Route 53

Question 1

What are the different record types

Answer 1

A
AAAA
CNAME
NS

Question 2

What does an A record type map to

Answer 2

A record type maps a hostname to IPv4

Question 3

What does an CNAME record type map to

Answer 3

CNAME record type maps a hostname to another hostname

The target is a domain name which must have an A or AAAA record

Can’t create for example.com, but you can create for www.example.com

Ex app.mydomain.com => blabla.anything.com
But only for non root domain..(aka “something.mydomain.com”)

This is different from an Alias which points a hostname to an AWS resource

Ex app.mydomain.com => blabla.amazonaws.com
Works for root domain and non root domain (aka “mydomain.com”
Its free of charge and has a native health check

Question 4

What does an AAAA record type map to

Answer 4

AAAA record type maps a hostname to IPv6

Question 5

What does an NS record type map to

Answer 5

It is name servers for the hosted zone. It controls how traffic is routed for a domain

Question 6

What are targets for Alias records

Answer 6

ELBs
CloudFront Distributions
API Gateway
Elastic Beanstalk Env
S3 Websites
Route 53 record in the same hosted zone

You cannot set an ALIAS record for an EC2 DNS name

Question 7

What are the possible Route 53 records TTL

Answer 7

High TTL - ex 24hr: Less traffic on Route 53, possibly outdated records

Low TTL - ex 60sec: More traffic on Route 53, less outdated records

Except for Alias records, TTL is mandatory for each DNS

Question 8

Route 53 has multiple routing policies, explain the simple routing policy

Answer 8

It routes traffic to a single resource
Ex Client tries to connect to foo.example.com
Route 53 returns 11.22.33.44

It can specify multiple values in the same record, but a random one is chosen by the client
Ex Client tries to connect to foo.example.com
Route 53 returns 11.22.33.44, 55.66.77.88, 99.11.22.33

Question 9

Route 53 has multiple routing policies, explain the Weighted routing policy

Answer 9

With weighted you can control the percent of the requests that go to each specific resource. Example, you can have 70% of traffic go to one server, and 30% go to another server. Usually these can be used when load balancing between regions or testing new application versions. It can be associated with health checks

Question 10

Route 53 has multiple routing policies, explain the Latency-based routing policy

Answer 10

Redirect to the resource that has the least latency close to us. It can be associated with health checks and has a failover capability

Question 11

Route 53 has multiple routing policies, explain the Failover (active passive) routing policy

Answer 11

DNS requests will be routed to a primary instance with a health check which is mandatory. If the HC fails, the requests will failover to a secondary instance which is passive until the failed HC

Question 12

Route 53 has multiple routing policies, explain the Geolocation routing policy

Answer 12

This is based on user location. You can specify by country, continent or US state. You should create a default record in case there is no match on location. It can be associated with health checks

Question 13

Route 53 has multiple routing policies, explain the Geoproximity routing policy

Answer 13

Route traffic based on the geographic location of users and resources. You can change the size of the geographic region by specifying bias values: to expand (1 to 99), to shrink (-1 to -99).

You must use Route 53 traffic flow to use this feature

Question 14

What is traffic flow in route 53

Answer 14

It allows you to create geoproximity rules which can be saved as traffic flow policy

Question 15

Route 53 has multiple routing policies, explain the Multi-value routing policy

Answer 15

Use when routing traffic to multiple resources

Route 53 can return multiple values and it can be associated with health checks. Only healthy resources will return values

Up to 8 healthy records are returned for each multi-value query

Question 16

Route 53 has multiple routing policies, explain the IP Based routing policy

Answer 16

Routing is based on clients IP address. You can route end users from a particular IP to a specific endpoint. You can define CIDR blocks and route IPs under them to specific resources

Question 17

What are route 53 hosted zones

Answer 17

It is a container for records that define how to route traffic to a domain and subdomains

Question 18

What are the two types of hosted zones

Answer 18

Public Hosted Zones - contains records that specify how to route traffic on the internet

Private Hosted Zones - contains records that specify how to route traffic with one or more VPCs. Note: you must enable the VPC settings enableDnsHostnames and enableDnsSupport

Question 19

What is DNSSEC

Answer 19

DNS Security Extensions is a protocol for securing DNS traffic, it verifies DNS data integrity and origin. It protects against Man in the Middle attacks and only works with public hosted zones

Question 20

How are health checks used in Route 53

Answer 20

HTTP health checks are for public resources

You have health checks that monitor an endpoint (application or server)

Health checks that monitor other health checks (Calculated HC)

Health checks that monitor CW alarms

Question 21

What is a calculated health check

Answer 21

It is combining multiple health checks into one. You have a parent HC which can monitor up to 256 child HCs. You can specify how many of the HCs need to pass to make the parent HC pass.

Question 22

What is the HC that monitors an endpoint

Answer 22

You have health checks that monitor an endpoint (application or server)

HC pass only when the endpoint responds with the 2xx and 3xx status codes

HC can be setup to pass/fail based on the text in the first 5120 bytes of the response

Question 23

How do we have health checks in private hosted zones

Answer 23

By creating a health check outside of the VPC to monitor a cloudwatch alarm within the VPC

Question 24

How can we have an on premise server, query a private server in our VPC in the cloud

Answer 24

Through the use of an Resolver Inbound endpoint

The on premise server will query its on-premise DNS resolvers

The on-premise DNS resolvers which would have a forwarding rule with the Route 53 target IP in it will forward it to the Resolver Inbound Endpoint in the private VPC

The Resolver Inbound Endpoint will forward the request to Route 53 resolver in the cloud which will lookup the query in the Private Hosted zone and return the information back downstream to the on-premise server

Question 25

How can we have a private server in our VPC in the cloud, query an on premise server

Answer 25

Through the use of an Resolver Outbound endpoint

The cloud server will query its Route 53 resolver which will have a forwarding rule to forward the query to a target IP

Route 53 resolver will forward it to the Resolver Outbound Endpoint which will forward it to the On-premise DNS Resolvers

Which will forward it to the server

Question 26

What are the types of resolver rules

Answer 26

Conditional forwarding rules: Forward DNS queries to target IPs

System rules: Override forwarding rules

Auto-defined system rules: Defines rules for selected domains like private AWS hosted zones

If multiple rules matched, Route 53 Resolver chooses the most specific match

Resolver Rules can be shared across accounts using AWS Resource Access Manager