AWS Route 53 DNS Management: Complete Domain and Routing Guide
Amazon Route 53 is a highly available and scalable Domain Name System (DNS) web service. This comprehensive guide helps small businesses leverage Route 53 for domain management, traffic routing, and health monitoring to ensure reliable online presence.
Route 53 Fundamentals
Understanding DNS and Route 53's capabilities is essential for effective domain management.
Core DNS Concepts
- Domain Names: Human-readable addresses (example.com)
- DNS Records: Map domains to resources
- Name Servers: Respond to DNS queries
- TTL: Time to Live for DNS caching
- Hosted Zones: Container for DNS records
Setting Up Hosted Zones
Creating a Public Hosted Zone
Configure DNS for internet-facing resources:
# Create hosted zone
aws route53 create-hosted-zone \
--name example.com \
--caller-reference "$(date +%s)"
# Note the name servers provided
# Update your domain registrar with these name servers
Private Hosted Zones
DNS resolution within your VPC:
# Create private hosted zone
aws route53 create-hosted-zone \
--name internal.company.local \
--vpc VPCRegion=us-east-1,VPCId=vpc-123456 \
--hosted-zone-config PrivateZone=true
DNS Record Types
Essential Record Types
Configure the right record for your needs:
- A Record: Maps domain to IPv4 address
- AAAA Record: Maps domain to IPv6 address
- CNAME Record: Creates domain aliases
- MX Record: Email server routing
- TXT Record: Text information and verification
Record Configuration Examples
{
"Changes": [{
"Action": "CREATE",
"ResourceRecordSet": {
"Name": "www.example.com",
"Type": "A",
"TTL": 300,
"ResourceRecords": [{
"Value": "192.0.2.1"
}]
}
}]
}
Routing Policies
Simple Routing
Basic DNS resolution:
www.example.com:
Type: A
Value: 192.0.2.1
TTL: 300
Weighted Routing
Distribute traffic by percentage:
# 70% to server 1
www.example.com:
Type: A
Value: 192.0.2.1
Weight: 70
SetIdentifier: server1
# 30% to server 2
www.example.com:
Type: A
Value: 192.0.2.2
Weight: 30
SetIdentifier: server2
Latency-Based Routing
Route users to lowest latency endpoint:
- Configure records in multiple regions
- Route 53 automatically selects best endpoint
- Improves user experience globally
Geolocation Routing
Route based on user location:
{
"GeoLocation": {
"CountryCode": "US",
"SubdivisionCode": "NY"
},
"ResourceRecords": [{
"Value": "us-east-server.example.com"
}]
}
Health Checks and Monitoring
Configuring Health Checks
Monitor endpoint availability:
aws route53 create-health-check \
--health-check-config '{
"Type": "HTTPS",
"ResourcePath": "/health",
"FullyQualifiedDomainName": "api.example.com",
"Port": 443,
"RequestInterval": 30,
"FailureThreshold": 3
}'
Health Check Types
- Endpoint Monitoring: Check specific URLs
- Calculated Health Checks: Combine multiple checks
- CloudWatch Alarm: Monitor AWS resources
Failover Configuration
Active-Passive Failover
Automatic disaster recovery:
# Primary record
api.example.com:
Type: A
Value: 192.0.2.1
Failover: PRIMARY
HealthCheckId: check-123
SetIdentifier: primary
# Secondary record
api.example.com:
Type: A
Value: 192.0.2.2
Failover: SECONDARY
SetIdentifier: secondary
Multi-Region Failover
Complex failover scenarios:
- Primary region with health checks
- Secondary region on standby
- Automatic failover on failure
- Configurable failback options
Domain Registration
Registering Domains
Route 53 as domain registrar:
- Check domain availability
- Configure contact information
- Enable privacy protection
- Set auto-renewal preferences
Domain Transfer
Moving domains to Route 53:
# Initiate transfer
aws route53domains transfer-domain \
--domain-name example.com \
--auth-code "transfer-auth-code" \
--auto-renew
Performance Optimization
TTL Management
Balance performance and flexibility:
- Short TTL (60-300s): During migrations
- Medium TTL (3600s): Normal operations
- Long TTL (86400s): Stable configurations
Alias Records
Use AWS resource integration:
{
"Name": "example.com",
"Type": "A",
"AliasTarget": {
"HostedZoneId": "Z2FDTNDATAQYW2",
"DNSName": "d123456.cloudfront.net",
"EvaluateTargetHealth": true
}
}
Security Best Practices
DNSSEC
Enable DNS Security Extensions:
- Enable DNSSEC signing
- Create KSK and ZSK
- Add DS records to parent zone
- Monitor DNSSEC status
Access Control
Secure Route 53 management:
{
"Version": "2012-10-17",
"Statement": [{
"Effect": "Allow",
"Action": [
"route53:ListHostedZones",
"route53:GetHostedZone"
],
"Resource": "*"
}, {
"Effect": "Allow",
"Action": "route53:ChangeResourceRecordSets",
"Resource": "arn:aws:route53:::hostedzone/Z123456789"
}]
}
Cost Optimization
Reduce Route 53 Costs
- Consolidate Hosted Zones: Minimize zone count
- Optimize Health Checks: Use calculated checks
- Review Query Patterns: Identify heavy usage
- Use Appropriate TTLs: Reduce query volume
Pricing Components
- Hosted zones: $0.50/month
- Queries: $0.40 per million
- Health checks: From $0.50/month
- Domain registration: Varies by TLD
Integration with AWS Services
CloudFront Distribution
distribution.example.com:
Type: A
AliasTarget:
HostedZoneId: Z2FDTNDATAQYW2
DNSName: d123456.cloudfront.net
Elastic Load Balancer
app.example.com:
Type: A
AliasTarget:
HostedZoneId: Z35SXDOTRQ7X7K
DNSName: my-load-balancer-123456.us-east-1.elb.amazonaws.com
Monitoring and Logging
Query Logging
Enable DNS query logging:
aws route53 create-query-logging-config \
--hosted-zone-id Z123456789 \
--cloud-watch-logs-log-group-arn arn:aws:logs:us-east-1:123456789012:log-group:/aws/route53/example.com
CloudWatch Metrics
Monitor DNS performance:
- Query count by record type
- Health check status
- Domain registration events
- DNSSEC validation failures
Troubleshooting
Common DNS Issues
- Propagation Delays: Wait for TTL expiration
- NXDOMAIN Errors: Check record existence
- Health Check Failures: Verify endpoint accessibility
- Query Timeouts: Check security groups
Diagnostic Tools
# Check DNS resolution
dig example.com
# Trace DNS path
dig +trace example.com
# Test specific name server
dig @ns-123.awsdns-12.com example.com
Migration Strategies
Zero-Downtime Migration
- Lower TTLs: Reduce to 60 seconds
- Dual Running: Configure both old and new
- Test Thoroughly: Verify all records
- Update Incrementally: Change in phases
- Monitor Closely: Watch for issues
Best Practices Summary
- Use Alias Records: For AWS resources
- Implement Health Checks: Ensure availability
- Plan for Failure: Configure failover
- Monitor Continuously: Enable query logging
- Secure Appropriately: Implement least privilege
Conclusion
Route 53 provides enterprise-grade DNS capabilities that small businesses can leverage for reliable, performant domain management. By implementing proper routing policies, health checks, and security measures, you can ensure your online services remain accessible and responsive.
For professional Route 53 configuration and DNS architecture services in Louisville, contact Tyler on Tech Louisville to optimize your domain management and ensure maximum availability for your business.