DNS Basics: What Happens When You Type a URL?
When you type a URL like www.example.com into your browser, here’s a simplified journey:
- The browser checks local cache for the IP address.
- If not found, it asks your operating system, which might ask your home router.
- If still unresolved, a DNS query goes out to a recursive resolver (usually run by your ISP).
- This resolver checks:
- The root name server to find the appropriate TLD name server (e.g.,
.com). - The TLD name server to find the authoritative name server (e.g., Route 53).
- The authoritative name server returns the IP for the domain.
- The root name server to find the appropriate TLD name server (e.g.,
- The browser then sends a request to the resolved IP address using the appropriate protocol (usually HTTP or HTTPS), and your site loads.
Common DNS Terms Explained Simply
- Domain Name: A human-readable address (e.g.,
amazon.com). - TLD (Top-Level Domain): The last part of the domain (
.com,.org). - SLD (Second-Level Domain): The main domain name (
amazoninamazon.com). - FQDN (Fully Qualified Domain Name): The complete domain, including subdomains (
www.example.com.). - Zone File: A file that contains mappings between domain names and IP addresses (DNS records).
- DNS Records: Instructions that tell DNS how to resolve domain names.
- Name Server: A server that holds and serves your DNS records.
- URL: The full web address (
https://www.example.com/home), which includes the protocol and path.
What Is Route 53?
Amazon Route 53 is a highly available and scalable cloud DNS web service that does three main things:
- Domain registration: You can register new domains or manage existing ones.
- DNS service: It translates names to IP addresses.
- Health checking & traffic routing: It checks the health of your resources and routes traffic based on rules and policies.
Registering a Domain with Route 53
You can register a new domain directly in the AWS Management Console under Route 53. AWS acts as the domain registrar and manages the domain’s records.
Steps:
- Go to Route 53 > Domain Registration
- Search for an available domain
- Register and pay (annual fee)
- Route 53 automatically creates a hosted zone for managing DNS records
Hosted Zones and Records
A hosted zone in Route 53 is a container for DNS records for a specific domain. It’s where you manage how domain names are resolved to IP addresses or other resources.
There are two types of hosted zones in Route 53: public and private.
Public Hosted Zones
Public hosted zones are used for domains that are accessible over the internet. When someone types your domain into a browser from anywhere in the world, the DNS query is answered using the records in your public hosted zone.
Use case examples:
- Hosting a website (e.g.,
www.example.com) - Directing users to a public-facing API or app
- Routing global traffic to services on AWS or elsewhere
Key characteristics:
- Answers DNS queries from the internet
- Must be linked to a domain registered with Route 53 or another registrar
- Often used with services like CloudFront, S3 static sites, EC2, ELB
Private Hosted Zones
Private hosted zones are used inside one or more Amazon VPCs. They are only accessible within your VPC’s internal DNS, making them ideal for internal applications and microservices that don’t need to be exposed to the internet.
Use case examples:
- Internal microservices like
orders.internal.example.com - DNS resolution within private subnets
- Hybrid cloud environments where internal services need DNS names
Key characteristics:
- Only resolvable from within associated VPCs
- Useful for isolating internal infrastructure
- Often used with internal ELBs, RDS, and ECS/EKS services
| Feature | Public Hosted Zone | Private Hosted Zone |
|---|---|---|
| Scope | Internet-wide | VPC-internal only |
| Accessible from | Anywhere | Within VPC(s) only |
| Typical use case | Websites, public APIs | Internal apps, microservices |
| Requires VPC association | No | Yes |
| Can be queried by | Any DNS client | EC2 instances or services inside VPC |
| Example domain | www.myapp.com |
db.internal.myapp.com |
TTL: How Long DNS Results Are Cached
Time to Live (TTL) defines how long DNS resolvers should cache your record before checking again. A low TTL means faster updates but more DNS traffic. A high TTL is better for stability and performance.
Creating an A Record in Route 53
Once your domain is registered and a hosted zone exists, you use DNS records to tell the internet where traffic should go. One of the most common records is the A record.
What is an A record?
An A record (short for “Address” record) maps a domain name to an IPv4 address. It tells DNS: “When someone tries to visit www.example.com, send them to IP address 203.0.113.42.” This is the most basic and essential DNS record when pointing a domain to a web server, like an EC2 instance. You use an A record:
- To point your domain (or subdomain) to an EC2 instance with a public IPv4 address
- To connect a static website hosted on an Amazon S3 bucket (if using an IP-based endpoint, though often you’d use an Alias record for S3)
- To direct traffic to any IPv4 address — inside or outside AWS
How to create an A record
- Go to Route 53 in the AWS console
- Open the Hosted Zones section and choose your domain
- Click Create Record
- Choose:
- Record Name (e.g., leave blank for the root domain
example.com, or usewwwforwww.example.com) - Record Type: Select A – IPv4 address
- Value: Enter the IP address (e.g.,
198.51.100.22) - Optionally configure TTL (how long clients should cache the response)
- Record Name (e.g., leave blank for the root domain
- Click Create records
After a few minutes (depending on TTL), DNS clients will start resolving the domain to the IP you specified.
Notes
- A records only support IPv4 addresses. Use AAAA records for IPv6.
- You must have a valid and routable IP address — ideally a public IP from an EC2 instance or load balancer.
- IP addresses can change if you’re not using Elastic IPs or load balancer DNS names, so using A records for dynamic environments can cause issues.
- For AWS resources like ALBs or S3, Alias records are often a better fit because they follow the AWS-managed DNS names that don’t change.
A vs Alias: Quick Comparison
| Feature | A Record | Alias Record |
|---|---|---|
| Points to | IP address | AWS resource DNS name |
| Supports root domain (zone apex)? | No | Yes |
| Charges DNS query fees? | Yes | No |
| Automatically updates if IP changes? | No | Yes (for AWS resources) |
| Use with external resources? | Yes | No |
CNAME vs Alias
- CNAME: Points one domain to another (e.g.,
blog.example.com→example.medium.com). Cannot be used for root domains. - Alias (Route 53-specific): Works like CNAME but can be used at the root domain (e.g.,
example.com) and supports AWS resources like CloudFront, ELB, and S3.
| Feature | CNAME | Alias |
|---|---|---|
| Root domain support | ❌ | ✅ |
| DNS standard | Yes | AWS-specific |
| Supports AWS targets | No | Yes |
| DNS query costs | Yes | Free for AWS targets |
Routing Policies in Route 53
Routing policies determine how Route 53 responds to DNS queries. Each policy lets you configure how traffic is distributed based on different rules.
Simple Routing
- Returns a single record with no routing logic.
- Best for basic sites with a single resource.
- Does not support health checks.
Weighted Routing
- Split traffic across multiple endpoints using weights.
- Use case: A/B testing or blue/green deployments.
Latency-Based Routing
- Route to the region with the lowest latency to the user.
- Use case: Improve performance by sending users to the nearest AWS region.
Failover Routing
- Route to a primary resource unless it fails, then switch to secondary.
- Requires health checks to monitor availability.
- Use case: High availability setups.
Geolocation Routing
- Route based on the user’s location (e.g., users in Europe → European endpoint).
- Use case: Serve content in different languages or comply with data residency.
Geoproximity Routing (with Traffic Flow)
- Route based on geographic location and bias values.
- More precise than Geolocation, but requires Route 53 Traffic Flow (advanced feature).
- Use case: Tailored experiences with fine-tuned traffic control.
IP-Based Routing (Traffic Flow)
- Route based on user’s IP address range.
- Often used in enterprise or regulated environments.
Multivalue Answer Routing
- Return multiple records (up to 8), with optional health checks.
- Similar to Round Robin DNS but with basic availability checks.
Health Checks in Route 53
Health checks monitor the status of endpoints (e.g., web servers) via HTTP, HTTPS, or TCP.
- You can associate health checks with records to enable failover routing.
- Health checks can trigger CloudWatch Alarms for automation.
- They monitor endpoints even outside AWS (on-premises or 3rd-party hosting).
- To monitor status of private resource, you need to link the health check to a CloudWatch alarm (and not the resource itself)
Using Route 53 with Third-Party Domains
If your domain is registered elsewhere (e.g., GoDaddy), you can still use Route 53 for DNS:
- Create a public hosted zone in Route 53.
- Copy the name server (NS) records from Route 53.
- Update your registrar’s settings to point to those Route 53 name servers.
This lets Route 53 handle DNS resolution even if AWS didn’t register the domain.
Best Practices
- Use Alias records for AWS services to avoid unnecessary charges.
- Set sensible TTL values: Low for dynamic services, high for stable endpoints.
- Always use health checks in failover and multivalue setups.
- Use Elastic IPs for EC2 to avoid DNS updates when instance IPs change.
Gotchas
- CNAMEs can’t be used at the zone apex (root domain) — use Alias instead.
- Latency routing doesn’t guarantee lowest ping, just lowest AWS region latency.
- Failover won’t work without proper health checks configured and associated with records.
- If you don’t update the registrar’s NS records correctly, Route 53 won’t resolve your domain.