Route 53 Flashcards

1
Q

What are the different record types

A

A
AAAA
CNAME
NS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What does an A record type map to

A

A record type maps a hostname to IPv4

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

What does an CNAME record type map to

A

CNAME record type maps a hostname to another hostname

The target is a domain name which must have an A or AAAA record

Can’t create for example.com, but you can create for www.example.com

Ex app.mydomain.com => blabla.anything.com
But only for non root domain..(aka “something.mydomain.com”)

This is different from an Alias which points a hostname to an AWS resource

Ex app.mydomain.com => blabla.amazonaws.com
Works for root domain and non root domain (aka “mydomain.com”
Its free of charge and has a native health check

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

What does an AAAA record type map to

A

AAAA record type maps a hostname to IPv6

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

What does an NS record type map to

A

It is name servers for the hosted zone. It controls how traffic is routed for a domain

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What are targets for Alias records

A

ELBs
CloudFront Distributions
API Gateway
Elastic Beanstalk Env
S3 Websites
Route 53 record in the same hosted zone

You cannot set an ALIAS record for an EC2 DNS name

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

What are the possible Route 53 records TTL

A

High TTL - ex 24hr: Less traffic on Route 53, possibly outdated records

Low TTL - ex 60sec: More traffic on Route 53, less outdated records

Except for Alias records, TTL is mandatory for each DNS

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

Route 53 has multiple routing policies, explain the simple routing policy

A

It routes traffic to a single resource
Ex Client tries to connect to foo.example.com
Route 53 returns 11.22.33.44

It can specify multiple values in the same record, but a random one is chosen by the client
Ex Client tries to connect to foo.example.com
Route 53 returns 11.22.33.44, 55.66.77.88, 99.11.22.33

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

Route 53 has multiple routing policies, explain the Weighted routing policy

A

With weighted you can control the percent of the requests that go to each specific resource. Example, you can have 70% of traffic go to one server, and 30% go to another server. Usually these can be used when load balancing between regions or testing new application versions. It can be associated with health checks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

Route 53 has multiple routing policies, explain the Latency-based routing policy

A

Redirect to the resource that has the least latency close to us. It can be associated with health checks and has a failover capability

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

Route 53 has multiple routing policies, explain the Failover (active passive) routing policy

A

DNS requests will be routed to a primary instance with a health check which is mandatory. If the HC fails, the requests will failover to a secondary instance which is passive until the failed HC

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

Route 53 has multiple routing policies, explain the Geolocation routing policy

A

This is based on user location. You can specify by country, continent or US state. You should create a default record in case there is no match on location. It can be associated with health checks

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

Route 53 has multiple routing policies, explain the Geoproximity routing policy

A

Route traffic based on the geographic location of users and resources. You can change the size of the geographic region by specifying bias values: to expand (1 to 99), to shrink (-1 to -99).

You must use Route 53 traffic flow to use this feature

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

What is traffic flow in route 53

A

It allows you to create geoproximity rules which can be saved as traffic flow policy

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

Route 53 has multiple routing policies, explain the Multi-value routing policy

A

Use when routing traffic to multiple resources

Route 53 can return multiple values and it can be associated with health checks. Only healthy resources will return values

Up to 8 healthy records are returned for each multi-value query

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Route 53 has multiple routing policies, explain the IP Based routing policy

A

Routing is based on clients IP address. You can route end users from a particular IP to a specific endpoint. You can define CIDR blocks and route IPs under them to specific resources

17
Q

What are route 53 hosted zones

A

It is a container for records that define how to route traffic to a domain and subdomains

18
Q

What are the two types of hosted zones

A

Public Hosted Zones - contains records that specify how to route traffic on the internet

Private Hosted Zones - contains records that specify how to route traffic with one or more VPCs. Note: you must enable the VPC settings enableDnsHostnames and enableDnsSupport

19
Q

What is DNSSEC

A

DNS Security Extensions is a protocol for securing DNS traffic, it verifies DNS data integrity and origin. It protects against Man in the Middle attacks and only works with public hosted zones

20
Q

How are health checks used in Route 53

A

HTTP health checks are for public resources

You have health checks that monitor an endpoint (application or server)

Health checks that monitor other health checks (Calculated HC)

Health checks that monitor CW alarms

21
Q

What is a calculated health check

A

It is combining multiple health checks into one. You have a parent HC which can monitor up to 256 child HCs. You can specify how many of the HCs need to pass to make the parent HC pass.

22
Q

What is the HC that monitors an endpoint

A

You have health checks that monitor an endpoint (application or server)

HC pass only when the endpoint responds with the 2xx and 3xx status codes

HC can be setup to pass/fail based on the text in the first 5120 bytes of the response

23
Q

How do we have health checks in private hosted zones

A

By creating a health check outside of the VPC to monitor a cloudwatch alarm within the VPC

24
Q

How can we have an on premise server, query a private server in our VPC in the cloud

A

Through the use of an Resolver Inbound endpoint

The on premise server will query its on-premise DNS resolvers

The on-premise DNS resolvers which would have a forwarding rule with the Route 53 target IP in it will forward it to the Resolver Inbound Endpoint in the private VPC

The Resolver Inbound Endpoint will forward the request to Route 53 resolver in the cloud which will lookup the query in the Private Hosted zone and return the information back downstream to the on-premise server

25
Q

How can we have a private server in our VPC in the cloud, query an on premise server

A

Through the use of an Resolver Outbound endpoint

The cloud server will query its Route 53 resolver which will have a forwarding rule to forward the query to a target IP

Route 53 resolver will forward it to the Resolver Outbound Endpoint which will forward it to the On-premise DNS Resolvers

Which will forward it to the server

26
Q

What are the types of resolver rules

A

Conditional forwarding rules: Forward DNS queries to target IPs

System rules: Override forwarding rules

Auto-defined system rules: Defines rules for selected domains like private AWS hosted zones

If multiple rules matched, Route 53 Resolver chooses the most specific match

Resolver Rules can be shared across accounts using AWS Resource Access Manager