:
Top-level DNS server in the global DNS hierarchy.
- Purpose:
Knows where to find the authoritative servers for Top-Level Domains
(TLDs) like .com, .org, .net, .uk, etc.
- Example:
When you query www.example.com, the root server helps direct the query to the .com TLD
server.
- Number:
13 root server names (A–M), but each one is replicated globally
using Anycast.
- Does not store:
Domain-specific records (e.g., A, CNAME) – it only helps route queries
down the hierarchy.
2.
TLS DNS Server
- Not a standard DNS server type, but likely refers to:
- DoT (DNS over TLS) servers.
- These are DNS resolvers (like Google DNS 8.8.8.8,
Cloudflare 1.1.1.1) that use TLS encryption to secure DNS queries
from eavesdropping and tampering.
- Purpose:
Encrypts DNS traffic between the client and the DNS resolver.
- Not hierarchical
like root or authoritative servers.
- Used by:
Clients (browsers, operating systems) for privacy.
3.
SLD DNS Server
- SLD = Second-Level
Domain, e.g., example in example.com.
- SLD DNS Server
typically refers to the authoritative DNS server for that domain.
- Purpose:
Provides actual DNS records (A, AAAA, CNAME, MX, etc.) for that specific
domain.
- Example:
The DNS server responsible for resolving www.twtech.com to 93.184.216.34.
- Often run by:
Hosting providers, domain owners, or DNS providers like AWS Route 53,
Cloudflare, etc.
Table of differences
|
Type |
Role |
Hierarchy
Level |
Example
Function |
|
Root DNS Server |
Directs queries to TLD servers |
Top |
Directs .com queries to .com servers |
|
TLS DNS Server |
Resolver with encrypted transport |
Client-facing (not hierarchical) |
Securely resolves DNS queries |
|
SLD DNS Server |
Authoritative server for domain |
Domain-level (2nd level) |
Returns actual records like A or
MX |
DNS Records
Amazon Route 53 is AWS's scalable and highly available Domain Name
System (DNS) web service. It allows twtech to manage DNS records for
the domains and route traffic based on different rules (like latency,
geolocation, failover, etc.).
Common DNS Record
Types in Route 53
|
Record Type |
Purpose |
Example |
|
A (Address) |
Maps a domain to an IPv4
address |
twtech.com → 192.0.2.1 |
|
AAAA |
Maps a domain to an IPv6
address |
twtech.com → 2001:db8::1 |
|
CNAME (Canonical Name) |
Alias to another domain name |
www.twtech.com → twtech.com |
|
MX (Mail Exchange) |
Routes email to a mail
server |
twtech.com → mail.twtech.com |
|
TXT |
Stores text data (often for
SPF, DKIM, or domain verification) |
v=spf1 include:mail.twtech.com ~all |
|
NS (Name Server) |
Specifies the authoritative
name servers for a zone |
twtech.com → ns-123.awsdns-45.com |
|
SOA (Start of Authority) |
Contains metadata about the zone
(TTL, serial, etc.) |
Used automatically |
|
SRV |
Defines service locations |
e.g., _sip._tcp.twtech.com |
|
PTR |
Reverse DNS – IP to hostname |
1.2.0.192.in-addr.arpa → twtech.com |
|
Alias |
AWS-specific: like a CNAME but used
at the root domain and integrates with AWS services |
twtech.com → ELB, CloudFront, S3 website |
Routing Policies in Route 53
Route 53 supports several routing
policies you can attach to DNS records:
|
Policy |
Purpose |
|
Simple |
Standard DNS – one record, one IP |
|
Weighted |
Distribute traffic based on
weights (e.g., 70% / 30%) |
|
Latency-based |
Route to the lowest-latency
endpoint |
|
Failover |
Route to healthy endpoints only
(uses health checks) |
|
Geolocation |
Route based on user's geographic
location |
|
Geoproximity |
Like geolocation, but you can bias
traffic |
|
Multivalue Answer |
Return multiple IPs (like
round-robin, with optional health checks) |
twtech Example: A Record in Route 53
# text
Name:
www.twtech.com
Type: A
TTL: 300
Value:
192.0.2.1
Routing Policy: Simple
Note:
- Alias records
are preferred when pointing to AWS resources (ELBs, S3 buckets,
CloudFront) because they are free and support root domains (like twtech.com).
- TTL (Time to Live) affects DNS caching—lower TTL =
quicker changes, higher TTL = more caching.
Key difference between a Public
Hosted Zone and a Private Hosted Zone in Amazon Route 53 lies in who can
resolve the DNS records and how they're accessed.
Public Hosted Zone
|
Feature |
Description |
|
Visibility |
Public – accessible over the internet |
|
Use Case |
Hosting DNS records for public-facing
domains (e.g., twtechspringapp.com, www.twtechapp.com) |
|
Query Source |
Any client on the internet can
query these records |
|
Records |
A, CNAME, MX, TXT, etc., for
public services like websites, email, etc. |
|
Example |
www.twtechwebaoo.com
points to a public IP or CloudFront distribution |
Private Hosted Zone
|
Feature |
Description |
|
Visibility |
Private – accessible only from within
one or more Amazon VPCs |
|
Use Case |
Internal DNS for private
services, e.g., microservices, databases, or internal APIs |
|
Query Source |
Only resources inside the
associated VPC(s) can resolve these records |
|
Records |
Internal hostnames, like db.internal.twtech.com → 10.0.1.23 |
|
Example |
internal.twtech.com
resolves to a private IP only inside your AWS VPC network |
Key Differences Summary
|
Feature |
Public
Hosted Zone |
Private
Hosted Zone |
|
Access Scope |
Global (internet) |
AWS VPC only |
|
Common Use |
Websites, APIs, email |
Internal services, databases |
|
Resolvers |
Any public DNS resolver |
Only Route 53 Resolver inside VPC |
|
Security |
Publicly accessible |
Secured within twtech AWS network |
|
Link to VPC |
Not required |
Required to associate with one or
more VPCs |
twtech
Use Cases:
- Public Hosted Zone:
api.twtechapp.com
points to an Application Load Balancer on the internet.
- Private Hosted Zone:
backend.internal.twtechapp.com resolves to a private EC2 IP address accessible only
within twtech VPC.
How twtech creates Route53
Register a domain: twtechapp.com
Enter a domain name of choice and find out if it is
available: twtech.accademy
|
Domain |
Select the Domain that best describe the need:
twtech.academy
Suggested available domains (9)
NB:
twtech already has two domains and can
register up to five domains at a time
Move to chechout, (Pay for the domain): This will cost twtech 14 dollars per
year.
Enable auto-renew at the end of the chosen time period or not: enabled
If not enabled, someone can buy the domain and it is not a good
idea to loose it.
Policy protection should be enabled so that: spams are not received
Status: in
progress
After a couple of minutes, status changes to: Successful
Hosted Zones(3)
Automatic mode is the current search behavior optimized for best filter results. To change modes go to settings.
Check the registration email (email used in registration) to see the status of Domain registration
Project: Hands-on
How twtech creates: Record-sets on Route53
Double click on the particular Host Zone to use: twtechapp.com
From twtechapp.com, we can Create record: web.twtechapp.com
Create record: web.twtechapp.com
From EC2-instance
terminal or CloudShell from another EC2 console: to
use the external linux command line interface (CLI)
From:
Initially created or upload files in cloud shell can be listed: ls
We can now run dig command to get more details: dig web.twtechapp.com
No comments:
Post a Comment