Route 53 Flashcards
This deck aims to help retain concepts related to the AWS Route 53 service.
What are the main features of a Route 53 Public Hosted Zone?
- Accessible from both the public internet and VPCs
- Authoritative for a specific domain
- Externally registered domains can point to a Route 53 Public Hosted Zone
- Hosts DNS records (e.g. A, AAAA, MX, NS, TXT)
Which Route 53 component contains information about how to route traffic on the internet for a specific domain and its subdomains?
Public Hosted Zone
What Route 53 feature allows DNS resolution for internal resources accessible only within specified VPCs?
Private Hosted Zone
What are the main features of a Route 53 Private Hosted Zone?
- Inaccessible from the public internet
- Accessible only from associated VPCs (from current account or other accounts)
What instructions reside in authoritative DNS servers and provide information about a domain, including the associated IP address and how to handle requests for that domain?
DNS Records
When creating a DNS record in Route 53, what configurations must be provided?
- Record Name (e.g., accounting.example.com),
- Record Type (e.g., A)
- Record Value (e.g. 229.44.81.208)
- TTL in seconds (e.g., 300)
- Routing Policy (e.g., simple routing)
Which architectural approach allows the DNS server to respond differently to the same DNS query based on the source of the query (public or private)?
Split-view DNS
Hosted Zones (Public and Private) can mirror their records, but additional subdomains may only be accessible from VPCs associated with a Private Hosted Zone and not from the Public
What is the difference between CNAME and ALIAS record types?
- CNAME maps a name to another name (e.g. www.example.com to example.com) and cannot be used for the apex domain (e.g. example.com)
- ALIAS is an AWS-specific record type used only in Route 53 that maps a name to an AWS resource (e.g. example.com to an Elastic Load Balancer, API Gateway, CloudFront, Elastic Beanstalk, Global Accelerator, S3), it can be used for the apex domain, incurs no additional cost, and is the default choice for routing traffic to AWS services
What types of Route 53 Health Checks are available?
- Endpoint health check
- Calculated health check (monitors status of other health checks)
- State of CloudWatch alarms health check
Are Route 53 Health Checks configured within Route 53 records?
Health Checks are configured separately but are used by Route 53 records
Which Route 53 feature monitors the health and performance of web applications, web servers, and other resources?
Route 53 Health Checks
How are Route 53 Health Checks performed, and how frequently?
Health checks are performed every 30 seconds (default), or every 10 seconds (with additional cost), by globally distributed health checkers
Which protocols are supported for Route 53 Health Checks?
- TCP
- HTTP/HTTPS
- HTTP/HTTPS with String Matching
What criteria does Route 53 use to determine if an endpoint is healthy?
An endpoint is considered healthy if 18% or more of health checkers report that the endpoint is healthy
Does Route 53 return records that fail Health Checks?
No, unhealthy record is not returned in DNS queries, an SNS topic can be configured to trigger notifications when an endpoint is unhealthy
What defines how DNS queries are directed to specific resources in AWS Route 53 based on factors like location, health checks, or traffic load?
Routing Policy
Which Route 53 Routing Policy is used to direct traffic to a single resource, such as a web server?
Simple Routing policy
What types of Routing Policies are available in Route 53?
- Simple Routing
- Failover Routing
- Multi-value Routing
- Weighted Routing
- Latency Routing
- Geolocation Routing
- Geoproximity Routing
Name a Route 53 Routing Policy with the following characteristics:
- Can create records in a private hosted zone
- One record per name
- Each record can have multiple values returned in random order
- The client selects and uses one value
- Does not support health checks
Simple Routing Policy
Which Route 53 routing policy is used for an active-passive failover configuration?
Failover Routing Policy
Name a Route 53 Routing Policy with the following characteristics:
- Can create records in a private hosted zone
- Supports multiple records per name (primary and secondary)
- Includes health checks (typically on the primary record)
- Returns the secondary record if the primary record is unhealthy
Failover Routing Policy
Which Route 53 Routing Policy responds to DNS queries with up to eight healthy randomly selected records?
Multi-value Routing Policy
Name a Route 53 Routing Policy with the following characteristics:
- Can create records in a private hosted zone
- Functions like a combination of simple and failover routing
- Supports multiple records with the same name
- Each record returns a different value
- Each record can have an associated health check
- Returns up to 8 healthy records (randomly selected) to the client
- Aims to improve availability (typically used for active-active workloads)
Multi-value Routing Policy
Which Route 53 Routing Policy is used to route traffic to multiple resources in specified proportions?
Weighted Routing Policy
Name a Route 53 Routing Policy with the following characteristics:
- Can create records in a private hosted zone
- Supports multiple records with the same name
- Each record can have an associated weight (total of 100)
- Records with a weight of 0 are never returned (unless all records are set to 0)
- Can be combined with health checks (the process is repeated until a healthy record is chosen)
- Used for load balancing and testing new versions of software
Weighted Routing Policy
Which Route 53 Routing Policy routes traffic to the resources that provide the lowest latency across multiple AWS Regions?
Latency Routing Policy
Name a Route 53 Routing Policy with the following characteristics:
- Can create records in a private hosted zone
- Supports multiple records with the same name
- Each record can be associated with an AWS Region
- AWS maintains a database of latencies between different regions
- The record with the lowest latency is selected and returned
- Can be combined with health checks (returns a healthy record that provides the lowest latency)
- Used to optimize performance and user experience
Latency Routing Policy
Which Route 53 Routing Policy routes traffic based on users’ locations?
Geolocation Routing Policy
Name a Route 53 Routing Policy with the following characteristics:
- Can create records in a private hosted zone
- Each record is tagged with a location ISO code (country, continent, default)
- IP checks verify the users’ location (normally the resolver)
- Returns relevant records (not necessarily the closest)
- If no location matches, the default record is returned
- If no default record is set, nothing is returned
- Used to restrict content, enforce regional restrictions, provide language-specific content, and load balance across regional endpoints based on customer location
Geolocation Routing Policy
Which Route 53 Routing Policy routes traffic based on the location of resources and can optionally shift traffic between resources in different locations?
Geoproximity Routing Policy
Name a Route 53 Routing Policy with the following characteristics:
- Can create records in a private hosted zone
- Each record can be tagged with an AWS Region or coordinates
- Directs user requests to the closest resources
- Adding a “+” bias to rules increases the size of the region and decreases the size of neighboring regions
Geoproximity Routing Policy
What DNS feature authenticates responses to domain name lookups, preventing attackers from manipulating or poisoning the responses, but does not provide privacy protections for those lookups?
Domain Name System Security Extensions (DNSSEC)
What are the benefits of using DNSSEC?
- Origin authentication (data origin verification)
- Data integrity protection (prevents data modification in transit)
- Provides a cryptographically verifiable DNS chain of trust (from DNS root zone to DNS records)
- Helps protect against poisoned DNS caches, which could return malicious IP addresses from DNS queries
What is the resiliency posture of the AWS Route 53 service?
Route 53 is a Globally resilient service
Which routing policy should be used in Route 53 to equally split requests between two load balancers in different regions?
Weighted routing policy, create two record sets, one for each load balancer, and assign equal weights of 1 to both
