AWS Services
Amazon Route 53
Understand Route 53 as AWS DNS and routing control, including hosted zones, records, alias records, routing policies, health checks, and failover.
After this, you will understand
Route 53 turns DNS from a vague internet detail into an architecture control for entry points, failover, latency, and domain ownership.
Route 53 manages DNS records and can route users to AWS or non-AWS endpoints using policies and health checks.
Learners think Route 53 sends every request like a load balancer, instead of returning DNS answers that clients then use.
Use Route 53 to map names to entry points, choose routing policy by requirement, and pair health checks with failover when DNS should avoid unhealthy endpoints.
Think before readingWhy is Route 53 not a replacement for an Application Load Balancer?
Reading in progress
This page is saved in your local study history so you can continue later.
Study path
Read these in order
Start with the mechanics, then move into the patterns that explain why the system is shaped this way.
Concepts Covered
- DNS
- Public and private hosted zones
- Records
- Alias records
- Routing policies
- Health checks
- DNS failover
- Latency and geolocation routing
- Weighted routing
- SAA-C03 DNS traps
1. Plain-English Mental Model
Amazon Route 53 is AWS's DNS and domain routing service.
DNS turns names into answers. A user asks for app.example.com, and DNS returns information such as an IP address or an alias to an AWS resource. Route 53 is where you host the DNS zone, create records, and choose how DNS answers should be returned.
The simple model is:
domain name -> Route 53 hosted zone -> DNS record -> application entry point
Route 53 can point users to CloudFront distributions, Elastic Load Balancers, API Gateway endpoints, S3 website endpoints, EC2 instances, or non-AWS infrastructure. It can also evaluate health checks and choose answers based on routing policies.
But Route 53 is not a request router in the same way a load balancer is. It answers DNS queries. After the client receives an answer, the client connects to that target.
2. Why This Service Exists
Applications need stable names.
Users do not want to remember a load balancer DNS name. Engineers do not want to change mobile apps, browser bookmarks, and external integrations every time infrastructure changes. DNS gives systems a stable name above changing infrastructure.
Route 53 exists to provide DNS hosting, domain registration, health-check-aware routing, and routing policies integrated with AWS.
For SAA-C03, Route 53 appears when a question mentions custom domains, failover between endpoints, routing users to lower-latency Regions, weighted deployments, active-passive disaster recovery, private DNS inside a VPC, or aliasing to AWS resources.
The exam trick is often choosing the right routing policy:
- simple for one answer
- weighted for traffic splitting
- latency-based for low-latency regional routing
- failover for active-passive health-based routing
- geolocation for user-location rules
- multivalue answer for multiple healthy records
3. The Naive Approach And Where It Breaks
The naive design hardcodes infrastructure endpoints:
users -> random load balancer DNS name
partners -> fixed EC2 public IP
internal apps -> copied database hostname
This breaks when infrastructure changes. If a load balancer is replaced, clients need a new target. If a single EC2 instance fails, DNS still points to the broken host. If a disaster recovery Region comes online, clients do not automatically know where to go.
Another naive design uses Route 53 as if it were a perfect instant failover service. DNS answers are cached by clients and resolvers according to TTL. Failover can be fast enough for many use cases, but it is not the same as per-request load balancing.
Route 53 belongs at the naming and DNS routing layer. It should usually point to resilient entry points such as CloudFront, ALB, NLB, API Gateway, or regional endpoints.
4. Core Primitives
A hosted zone is a container for DNS records for a domain. Public hosted zones answer DNS queries from the internet. Private hosted zones answer DNS queries inside associated VPCs.
A record maps a DNS name to a value. Common record types include A, AAAA, CNAME, MX, TXT, and others.
An alias record is a Route 53 feature that lets you point DNS names to supported AWS resources, such as load balancers or CloudFront distributions. Alias records can exist at the zone apex, such as example.com, where CNAME records are not normally allowed.
Routing policies decide how Route 53 responds when multiple records exist for the same name and type.
Health checks monitor endpoints or CloudWatch alarms and can be connected to records for failover or health-aware routing.
TTL controls how long resolvers cache answers. Lower TTL can help change answers faster but increases DNS query volume.
5. Architecture Use Cases
Use Route 53 for public application domains:
app.example.com -> ALB alias record
www.example.com -> CloudFront alias record
Use private hosted zones for internal service names inside VPCs:
db.internal.example.com -> internal endpoint
Use weighted routing for blue-green deployments or gradual traffic shifting:
90 percent -> old endpoint
10 percent -> new endpoint
Use failover routing for active-passive disaster recovery. The primary record is returned while healthy. The secondary record is returned when the primary health check fails.
Use latency-based routing when users should be sent to the Region that gives lower latency among multiple deployed Regions.
7. Security Model
DNS security starts with domain ownership and change control. A malicious DNS change can redirect users even if the application itself is secure.
Restrict who can modify hosted zones and records. Use IAM permissions, change review, and infrastructure as code for production DNS.
Use private hosted zones when names should be resolvable only inside VPCs.
For public TLS, Route 53 usually works with ACM and the target service. DNS validation records can prove domain ownership for certificates.
Route 53 Resolver rules and endpoints can connect VPC DNS with on-premises DNS. Treat this as network infrastructure, not just a convenience setting.
DNSSEC may be relevant for some public domain integrity requirements, but it is not the default answer for every Route 53 exam question.
8. Reliability And Resilience
Route 53 is designed as a highly available DNS service, but your architecture still depends on the targets it returns.
Health checks can remove unhealthy records from DNS answers or switch failover records. For AWS alias targets like load balancers, Route 53 can evaluate target health in certain configurations.
TTL affects failover behavior. If a resolver caches an old answer, clients may continue using it until the cache expires. This is why DNS failover is useful but not always instantaneous.
Use Route 53 with resilient targets. A DNS record pointing to one unhealthy EC2 instance is still weak.
For multi-Region apps, combine Route 53 policies with regional application stacks, data replication, and tested failover procedures.
9. Performance And Scaling
Route 53 itself is not usually the performance bottleneck for application traffic because it is not in the request data path after DNS resolution.
Performance choices come from routing policies. Latency-based routing can direct users to lower-latency Regions. Geolocation routing can satisfy regional business rules. Weighted routing can shift traffic gradually.
CloudFront and Global Accelerator solve different performance problems. CloudFront caches content at edge locations. Global Accelerator provides static anycast IPs and routes over the AWS global network. Route 53 answers DNS queries.
Set TTL deliberately. Very low TTLs can increase DNS query traffic and cost. Very high TTLs can slow failover or deployment changes.
10. Cost Model
Route 53 cost includes hosted zones, DNS queries, health checks, domain registration, Resolver endpoints, and certain routing features.
Alias queries to some AWS resources can have favorable pricing behavior compared with normal DNS queries, but always check current pricing for the architecture.
Health checks cost money. Do not create health checks for every tiny internal detail unless the routing decision actually needs them.
Lower TTL can increase DNS query count, especially at scale.
Route 53 is usually inexpensive compared with compute and data transfer, but DNS is mission critical. The cost question is rarely "use DNS or not." It is "which policy, which health checks, and which target?"
12. SAA-C03 Exam Signals
"Custom domain for ALB or CloudFront" points to Route 53 alias records.
"Root domain should point to an AWS resource" often points to an alias A or AAAA record.
"Active-passive failover" points to failover routing plus health checks.
"Gradually shift traffic" points to weighted routing.
"Route users to the lowest-latency Region" points to latency-based routing.
"Internal DNS only in a VPC" points to private hosted zones.
"DNS answer should include multiple healthy values" may point to multivalue answer routing.
13. Common Exam Traps
Do not confuse Route 53 with a load balancer. Route 53 answers DNS queries; load balancers handle traffic.
Do not use CNAME at the zone apex when an alias record is the AWS-friendly answer.
Do not expect DNS failover to ignore TTL caching.
Do not use geolocation routing when the requirement is lowest latency. Use latency-based routing.
Do not use weighted routing when the requirement is health-based active-passive failover.
Do not forget that private hosted zones require VPC association.
15. Related Topics
Review Public Web App On AWS, Amazon CloudFront, and Application Load Balancer vs Network Load Balancer vs Gateway Load Balancer.
Official AWS references:
What to study next
These links keep the session moving: read prerequisites first, then open the systems, concepts, and patterns that deepen this page.
Prerequisites
Read these first if the mechanics feel unfamiliar.
More Links
Additional references connected to this page.