Route 53

Question 1

What Is DNS?

Answer 1

DNS stands for “Domain Name System.” It’s like the internet’s phone book – a system that translates human-friendly domain names (like www.example.com) into the numerical IP addresses that computers use to identify each other on the internet.

Question 2

What is Top-Level Domain?

Answer 2

If we look at common domain names (e.g., google.com, bbc.co.uk, and acloud.guru), you will notice a string of characters separated by dots (periods).
The last word in a domain name represents the top-level domain.
The second word in a domain name is known as a second-level domain
name (this is optional, though, and depends on the domain name).

• Are controlled by the Internet Assigned Numbers Authority (IANA)

Question 3

What are Domain Registrars?

Answer 3

A registrar is an authority that can assign domain names directly under one or more top-level domains.
These domains are registered with InterNIC, a service of ICANN, which enforces the uniqueness of domain names across the internet.

Question 4

What is a SOA record?

Answer 4

SOA stands for “Start of Authority.” In DNS, the SOA record is a crucial record type that provides essential information about a particular domain. It serves as the starting point for managing the domain’s DNS settings.

Question 5

What are NS records?

Answer 5

NS records are used by top-level domain servers to
direct traffic to the content DNS server that contains
the authoritative DNS records.

Question 6

What Is an A Record?

Answer 6

An A (or address) record is the fundamental type of
DNS record.
The A record is used by a computer to translate
the name of the domain to an IP address.
For example, http://www.google.com
might point to http://123.10.10.80

Question 7

What Is a TTL?

Answer 7

The length that a DNS record is cached on either the resolving server or the user’s own local PC is equal to the value of the time to live (TTL) in seconds.

The lower the time to live, the faster changes to DNS records take to propagate throughout the internet.

Question 8

What Is a CNAME?

Answer 8

A CNAME (canonical name) can be used to resolve one domain name to another. For example, you may have a mobile website with the domain name http://m.acloud.guru that is used when users browse your domain name on their mobile devices.

A CNAME cannot be used to point to naked domain names(catagram.io).

Question 9

What are Alias Records?

Answer 9

Alias records are used to map resource record sets in your hosted zone to load balancers,CloudFront distributions, or S3 buckets that are configured as websites.

Alias records work like a CNAME record in that you can map one DNS name (www.example.com) to another “target” DNS name (elb1234.elb.amazonaws.com).

Question 10

CNAME vs Alias Records

Answer 10

CNAME records are used to alias one domain name to another, typically for subdomains, while Alias records are specific to AWS services and are used to map a domain or subdomain to an AWS resource, supporting both root domains and subdomains.

A CNAME cannot be used to point to naked domain names(catagram.io).

No charge for alias records pointing at AWS resources.

Question 11

What Is Route 53?

Answer 11

Route 53 is Amazon’s DNS service.
It allows you to register domain names, create
hosted zones, and manage and create DNS
records.
Route 53 is named after Route 66 (one of the
original highways across the United States) but is
called 53 because DNS operates on port 53.

Question 12

Name the 7 Routing Policies Available with Route 53?

Answer 12

1. Simple Routing
2. Weighted Routing
3. Latency-Based Routing
4. Failover Routing
5. Geolocation Routing
6. Geoproximity Routing
   (Traffic Flow Only)
7. Multivalue Answer Routing

Question 13

Explain the Simple Routing Policy.

Answer 13

If you choose the simple routing policy, you can only have one record with multiple IP addresses.
If you specify multiple values in a record, Route 53 returns all values to the user in a random order.

Does not support health checks.

Question 14

What are Health Checks in Route 53?

Answer 14

• You can set health checks on individual record sets.
• If a record set fails a health check, it will be removed from Route 53 until it passes the health check.
  -You can set SNS notifications to alert you about failed health checks.
• If more than 18% of the health checkers report as healthy then it is considered healthy.

Question 15

Explain the Weighted Routing Policy.

Answer 15

Allows you to split your traffic based on different weights assigned.
For example, you can set 10% of your traffic to go to us-east-1 and 90% to go to eu-west-1. Includes health checks.

Good for simple load balancing or when testing new software.

if an unhealthy record is selected the process is repeated until a healthy record is selected.

Question 16

Explain the Latency Routing Policy.

Answer 16

Allows you to route your traffic based on the lowest network latency for your end user (i.e., which region will give them the fastest response time).

Question 17

Explain Failover Routing Policy.

Answer 17

Failover routing policies are used when you want to create an active/passive setup.
For example, you may want your primary site to be in eu-west-2 and your secondary disaster recovery site in ap-southeast-2.
Route 53 will monitor the health of your primary site using a health check.

Question 18

Explain Geolocation Routing Policy.

Answer 18

Geolocation routing lets you choose where your traffic will be sent based
on the geographic location of your users (i.e., the location from which DNS queries originate).

Ideal for restricting content based on location or language-specific content, or load balancing across regional endpoints.

It is not about the “closest” records. It returns relevant records(By state, country, continent, or default). For example: You will not get a Canadian record if you are in the UK and no closer record exists(this is geoproximity). You will get the default if it has been set, otherwise nothing!

Question 19

Explain Geoproximity Routing Policy.

Answer 19

• Returns the closest distance.
• Geoproximity routing lets Amazon Route 53 route traffic to your resources based on the geographical location of your users and your resources.
• You can also optionally choose to route more traffic or less to a given resource by specifying a value, known as a bias. A bias expands or shrinks the size of the geographic region from which traffic is routed to a resource.
• To use geoproximity routing, you must use Route 53 traffic flow.

Question 20

Explain Multivalue Answer Routing

Answer 20

You can specify multiple values for almost any record, but multivalue answer routing also lets you check the health of each resource, so Route 53 returns only values for healthy resources.

This is similar to simple routing; however, it allows you to put health checks on each record set.

Up to 8 are returned to the client.

Question 21

What is a public-hosted zone in R53?

Answer 21

A public-hosted zone is a container that holds information(resource records) about how you want to route traffic on the internet for a specific domain that is accessible from the public internet.

Each public-hosted zone has 4 name servers(NS) that are accessible through the internet.

Question 22

What is a split-view or split-horizon DNS?

Answer 22

Split-view or split-horizon DNS is a DNS configuration that provides different sets of DNS records to different clients, depending on their source address. This can be used to provide different levels of access to different resources or to improve the performance and reliability of DNS resolution.

For example, you could use split-view DNS to provide different DNS records to internal(from a VPC) and external clients(public internet). Internal clients could be provided with DNS records for internal resources, such as file servers and databases. External clients could be provided with DNS records for external resources, such as websites and email servers.

Question 23

What is DNSSEC?

Answer 23

DNSSEC strengthens authentication in DNS using digital signatures based on public key cryptography. With DNSSEC, it’s not DNS queries and responses themselves that are cryptographically signed, but rather DNS data itself is signed by the owner of the data.