Skip to content
Gallery
7. DNS, Caching and Performance Optimization
Share
Explore
Amazon Route 53

icon picker
Misc

Last edited 52 days ago by Kirtan Chavda

Route 53 Traffic Flow

Provides Global Traffic Management (GTM) services.
Traffic flow policies enable creating routing configurations for resources using routing types like failover and geolocation.
Policies route traffic based on constraints such as latency, endpoint health, load, geo-proximity, and geography.
Scenarios include adding a simple backup page in Amazon S3 or building sophisticated routing policies considering geographic location, AWS region proximity, and endpoint health.
Versioning feature maintains a history of changes to routing policies, allowing easy rollback to previous versions.

Route 53 Resolver

Amazon Route 53 Resolver responds recursively to DNS queries from AWS resources for public records, Amazon VPC-specific DNS names, and Amazon Route 53 private hosted zones, and is available by default in all VPCs.
An Amazon VPC connects to a Route 53 Resolver at a VPC+2 IP address. This VPC+2 address connects to a Route 53 Resolver within an Availability Zone.
A Route 53 Resolver automatically answers DNS queries for:
Local VPC domain names for EC2 instances (for example, ec2-192-0-2-44.compute-1.amazonaws.com).
Records in private hosted zones (for example, acme.example.com).
For public domain names, Route 53 Resolver performs recursive lookups against public name servers on the internet.
If you have workloads that leverage both VPCs and on-premises resources, you also need to resolve DNS records hosted on-premises. Similarly, these on-premises resources may need to resolve names hosted on AWS. Through Resolver endpoints and conditional forwarding rules, you can resolve DNS queries between your on-premises resources and VPCs to create a hybrid cloud setup over VPN or Direct Connect (DX). Specifically:
Inbound Resolver endpoints allow DNS queries to your VPC from your on-premises network or another VPC.
Outbound Resolver endpoints allow DNS queries from your VPC to your on-premises network or another VPC.
Resolver rules enable you to create one forwarding rule for each domain name and specify the name of the domain for which you want to forward DNS queries from your VPC to an on-premises DNS resolver and from your on-premises to your VPC. Rules are applied directly to your VPC and can be shared across multiple accounts.

Use case
Enables bi-directional querying between on-premises and AWS over private connections.
Used for DNS resolution in hybrid clouds.
image.png
image.png

Conditional Forwarding Rules

Enable outbound DNS queries.
Domains hosted within on-premises DNS infrastructure configured as forwarding rules in Route 53 Resolver.
Forward DNS requests to configured DNS servers when queries made to those domains.
Requires private connection over DX or VPN.

Resolution of Microsoft Active Directory Domain Controller DNS Zones and AWS Records

Define an outbound Route 53 Resolver. Set a conditional forwarding rule for Active Directory domain to Active Directory servers. Configure VPC DHCP options set to use AmazonProvidedDNS servers.
Configure DHCP options set associated with VPC to assign IP addresses of Domain Controllers as DNS servers. Update DNS service on Active Directory servers to forward non-authoritative queries to VPC Resolver.

Charges

Pay per hosted zone per month (no partial months).
Hosted zone deleted within 12 hours of creation not charged (queries are charged).
Additional charges for queries, Traffic Flow, Health Checks, Route 53 Resolver ENIs + queries, domain names.
Alias records free when mapped to Elastic Load Balancers, Amazon CloudFront distributions, AWS Elastic Beanstalk environments, or Amazon S3 buckets as website endpoints.
Health checks charged with different prices for AWS vs non-AWS endpoints.
No charge for adding records to hosted zones.
Latency-based routing queries more expensive. Geo DNS and geo-proximity also have higher prices.


Want to print your doc?
This is not the way.
Try clicking the ⋯ next to your doc name or using a keyboard shortcut (
CtrlP
) instead.