Amazon Route 53: What It Is and When to Use It

Definition

Amazon Route 53 is AWS's highly available and scalable Domain Name System (DNS) web service. It performs three core functions: domain registration, DNS routing (resolving names like awsglossary.org to IP addresses), and health checking (probing endpoints to reroute traffic away from unhealthy ones). Route 53 is one of the few AWS services to offer a 100% uptime SLA for the control plane — a reflection of how critical DNS is to almost every application.

How It Works

You configure Route 53 around three primitives:

• Hosted zone — a container for DNS records for a given domain (public or private, VPC-scoped).
• Records — standard DNS record types (A, AAAA, CNAME, MX, TXT, SRV, NS, SOA, etc.) plus Route 53's proprietary Alias record that maps a name to an AWS resource (ELB, CloudFront, S3 static site, API Gateway, another record in the same zone) without charging for queries.
• Health checks — scheduled probes to an endpoint, a CloudWatch alarm, or a composite of other health checks. Records with associated health checks can be automatically removed from responses when the endpoint becomes unhealthy.

Route 53 also provides:

• Traffic Flow — a visual editor for building decision trees over routing policies (useful for global applications).
• Route 53 Resolver — recursive DNS inside your VPC, with inbound and outbound endpoints for hybrid DNS between AWS and on-prem.
• Resolver DNS Firewall — filter outbound DNS traffic against managed domain lists (malware, botnets) and custom rules.
• Route 53 Profiles — share DNS configurations across many VPCs and accounts.
• Route 53 Application Recovery Controller (ARC) — programmatic failover controls for recovery-readiness.
• Domain registration for 250+ TLDs, with automatic setup of hosted zones.

Routing Policies

This is Route 53's killer feature. When you create a record, you choose one of the following routing policies:

• Simple — one answer, no fancy logic.
• Weighted — split traffic across multiple records by weight (e.g., 80/20 A/B test).
• Latency-based — respond with the AWS Region that has the lowest latency to the user.
• Failover (active-passive) — return the primary endpoint while healthy, fall back to secondary when the primary's health check fails.
• Geolocation — route by the user's continent, country, or US state.
• Geoproximity — route based on geographic distance with a configurable bias to expand or shrink a Region's "pull" (requires Traffic Flow).
• Multivalue Answer — return up to 8 healthy records to the client for rudimentary DNS-level round-robin.
• IP-based — route based on the user's source IP / CIDR (useful for partner routing or large corporate networks).

Policies can be combined (e.g., latency-based → failover → multivalue) via Traffic Flow.

Key Features and Limits

• 100% availability SLA for authoritative DNS.
• Alias records — zero-charge queries when they resolve to an AWS resource; work at the zone apex (unlike CNAMEs).
• Health checks: TCP, HTTP/HTTPS, string matching, CloudWatch alarm, calculated across multiple checks. Global by default (checked from multiple AWS Regions).
• DNSSEC signing — sign your zones to protect against DNS spoofing.
• Query logging to CloudWatch Logs for analysis.
• Private hosted zones — DNS scoped to one or more VPCs, so internal names never leak publicly.
• Hybrid DNS via Resolver inbound and outbound endpoints.
• Domain transfer — move registrations into or out of Route 53.
• Limits: 500 hosted zones per account (raisable), 10,000 records per hosted zone (raisable), 200 health checks per account by default.

Common Use Cases

1. Apex/root domain pointing to CloudFront or S3 — Alias records let example.com (no www) point directly to a CloudFront distribution or S3 static website.
2. Global multi-Region applications — latency-based routing into regional deployments behind ALBs, with failover to a DR Region via health checks.
3. Canary and A/B rollouts — Weighted routing shifts a small percentage of traffic to a new version, ramping up as confidence grows.
4. Blue/green deployments — Weighted or Failover routing swaps the active environment by flipping a single record.
5. Geo-restricted applications — Geolocation routing serves regional content (or blocks traffic from regions you don't operate in).
6. Hybrid cloud DNS — Resolver endpoints forward queries between on-premises DNS and AWS VPCs.
7. DDoS mitigation — Route 53's anycast DNS network absorbs volumetric attacks; combine with Shield / WAF.

Pricing Model

• Hosted zones: ~$0.50/month per zone (first 25 zones slightly cheaper).
• Standard queries: per million queries, with lower rates after the first billion per month.
• Latency, Geolocation, Geoproximity, IP-based queries: priced slightly higher than standard queries.
• Alias queries to AWS resources: free.
• Health checks: per check per month (AWS endpoints and basic HTTP checks are cheaper; string-matching, HTTPS, and CloudWatch-backed checks cost more).
• Traffic Flow policy records: extra per policy record.
• Domain registration: per TLD per year (published on the Route 53 pricing page).
• Resolver endpoints: per ENI per hour, plus per-query fees for Resolver DNS Firewall.

Pros and Cons

Pros

• 100% availability SLA — the gold standard for DNS.
• Rich routing policies that other public DNS providers can't match in one product.
• Alias records eliminate query charges when pointing at AWS resources.
• Deep integrations with CloudFront, S3, ELB, API Gateway, CloudWatch alarms, Shield, and WAF.

Cons

• More expensive than some budget DNS providers for small personal sites.
• Complex policies (weighted + failover + geo) require careful design and testing to avoid surprising behavior at the edge.
• Some advanced features (DNSSEC, query logging) are chargeable extras.

Comparison with Alternatives

| | Route 53 | Cloudflare DNS | Google Cloud DNS | AWS Global Accelerator | | --- | --- | --- | --- | --- | | Layer | DNS (Layer 7 resolution) | DNS | DNS | Anycast network (Layer 4) | | Routing richness | 8 policies + Traffic Flow | Good, but less granular | Good | Not DNS — anycast IPs | | Health checks | Yes | Yes (paid tiers) | Yes | Built-in | | Alias to AWS services | Yes (free queries) | No | No | N/A | | Best for | AWS-centric global routing | CDN + DNS bundle | GCP-centric workloads | Non-HTTP workloads needing static IPs |

Global Accelerator is sometimes confused with Route 53. Route 53 is DNS-level routing (clients resolve names to different IPs per policy); Global Accelerator provides two static anycast IPs that route TCP/UDP traffic through the AWS backbone to the closest healthy Region in real time — useful for non-HTTP protocols and faster failover than DNS TTL allows.

Exam Relevance

• Solutions Architect Associate (SAA-C03) — heavy coverage of routing policies, when to use each, Alias vs CNAME at zone apex, health checks, private hosted zones, DNSSEC.
• SysOps Administrator (SOA-C02) — troubleshooting DNS propagation, TTL choices, monitoring query volume via CloudWatch.
• Advanced Networking Specialty (ANS-C01) — Route 53 Resolver endpoints, hybrid DNS architectures, DNS firewall, integration with Transit Gateway.

Classic exam trap: CNAMEs cannot live at the zone apex (e.g., example.com). For apex → AWS resource, you need an Alias record, which is a Route 53-specific record type invisible to the DNS protocol.

Frequently Asked Questions

Q: What is the difference between an Alias record and a CNAME?

A: A CNAME is a standard DNS record that maps one name to another, but the DNS protocol forbids a CNAME at the zone apex (the bare domain). An Alias is a Route 53-specific record that maps a name — including the zone apex — directly to an AWS resource (CloudFront distribution, ELB, S3 website bucket, another Route 53 record, API Gateway). Alias queries to AWS resources are free, whereas CNAME queries are charged per million.

Q: When should I use Latency-based vs Geolocation routing?

A: Use Latency-based routing when you want users to get the fastest response — Route 53 measures network latency between the user and each AWS Region and answers with the lowest-latency Region's endpoint. Use Geolocation when you need to serve different content based on where users physically are (for regulatory, compliance, or localization reasons) regardless of network latency — for example, blocking traffic from specific countries or returning a country-specific site.

Q: How does Route 53 failover routing work?

A: You create two records with the same name — one marked Primary and one Secondary — and attach a health check to the primary. When the health check reports the primary endpoint as healthy, Route 53 returns the primary IP; when it reports failure, Route 53 returns the secondary. DNS clients cache responses for the record's TTL, so the effective failover time is approximately the TTL plus a few health-check intervals. For sub-second failover on non-HTTP traffic, use Global Accelerator or Application Recovery Controller instead.

---

This article reflects AWS features and pricing as of 2026. AWS services evolve rapidly — always verify against the official Amazon Route 53 documentation before making production decisions.