Routing Policies
- Simple: single value, no health check
- Weighted: distribute traffic by weight (0–255)
- Latency: route to lowest-latency region
- Failover: primary/secondary with health checks
- Geolocation: route by continent/country/state
- Geoproximity: route by geographic distance with bias
- Multivalue answer: up to 8 healthy records (not a load balancer substitute)
Health Checks
- Endpoint: HTTP/HTTPS/TCP to IP or domain (10 or 30 sec interval)
- Calculated: combine child health checks (AND/OR logic)
- CloudWatch alarm: monitor metrics-based health
- Threshold: configurable failure count (default 3/10 checkers)
Hybrid DNS (Resolver)
- Inbound endpoint: on-prem resolves AWS private zones → ENIs in VPC
- Outbound endpoint: AWS resolves on-prem domains → forwards to on-prem DNS
- Forwarding rules: conditional forwarding by domain name
- Share rules via RAM across accounts in Organization
DNSSEC
- Signing: Route 53 signs hosted zone with KSK + ZSK
- Chain of trust: DS record in parent zone validates child
- Key management: CMK in KMS for KSK, Route 53 manages ZSK
- Enable per hosted zone — cannot partial-enable
Practice Route 53 Questions
Put your knowledge to the test with practice questions.