56. Route 53 – Domain Name Server (DNS)

In AWS, Route53 is DNS (Domain Name System) & DNS is a collection of rules and records which helps clients to understand how to reach a server through URLs. DNS operates on port 53. Amazon decided to call it route 53 so that’s where the name comes from. It’s a global service.

Amazon Route 53 is a highly available and scalable cloud Domain Name System (DNS) web service. It is designed to give developers and businesses an extremely reliable and cost-effective way to route end users to Internet applications by translating names like www.example.com into the numeric IP addresses like 192.0.2.1 that computers use to connect to each other.

We can refer DNS to a telephone directory. Name == Contact Number, similarly domain name == IP address (internet protocol)
DNS is used to convert domain name (https://www.google.com/) into IP  address (82.124.53.1). IP addresses are used by computers to identify each other in the network. We have two forms of IP addresses (IPv4 and IPv6).

IPv4 Addresses are running out. The IPv4 space is a 32 bit field and has over 4 billion different addresses. IPv6 was created to solve this depletion issue and has an address space of 128 bits (340 undecillion addresses)

Top Level Domains: If we look at common domain names like google.com, bbc.co.uk etc, we notice a string of characters separated by dots (periods). The last word in the domain name represents ‘Top Level’ domain. The second last word in the domain name represents ‘Second Level’ domain name (this is optional and depends on domain name).
Ex: .com, .edu, .gov,  == Top level domain names
.co.uk, gov.uk, .com.au == .uk and .au are top level domain names and .co, .gov and .com are second level domain names.
The top level domain names are controlled by IANA (Internet Assigned Numbers Authority) in a root zone DB which is essentially a DB of all available top level domains.

Domain Registrars: To maintain the uniqueness of domain name we go with ‘Domain Registrars’. A registrar is an authority that can assign domain names directly under one or more top-level domains. These domains are registered with InterNIC, a service of ICANN, which enforces uniqueness of domain names across the internet. Each domain name get registered in a central DB known as WhoIS database. The most popular domain registrars are: Amazon, GoDaddy.com, 123-reg.co.uk, ..etc.

Start of Authority Record (SOA):
The SOA record stores information about:
i) The name of the server that supplied the data for the zone.
ii) The administrator of the zone.
iii) The current version of the data file
iv) The default number of seconds for the time-to-live file on resource records.

Name Server Record (NS): They are used by top level domain servers to direct traffic to the Content DNS server which contains the authoritative DNS records.

User enters google.com (domain name) into their browser. Browser doesnt know the IP address for that domain >> domain name goes to the top level domain server and it queries the authoritative DNS record saying I have got this domain name google.com and I need the IP address for it. The top level domain doesnt contain the IP address. Its going to contain something similar to this 172800 IN NS ns.awsdns.com >> Its then query the NS records and NS records are going to give us start of authority. Inside SOA we are going to have all our DNS records.
User >> Top level domain >> NS records >> SOA

‘A’ record: This is the fundamental type of DNS record. ‘A’ stands for ‘Address’. The A record is used by the computer to translate the domain name to an IP address. Ex: http://www.google.com might have IP address http://123.10.10.80

Time To Live (TTL): The length that a DNS record is cached on either the resolving server of users local machine is equal to the value of TTL in seconds. The lower the TTL, the faster changes to DNS records take to propagate throughout the internet. The default TTL is 48 hours and if we make a DNS change, that DNS change can take 48 hours to propagate throughout the entire internet.

Canonical Name (C Name): Can be used to resolve one domain name to another. For example, we may have a mobile website with domain name like http://m.abc.com which is used by users on mobile devices. You may also want the domain name like http://mobile.abc.com to resolve the same address. Means, instead of having two separate IP addresses, just map one to another.

Alias Records: Used to map resource record sets in your hosted zone to ELB, CloudFront distributions or S3 buckets that re configured as websites. Alias records work like a CNAME record where we map one DNS name (www.example.com) to another target DNS name (elb1234.elb.amazonaws.com). Key difference between Alias records and CNAME is CNAME cant be used for naked domain names (also called as zone apex record). We cannot have a CNAME for http://www.google.com, it must be either an ‘A’ record or an Alias.

Recap:
ELBs do not have pre-defined IPv4 addresses. We need to resolve them using a DNS name.
Understand the difference between Alias record (refer telephone directory where we have person name and telephone number) and CNAME (in telephone directory person name is referred to another person name to get telephone number).
Given the choice, always choose an Alias record over a CNAME.
Common DNS Types: SOA Records, NS Records, A Records, CNAMES, MX Records (use for mail), PTR Records (reverse of A records – looking up a domain name against an IP address)

Question 1:
What DNS records can be used for pointing a zone apex to an Elastic Load
Balancer or CloudFront distribution? (Select two)
A. Alias
B. CNAME
C. MX
D. A
E. Name Server
Answer (A,D)

Question 2:
What services are primarily provided by DNS Route 53? (Select
three)
A. load balancing web servers within a private subnet
B. resolve hostnames and IP addresses
C. load balancing web servers within a public subnet
D. load balancing data replication requests between ECS containers
E. resolve queries and route internet traffic to AWS resources
F. automated health checks to EC2 instances
Answer (B,E,F)

Question 3:
How is Route 53 configured for Warm Standby fault tolerance? (Select two)
A. automated health checks
B. path-based routing
C. failover records
D. Alias records
Answer (A,C)

Question 4:
How is DNS Route 53 configured for Multi-Site fault tolerance? (Select two)
A. IP address
B. weighted records (non-zero)
C. health checks
D. Alias records
E. zero weighted records
Answer (B,C)

Question 5:
How are DNS records managed with Amazon AWS to enable high availability?
A. Auto-Scaling
B. server health checks
C. reverse proxy
D. elastic load balancing
Answer (C)

Question 6:
What is the difference between Warm Standby and Multi-Site fault tolerance?
(Select two)
A. Multi-Site enables lower RTO and most recent RPO
B. Warm Standby enables lower RTO and most recent RPO
C. Multi-Site provides active/active load balancing
D. Multi-Site provides active/standby load balancing
E. DNS Route 53 is not required for Warm Standby
Answer (A,C)

Question 7:
Your application is hosted by a provider on yourapp.provider.com. You would like to have your users access your application using www.your-domain.com, which you own and manage under Route 53.
What Route 53 record should you create?
• Create an A record
• Create a PTR record
• Create an Alias Record
• Create a CNAME record
Answer: D
Explanation
Correct option:
Create a CNAME record
A CNAME record maps DNS queries for the name of the current record, such as acme.example.com, to another domain (example.com or example.net) or subdomain (acme.example.com or zenith.example.org).
CNAME records can be used to map one domain name to another. Although you should keep in mind that the DNS protocol does not allow you to create a CNAME record for the top node of a DNS namespace, also known as the zone apex. For example, if you register the DNS name example.com, the zone apex is example.com. You cannot create a CNAME record for example.com, but you can create CNAME records for www.example.com, newproduct.example.com, and so on.
Incorrect options:
Create an A record – Used to point a domain or subdomain to an IP address. ‘A record’ cannot be used to map one domain name to another.
Create a PTR record – A Pointer (PTR) record resolves an IP address to a fully-qualified domain name (FQDN) as an opposite to what A record does. PTR records are also called Reverse DNS records. ‘PTR record’ cannot be used to map one domain name to another.
Create an Alias Record – Alias records let you route traffic to selected AWS resources, such as CloudFront distributions and Amazon S3 buckets. They also let you route traffic from one record in a hosted zone to another record. 3rd party websites do not qualify for these as we have no control over those. ‘Alias record’ cannot

Question 8:
A startup has created a new web application for users to complete a risk assessment survey for COVID-19 symptoms via a self-administered questionnaire. The startup has purchased the domain covid19survey.com using Route 53. The web development team would like to create a Route 53 record so that all traffic for covid19survey.com is routed to www.covid19survey.com.
As a solutions architect, which of the following is the MOST cost-effective solution that you would recommend to the web development team?
• Create an MX record for covid19survey.com that routes traffic to www.covid19survey.com
• Create a CNAME record for covid19survey.com that routes traffic to www.covid19survey.com
• Create an NS record for covid19survey.com that routes traffic to www.covid19survey.com
• Create an alias record for covid19survey.com that routes traffic to www.covid19survey.com
Answer: D
Explanation
Correct option:
Create an alias record for covid19survey.com that routes traffic to www.covid19survey.com
Alias records provide a Route 53–specific extension to DNS functionality. Alias records let you route traffic to selected AWS resources, such as CloudFront distributions and Amazon S3 buckets.
You can create an alias record at the top node of a DNS namespace, also known as the zone apex, however, you cannot create a CNAME record for the top node of the DNS namespace. So, if you register the DNS name covid19survey.com, the zone apex is covid19survey.com. You can’t create a CNAME record for covid19survey.com, but you can create an alias record for covid19survey.com that routes traffic to www.covid19survey.com.
Exam Alert:
You should also note that Route 53 doesn’t charge for alias queries to AWS resources but Route 53 does charge for CNAME queries. Additionally, an alias record can only redirect queries to selected AWS resources such as S3 buckets, CloudFront distributions, and another record in the same Route 53 hosted zone; however a CNAME record can redirect DNS queries to any DNS record. So, you can create a CNAME record that redirects queries from app.covid19survey.com to app.covid19survey.net.
Incorrect options:
Create a CNAME record for covid19survey.com that routes traffic to www.covid19survey.com – You cannot create a CNAME record for the top node of the DNS namespace, so this option is.
Create an MX record for covid19survey.com that routes traffic to www.covid19survey.com – An MX record specifies the names of your mail servers and, if you have two or more mail servers, the priority order. It cannot be used to create a Route 53 record to route traffic for the top node of the DNS namespace, so this option is.
Create an NS record for covid19survey.com that routes traffic to www.covid19survey.com – An NS record identifies the name servers for the hosted zone. It cannot be used to create a Route 53 record to route traffic for the top node of the DNS namespace, so this option is.

Question 9:
A retail company has connected its on-premises data center to the AWS Cloud via AWS Direct Connect. The company wants to be able to resolve DNS queries for any resources in the on-premises network from the AWS VPC and also resolve any DNS queries for resources in the AWS VPC from the on-premises network.
As a solutions architect, which of the following solutions can be combined to address the given use case? (Select two)
• Create an outbound endpoint on Route 53 Resolver and then DNS resolvers on the on-premises network can forward DNS queries to Route 53 Resolver via this endpoint
• Create an inbound endpoint on Route 53 Resolver and then Route 53 Resolver can conditionally forward queries to resolvers on the on-premises network via this endpoint
• Create an outbound endpoint on Route 53 Resolver and then Route 53 Resolver can conditionally forward queries to resolvers on the on-premises network via this endpoint (Correct)
• Create a universal endpoint on Route 53 Resolver and then Route 53 Resolver can receive and forward queries to resolvers on the on-premises network via this endpoint
• Create an inbound endpoint on Route 53 Resolver and then DNS resolvers on the on-premises network can forward DNS queries to Route 53 Resolver via this endpoint (Correct)
Explanation
Correct options:
Create an inbound endpoint on Route 53 Resolver and then DNS resolvers on the on-premises network can forward DNS queries to Route 53 Resolver via this endpoint
Create an outbound endpoint on Route 53 Resolver and then Route 53 Resolver can conditionally forward queries to resolvers on the on-premises network via this endpoint
Amazon Route 53 is a highly available and scalable cloud Domain Name System (DNS) web service. Amazon Route 53 effectively connects user requests to infrastructure running in AWS – such as Amazon EC2 instances – and can also be used to route users to infrastructure outside of AWS. By default, Route 53 Resolver automatically answers DNS queries for local VPC domain names for EC2 instances. You can integrate DNS resolution between Resolver and DNS resolvers on your on-premises network by configuring forwarding rules.
To resolve any DNS queries for resources in the AWS VPC from the on-premises network, you can create an inbound endpoint on Route 53 Resolver and then DNS resolvers on the on-premises network can forward DNS queries to Route 53 Resolver via this endpoint.
To resolve DNS queries for any resources in the on-premises network from the AWS VPC, you can create an outbound endpoint on Route 53 Resolver and then Route 53 Resolver can conditionally forward queries to resolvers on the on-premises network via this endpoint. To conditionally forward queries, you need to create Resolver rules that specify the domain names for the DNS queries that you want to forward (such as example.com) and the IP addresses of the DNS resolvers on the on-premises network that you want to forward the queries to.
Incorrect options:
Create an outbound endpoint on Route 53 Resolver and then DNS resolvers on the on-premises network can forward DNS queries to Route 53 Resolver via this endpoint – DNS resolvers on the on-premises network can forward DNS queries to Route 53 Resolver via an inbound endpoint. Hence, this option is incorrect.
Create an inbound endpoint on Route 53 Resolver and then Route 53 Resolver can conditionally forward queries to resolvers on the on-premises network via this endpoint – Route 53 Resolver can conditionally forward queries to resolvers on the on-premises network via an outbound endpoint. Hence, this option is incorrect.
Create a universal endpoint on Route 53 Resolver and then Route 53 Resolver can receive and forward queries to resolvers on the on-premises network via this endpoint – There is no such thing as a universal endpoint on Route 53 Resolver. This option has been added as a distractor.