AWS Route53

Question 1

What is Route53?

Answer 1

It is an external or internal DNS service (not a server)?

Question 2

Can I use Route53 for on-prem when I have a direct connect?

Answer 2

No, the request has to come from inside AWS networking.

Question 3

What is an internal hosted zone?

Answer 3

It is a Route53 zona that can act as a DNS service for the VPC.

Question 4

I have many instances in a VPC and I want and existing already provided www.ms.com to point to a different IP, what cna I do?

Answer 4

You could set up a Route53 internal zone for ms.com, create a www A record to point to the new IP.

Question 5

Is is the Route53 Resolver used for?

Answer 5

It is a regional service that enables you to route DNS queries between on-prem and your VPC so they can be resolved by Route53. And also between your VPC and your on-prem so instances can resolve again on-prem DNS.

Question 6

How does the Route53 Resolved work?

Answer 6

It enables you to create an Inbound Endpoint that can be accessed from the on-prem network.

Question 7

When I create a Route53 Resolver, is it only deployed to a single availability zone?

Answer 7

No, the Route53 Resolver is deployed to tow subnets in two availability zones where you specify two servers to resolve again.

Question 8

What is a Route53 Resolved inbound endpoint?

Answer 8

It is an endpoint create do=in two separate availability zones that enable on-prem servers to resolve again Route 53.

Question 9

What is a Route53 Resolved outbound endpoint?

Answer 9

It is an endpoint, created in two subnets in two availability zones that enables DNS queries to be forwared to on-prem DNS server.

Question 10

I am using a Ropute53 Resolver but I want to be able to forward only some queries to on-prem, is the possible?

Answer 10

Yes, use the Route53 Resolver Forwarding rule.

Question 11

Can I access Route 53 private zone sform on-prem?

Answer 11

Yes, you can use the Route 53 Resolved to forwared queries. This used to not be the case until 2019.

Question 12

What is a Route 53 resolver?

Answer 12

It is an endpoint that is placed in a subnet in two AZs that enables open-prem to use the route53 service.

Question 13

I have an on-prem DNS server, how do I make the instance in my VPC get access to this on-prem DNS?

Answer 13

I create an outbound Route53 resolver.

Question 14

I have a VPC with two subnets, I also have a VPN connection to my on-prem, when I try to resolve the hostnames of the instance from on-prem I get the public IP, I want the private IP, what options do I have to resolve this issue?

Answer 14

I cna create an incoming Route53 resolved that will act as a proxy in by subnets, I cna ten add this DNS resolved as a DSN server on my on-prem a and set up on forwarding rules. This will enable;le the on-prem DNS server t use the resolver to get the information.

Question 15

Are Route53 resolvers highly available?

Answer 15

Yes, when you create one you will be asked to select two subnets in two separate availability zones.

Question 16

I wnat to log all queries to my public Route53 DNS server, how can I architect this?

Answer 16

You can set up Route53 to send its DNS queries to CloudWatch logs.

Question 17

I need to register a domain, how can I do this in AWS?

Answer 17

You can use Route53 to register a domain.

Question 18

What is the difference between a public and private hosted zone?

Answer 18

• The private hosted zone has an endpoint in your VPC

- The public hosted zone has an endpoint that is on th internet.

Question 19

What is a recordset?

Answer 19

It is a subdomain entry that holds a pointer t the iP for example.

Question 20

What is a quad-A record?

Answer 20

It is an ipv6 A record.

Question 21

What is an alias record in Route53?

Answer 21

It is an A record that points at an AWS service if the service IP updates it will be updated in Route53.

Question 22

What is a routing policy?

Answer 22

Enables you to define how the incoming DNS request will be handled by Route53, there are options,

• Simple routing
• Failover routing
• Geolocation routing
• latency-based routing
• Weighted
• Multi answer

Question 23

What are the types of routing you can have?

Answer 23

• Simple routing: No special routing just respond with records, Like www.keith-tobin.com responds with 33.44.33.44
• Failover routing: Rote traffic to a healthy resource, unhealthy resources receive no traffic
• Geolocation routing: Lets you send traffic from EU user to say Frankfort and US user to use-east01
• latency-based routing:
• Weighted
• Multi answer

Question 24

Is it possible for an alias record to point to an ‘A’ record?

Answer 24

Yes, 100%, when you select the alias you get the option to select existing recordset (hosted zone record).

Question 25

Do I use a CNAME to point to CloudFront?

Answer 25

No, you use an alias.

Question 26

Do I use a CNAME to point to S3?

Answer 26

No, you use an alias.

Question 27

Explain latency based routing?

Answer 27

When you have two locations like eu-west-1 and us-west-1, the user will be routed to the location with the lowest routing path. This is done by AWS figuring out the lowest past to both regions and then directing the user by returning DNS record to thet location with the lowest routing path time.

Question 28

I am using latency based routing, I have two AWS regions service web traffic, they are close together like Ireland and the UK, I am located in Germany, I am using latency based routing, explain which of the two my traffic will go to form the Germany location?

Answer 28

Traffic will go to the region with the measures smallest latency path, this is done by AWS measuring the latency in the path form your location to both regions and then returning a DNS record directing you to thet region with the shortest, lowest latency path for your location.

Question 29

I have a primary and secondary web server in two regions, I wnat to set up failover when the primary fails and have traffic routed to the secondary, how cna I do this?

Answer 29

- Set up Route53 Failover routing | - Create a health check to the primary

Question 30

What is a Route 53 health check?

Answer 30

It will monitor the status of your resource

Question 31

I have a CloudWatch alarm on my Instance application, I wnat to have the DNS failover to another region when this alarm is triggered, how can I do this?

Answer 31

You can create Route53 health check and have it monitor the alarm, you can use this alarm to failover to another region.

Question 32

How can I return multiple values to a DNS request?

Answer 32

You just create more than a single record of type multi-value in Route53 of the same type.

Question 33

How can I return multiple values to a DNS request, but only when the resource is healthy?

Answer 33

You just create more than a single record of type multi-value in Route53 of the same type and associate with a health check.

Question 34

What are the max records in a multi-value in Route 53?>

Answer 34

8

Question 35

How can I select a country and have traffic sent to an AWS region?

Answer 35

You cna use Geolocation routing in Route 53, this is where you create the record and say what the country and the region it should go to.

Question 36

I want to stop Asia from been routed to my application, how cna I do this?

Answer 36

You can create a geolocation record in route 53 and point it at a static s3 page daying 'Asia region not supported'.

Question 37

How is geolocation happening by AWS?

Answer 37

IPs are mapped to regions and countries, it a large database.

Question 38

I am using geolocation and I wnat to ensure that when users outside a region try to access my application thye are sent to an S3 page saying 'region not supported'

Answer 38

You create a geolocation record for the region you wnat and point it at your valid server, you create a record with 'default' thet will send all other users to your S3 'region not supported ' page.

Question 39

I wnat to preform a Route53 health check on a resource in my private VPC, is this possible?

Answer 39

Yes, health checks can be performed on a private VPC.

Question 40

Can I perform a health check on a TCP endpoint?

Answer 40

Yes, Route 53 will open a socket and if it can market it as up and running.

Question 41

Can I perform a health check on a domain?

Answer 41

Yes, you have the option of domain or IP

Question 42

What is AWS doing when it dose health checks?

Answer 42

It is sending health checks form multiple-regions

Question 43

I have a weight record type and I set one record to 0, what will happen?

Answer 43

Traffic will be stopped from sending (no DNS response returned), all traffic goes to other records in the weight.

Question 44

Can you create a hosted zone for a VPC?

Answer 44

Yes, 100%, you selected your VPC from the regions VPC's listed.

Question 45

I have an on-prem DNS, how can I have records resolved to it?

Answer 45

Use the DNS resolved and set up a rule, this could be like, send all keith-tobin.com request to it. When you set up the resolved, the resolved will place two VPC endpoints in your VPC.

Question 46

When using the resolved, I wnat to create a single endpoint for both in and out, is this possible?

Answer 46

Yes, 100%, the endpoint can be used for both in and out for the resolved, within being requests coming from corporate and out been requests going to corporate.

Question 47

What can I do with a traffic policy?

Answer 47

``` You can create complex rules form, - Latency -Geolocation - Multi-value - Weighted - Failover You can string these together to visually create very complex rule sets for traffic. ```

Question 48

What is failover routing?

Answer 48

This is when the primary fails, the traffic is sent to the secondary address. For this, you have to set up a health check.

Question 49

How can I get notified when my site is down?

Answer 49

Create a health check and set the notification to SNS and from SNS subscribe as normal?

Question 50

How cna I monitor health check history to see when things were up or down?

Answer 50

You cna use CloudWatch metrics, CW will have a HealthCheckStatus for each health check?

Question 51

How can I have a lambda kicked off when a site goes down?

Answer 51

You cna have a Ropute63 health check with and SNS and have the SNS fire off a lambda or you can have CW fire an alarm that triggers a lambda.

Question 52

Can I use Route 53 to provide DNS for my non-AWS site?

Answer 52

Yes 100%, traffic can be sent to any IP endpoint.

Question 53

When I register a domain in Route53, what can I doing?

Answer 53

You are telling the TLD where your authoritative name servers are, in the case of AWS this will be 4 DNS servers thet will respond when queried with your domain name and return the IP address.

Question 54

Explain how DNS works

Answer 54

Your servers query you DNS server Your DNS server queries the DNS Root, root return the TLD You query the TLD, TLD returns the authoritative (AWS) servers You query the authoritative servers authoritative returns the IP of the domain you queried,

Question 55

What is a hosted zone?

Answer 55

This is where you store your DNS records and it defines what will be pushed to you authoritative name servers so the name servers can respond to queries for your domain.

Question 56

name the parts of the URL, like http://www.google.com/search?keith=dog

Answer 56

http:// is the protocol www. is the subdomain google is the domain com is the TLD (Top level domain) path vis the directory ?keith=dog is the query

Question 57

What are the two types of hosted zones?

Answer 57

public, where is available on the public internet | private, where is available in your VPC.

Question 58

What is a health check?

Answer 58

This is where you can in Route53 create a 'health check' thet will go and ensure your resources is healthy and capable of receiving and processing request or connection. It does this by doing one of the following operations, -TCP connection - HTTP (L7) request - HTTPS (L7) You can use the IP or domain name and can also configure what regions the health check will be performed form as it is performed form one or more regions.

Question 59

What is an AWS Alias record?

Answer 59

This is a special 'A' record type, you cna point it at an AWS service and it will figure the IP of the service to return, even if that service IP changes it will know the correct IP to return. This type of records can also point to other records.

Question 60

In route 53 how can I get an 'A' to point to another 'A record'

Answer 60

You cna use an 'A' record with an Alais to point to another record.

Question 61

What is an apex?

Answer 61

This is like keith-tobin.cojm and not h1.keith-tobin.com

Question 62

How do you set up a failover record type of Route53?

Answer 62

You set up two records of the 'failover', one primary and one secondary, you also set up a health check.

Question 63

Can you have health check every 1sec?

Answer 63

No, you have an option of every 30 sec as standard and every 10 sec for fast, for fast, you pay a little more.

Question 64

How can you create a DNS failover in your VPC?

Answer 64

You can use the 'failover' record and use a health check. But you can not use the endpoint and will have to use the CloudWatch or Instances status. You can alos create a cloud watch even to trigger a lambda to perform ping and then up

Question 65

If I have an LB and 3 instances and the same in a second region and both these regions have Route53 with health checks and 2 instances in the first region fail will the Route53 health check see it?

Answer 65

No, the Route53 health check is checking the whole region as in the LB will respond, if the LB has at least 1 instances responding the Route53 health check will pass and be good.

Question 66

If I have 3 servers and thet all have public-facing IP and running web servers, how cna I used a Route53 simple record to perform a sort of load balancing?

Answer 66

Create a record and add all 3 IPs, Route53 will randomly return on of the IPs

Question 67

What is the traffic flow?

Answer 67

This is where you can combine different rooting policies into complex routing patterns.

Question 68

With R53 health checks can you monitor with cloudwatch alarms?

Answer 68

Yes, 100%, C loudWacth you can select the metric and then set the notification to SNS.

Question 69

Is it possible to get logs from Route53?

Answer 69

Yes, but only for private DNS zones, public DNS zones are not supported.

Question 70

Can you enable logging for private DNS zones?

Answer 70

No, only public DNS zones.

Question 71

How is logging configure in Route53?

Answer 71

You configure Route53 to push logs to CloudWatch logs, by creating a log group and supply an IAM role.