Amazon Route 53 | Health Checks & DNS Failover Flashcards
Can I use Private DNS to block domains and DNS names that I don’t want to be reached from within my VPC?
Health Checks & DNS Failover
Amazon Route 53 | Networking & Content Delivery
Yes, you can block domains and specific DNS names by creating these names in one or more Private DNS hosted zones and pointing these names to your own server (or another location that you manage).
What is DNS Failover?
Health Checks & DNS Failover
Amazon Route 53 | Networking & Content Delivery
DNS Failover consists of two components: health checks and failover. Health checks are automated requests sent over the Internet to your application to verify that your application is reachable, available, and functional. You can configure the health checks to be similar to the typical requests made by your users, such as requesting a web page from a specific URL. With DNS failover, Route 53 only returns answers for resources that are healthy and reachable from the outside world, so that your end users are routed away from a failed or unhealthy part of your application.
How do I get started with DNS Failover?
Health Checks & DNS Failover
Amazon Route 53 | Networking & Content Delivery
Visit the Amazon Route 53 Developer Guide for details on getting started. You can also configure DNS Failover from within the Route 53 Console.
Does DNS Failover support Elastic Load Balancers (ELBs) as endpoints?
Health Checks & DNS Failover
Amazon Route 53 | Networking & Content Delivery
Yes, you can configure DNS Failover for Elastic Load Balancers (ELBs). To enable DNS Failover for an ELB endpoint, create an Alias record pointing to the ELB and set the “Evaluate Target Health” parameter to true. Route 53 creates and manages the health checks for your ELB automatically. You do not need to create your own Route 53 health check of the ELB. You also do not need to associate your resource record set for the ELB with your own health check, because Route 53 automatically associates it with the health checks that Route 53 manages on your behalf. The ELB health check will also inherit the health of your backend instances behind that ELB. For more details on using DNS Failover with ELB endpoints, please consult the Route 53 Developer Guide.
Can I configure a backup site to be used only when a health check fails?
Health Checks & DNS Failover
Amazon Route 53 | Networking & Content Delivery
Yes, you can use DNS Failover to maintain a backup site (for example, a static site running on an Amazon S3 website bucket) and fail over to this site in the event that your primary site becomes unreachable.
What DNS record types can I associate with Route 53 health checks?
Health Checks & DNS Failover
Amazon Route 53 | Networking & Content Delivery
You can associate any record type supported by Route 53 except SOA and NS records.
Can I health check an endpoint if I don’t know its IP address?
Health Checks & DNS Failover
Amazon Route 53 | Networking & Content Delivery
Yes. You can configure DNS Failover for Elastic Load Balancers and Amazon S3 website buckets via the Amazon Route 53 Console without needing to create a health check of your own. For these endpoint types, Route 53 automatically creates and manages health checks on your behalf which are used when you create an Alias record pointing to the ELB or S3 website bucket and enable the “Evaluate Target Health” parameter on the Alias record.
For all other endpoints, you can specify either the DNS name (e.g. www.example.com) or the IP address of the endpoint when you create a health check for that endpoint.
One of my endpoints is outside AWS. Can I set up DNS Failover on this endpoint?
Health Checks & DNS Failover
Amazon Route 53 | Networking & Content Delivery
Yes. Just like you can create a Route 53 resource record that points to an address outside AWS, you can set up health checks for parts of your application running outside AWS, and you can fail over to any endpoint that you choose, regardless of location. For example, you may have a legacy application running in a datacenter outside AWS and a backup instance of that application running within AWS. You can set up health checks of your legacy application running outside AWS, and if the application fails the health checks, you can fail over automatically to the backup instance in AWS.
If failover occurs and I have multiple healthy endpoints remaining, will Route 53 consider the load on my healthy endpoints when determining where to send traffic from the failed endpoint?
Health Checks & DNS Failover
Amazon Route 53 | Networking & Content Delivery
No, Route 53 does not make routing decisions based on the load or available traffic capacity of your endpoints. You will need to ensure that you have available capacity at your other endpoints, or the ability to scale at those endpoints, in order to handle the traffic that had been flowing to your failed endpoint.
How many consecutive health check observations does an endpoint need to fail to be considered “failed”?
Health Checks & DNS Failover
Amazon Route 53 | Networking & Content Delivery
The default is a threshold of three health check observations: when an endpoint has failed three consecutive observations, Route 53 will consider it failed. However, Route 53 will continue to perform health check observations on the endpoint and will resume sending traffic to it once it passes three consecutive observations. You can change this threshold to any value between 1 and 10 observations. For more details, see the Amazon Route 53 Developer Guide.
When my failed endpoint becomes healthy again, how is the DNS failover reversed?
Health Checks & DNS Failover
Amazon Route 53 | Networking & Content Delivery
After a failed endpoint passes the number of consecutive health check observations that you specify when creating the health check (the default threshold is three observations), Route 53 will restore its DNS records automatically, and traffic to that endpoint will resume with no action required on your part.
What is the interval between health check observations?
Health Checks & DNS Failover
Amazon Route 53 | Networking & Content Delivery
By default, health check observations are conducted at an interval of 30 seconds. You can optionally select a fast interval of 10 seconds between observations.
By checking three times more often, fast interval health checks enable Route 53 to confirm more quickly that an endpoint has failed, shortening the time required for DNS failover to redirect traffic in response to the endpoint’s failure.
Fast interval health checks also generate three times the number of requests to your endpoint, which may be a consideration if your endpoint has a limited capacity to serve web traffic. Visit the Route 53 pricing page for details on pricing for fast interval health checks and other optional health check features. For more details, see the Amazon Route 53 Developer Guide.
How much load should I expect a health check to generate on my endpoint (for example, a web server)?
Health Checks & DNS Failover
Amazon Route 53 | Networking & Content Delivery
Each heath check is conducted from multiple locations around the world. The number and set of locations is configurable; you can modify the number of locations from which each of your health checks is conducted using the Amazon Route 53 console or API. Each location checks the endpoint independently at the interval that you select: the default interval of 30 seconds, or an optional fast interval of 10 seconds. Based on the current default number of health checking locations, you should expect your endpoint to receive one request every 2-3 seconds on average for standard interval health checks and one or more requests per second for fast-interval health checks.
Do Route 53 health checks follow HTTP redirects?
Health Checks & DNS Failover
Amazon Route 53 | Networking & Content Delivery
No. Route 53 health checks consider an HTTP 3xx code to be a successful response, so they don’t follow the redirect. This may cause unexpected results for string-matching health checks. The health check searches for the specified string in the body of the redirect. Because the health check doesn’t follow the redirect, it never sends a request to the location that the redirect points to and never gets a response from that location. For string matching health checks, we recommend that you avoid pointing the health check at a location that returns an HTTP redirect.
What is the sequence of events when failover happens?
Health Checks & DNS Failover
Amazon Route 53 | Networking & Content Delivery
In simplest terms, the following events will take place if a health check fails and failover occurs:
Route 53 conducts a health check of your application. In this example, your application fails three consecutive health checks, triggering the following events.
Route 53 disables the resource records for the failed endpoint and no longer serves these records. This is the failover step, which causes traffic to begin being routed to your healthy endpoint(s) instead of your failed endpoint.
Do I need to adjust the TTL for my records in order to use DNS Failover?
Health Checks & DNS Failover
Amazon Route 53 | Networking & Content Delivery
The time for which a DNS resolver caches a response is set by a value called the time to live (TTL) associated with every record. We recommend a TTL of 60 seconds or less when using DNS Failover, to minimize the amount of time it takes for traffic to stop being routed to your failed endpoint. In order to configure DNS Failover for ELB and S3 Website endpoints, you need to use Alias records which have fixed TTL of 60 seconds; for these endpoint types, you do not need to adjust TTLs in order to use DNS Failover.
What happens if all of my endpoints are unhealthy?
Health Checks & DNS Failover
Amazon Route 53 | Networking & Content Delivery
Route 53 can only fail over to an endpoint that is healthy. If there are no healthy endpoints remaining in a resource record set, Route 53 will behave as if all health checks are passing.
Can I use DNS Failover without using Latency Based Routing (LBR)?
Health Checks & DNS Failover
Amazon Route 53 | Networking & Content Delivery
Yes. You can configure DNS Failover without using LBR. In particular, you can use DNS failover to configure a simple failover scenario where Route 53 monitors your primary website and fails over to a backup site in the event that your primary site is unavailable.
Can I configure a health check on a site accessible only via HTTPS?
Health Checks & DNS Failover
Amazon Route 53 | Networking & Content Delivery
Yes. Route 53 supports health checks over HTTPS, HTTP or TCP.
Do HTTPS health checks validate the endpoint’s SSL certificate?
Health Checks & DNS Failover
Amazon Route 53 | Networking & Content Delivery
No, HTTPS health checks test whether it’s possible to connect with the endpoint over SSL and whether the endpoint returns a valid HTTP response code. However, they do not validate the SSL certificate returned by the endpoint.
Do HTTPS health checks support Server Name Indication (SNI)?
Health Checks & DNS Failover
Amazon Route 53 | Networking & Content Delivery
Yes, HTTPS health checks support SNI.
How can I use health checks to verify that my web server is returning the correct content?
Health Checks & DNS Failover
Amazon Route 53 | Networking & Content Delivery
You can use Route 53 health checks to check for the presence of a designated string in a server response by selecting the “Enable String Matching” option. This option can be used to check a web server to verify that that the HTML it serves contains an expected string. Or, you can create a dedicated status page and use it to check the health of the server from an internal or operational perspective. For more details, see the Amazon Route 53 Developer Guide.
How do I see the status of a health check that I’ve created?
Health Checks & DNS Failover
Amazon Route 53 | Networking & Content Delivery
You can view the current status of a health check, as well as details on why it has failed, in the Amazon Route 53 console and via the Route 53 API.
Additionally, each health check’s results are published as Amazon CloudWatch metrics showing the endpoint’s health and, optionally, the latency of the endpoint’s response. You can view a graph of the Amazon CloudWatch metric in the health checks tab of the Amazon Route 53 console to see the current and historical status of the health check. You can also create Amazon CloudWatch alarms on the metric in order to send notifications if the status of the health check changes.
The Amazon CloudWatch metrics for all of your Amazon Route 53 health checks are also visible in the Amazon CloudWatch console. Each Amazon CloudWatch metric contains the Health Check ID (for example, 01beb6a3-e1c2-4a2b-a0b7-7031e9060a6a) which you can use to identify which health check the metric is tracking.
How can I measure the performance of my application’s endpoints using Amazon Route 53?
Health Checks & DNS Failover
Amazon Route 53 | Networking & Content Delivery
Amazon Route 53 health checks include an optional latency measurement feature which provides data on how long it takes your endpoint to respond to a request. When you enable the latency measurement feature, the Amazon Route 53 health check will generate additional Amazon CloudWatch metrics showing the time required for Amazon Route 53’s health checkers to establish a connection and to begin receiving data. Amazon Route 53 provides a separate set of latency metrics for each AWS region where Amazon Route 53 health checks are conducted.
