AWS Route 53: DNS Management, Routing Policies and Health Checks (2026)
Route 53 is AWS's highly available, scalable DNS service. Beyond basic DNS, it offers sophisticated traffic routing policies — latency-based, failover, geolocation, and weighted — combined with health checks to build resilient multi-region architectures without changing application code.
Table of Contents
1. Hosted Zones
A hosted zone is a container for DNS records for a domain. Every hosted zone costs $0.50/month. Create one:
aws route53 create-hosted-zone \
--name example.com \
--caller-reference $(date +%s) \
--hosted-zone-config Comment="Production zone"After creation, update your domain registrar's nameservers to the 4 NS records Route 53 provides. Propagation takes 24–48 hours.
2. Record Types
| Type | Purpose | Example |
|---|---|---|
| A | Map hostname → IPv4 | app.example.com → 1.2.3.4 |
| AAAA | Map hostname → IPv6 | app.example.com → 2001:db8::1 |
| CNAME | Map hostname → hostname | www → app.example.com |
| MX | Email routing | Priority + mail server |
| TXT | Text (SPF, domain verification) | "v=spf1 include:..." |
| NS | Delegate subdomain | api.example.com → other zone |
| Alias | AWS-specific (like CNAME) | example.com → ALB DNS name |
3. Alias Records
Alias records are Route 53's extension to DNS — they map a hostname to an AWS resource's DNS name, work at the zone apex (example.com itself, not just subdomains), and have no DNS query charge:
aws route53 change-resource-record-sets \
--hosted-zone-id Z1234567890 \
--change-batch '{
"Changes": [{
"Action": "UPSERT",
"ResourceRecordSet": {
"Name": "example.com",
"Type": "A",
"AliasTarget": {
"HostedZoneId": "Z35SXDOTRQ7X7K",
"DNSName": "myapp-alb-123456.us-east-1.elb.amazonaws.com",
"EvaluateTargetHealth": true
}
}
}]
}'EvaluateTargetHealth: true on Alias records pointing to ALBs or ELBs. Route 53 will automatically stop routing to an unhealthy load balancer.4. Routing Policies
Weighted Routing (A/B Testing, Canary)
# 90% → v1, 10% → v2 (weight 0-255, relative proportions)
# Record 1 — v1
aws route53 change-resource-record-sets --hosted-zone-id Z1234 --change-batch '{
"Changes": [{"Action": "UPSERT", "ResourceRecordSet": {
"Name": "api.example.com", "Type": "A", "SetIdentifier": "v1",
"Weight": 90,
"AliasTarget": {"HostedZoneId": "Z35SXDO", "DNSName": "v1-alb.elb.amazonaws.com", "EvaluateTargetHealth": true}
}}]
}'Latency Routing (Multi-Region)
# Route users to the lowest-latency region automatically
aws route53 change-resource-record-sets --hosted-zone-id Z1234 --change-batch '{
"Changes": [{"Action": "UPSERT", "ResourceRecordSet": {
"Name": "api.example.com", "Type": "A", "SetIdentifier": "us-east-1",
"Region": "us-east-1",
"AliasTarget": {"HostedZoneId": "Z35SXDO", "DNSName": "us-east-alb.elb.amazonaws.com", "EvaluateTargetHealth": true}
}}]
}'Failover Routing
# Primary + Secondary failover pair
# Primary record
"Failover": "PRIMARY",
"HealthCheckId": "health-check-id-primary"
# Secondary (failover) record
"Failover": "SECONDARY"5. Health Checks
aws route53 create-health-check \
--caller-reference $(date +%s) \
--health-check-config '{
"Type": "HTTPS",
"FullyQualifiedDomainName": "api.example.com",
"Port": 443,
"ResourcePath": "/health",
"RequestInterval": 30,
"FailureThreshold": 3,
"EnableSNI": true
}'Health check types: Endpoint (HTTP/HTTPS/TCP probe), Calculated (AND/OR of other health checks), CloudWatch Alarm (healthy when alarm is OK). Use calculated health checks to combine multiple signals before triggering failover.
6. Private Hosted Zones
Private hosted zones resolve only within specified VPCs — perfect for internal service discovery:
aws route53 create-hosted-zone \
--name internal.example.com \
--caller-reference $(date +%s) \
--hosted-zone-config PrivateZone=true \
--vpc VPCRegion=us-east-1,VPCId=vpc-0abc12347. Route 53 Resolver
Route 53 Resolver enables DNS resolution between AWS VPCs and on-premises networks. Use resolver endpoints:
- Inbound endpoint: On-premises DNS can resolve AWS Route 53 private zones
- Outbound endpoint: AWS resources can resolve on-premises DNS domains
- Resolver rules: Forward specific domains to specific DNS servers
Frequently Asked Questions
Can I use Route 53 as my domain registrar?
Yes — Route 53 supports domain registration for hundreds of TLDs. Registered domains automatically create a hosted zone. The advantage is that nameserver updates propagate instantly (no external registrar delays).
What is the TTL I should use for my records?
During stable operation: 300–3600 seconds for A/CNAME records. Before planned changes (migrations, failovers): lower TTL to 60 seconds 24–48 hours in advance so changes propagate quickly. After the change, raise TTL back to reduce DNS query costs.
What is the difference between geolocation and geoproximity routing?
Geolocation routes based on the user's country/continent — precise but binary (user is or isn't in a region). Geoproximity (Traffic Flow feature) routes based on geographic distance and can be biased — useful for gradually shifting traffic between regions.
How fast does Route 53 detect health check failures?
With 30-second interval and failure threshold 3, Route 53 detects failure and begins routing changes in ~90 seconds. Use 10-second interval (extra cost) with threshold 2 for ~20-second detection. DNS TTL propagation adds additional time.