Exam Essentials – Hybrid and Multi-account DNS – ANS-C01 Study Guide

Exam Essentials

Know the Route 53 console areas with a focus on hosted zones and routing records. Understand all of the traffic management options in Route 53 such as latency, multivalue, etc., and how they are used. Understand the concept of DNS zones and what information they contain.

Know the difference between public and private hosted zones. Public hosted zones store records that are accessible on the public Internet and contain public IP addressing. A private hosted zone is used internally to your VPC and contains private IP address records.

Know all the types of resource records covered in this chapter in detail. Know what each record contains and what its use case is. For example, know that the A record is for IPv4 records and an MX record is used for email exchange.

Understand the options for logging and monitoring. Know that domain registration is the only management and logging data area in the Route 53 console and then use CloudTrail and CloudWatch as the primary source of information. Also, know that Route 53 is a global service and not region specific. However, in the console it will display as either N. Virginia or Global.

Written Labs

Written Lab 3.1: Configure Logging for DNS Queries

  1. Sign in to the Amazon Web Services Management Console and open the Route 53 console at https://console.amazonaws.cn/route53.
  2. In the navigation pane, choose Hosted Zones.
  3. Choose the hosted zone that you want to configure query logging for.
  4. In the Hosted Zone Details pane, choose Configure Query Logging.
  5. Choose an existing log group or create a new log group.
  6. If you receive an alert about permissions (this happens if you haven’t configured query logging with the new console before), do one of the following:
    1. If you have 10 resource policies already, you can’t create any more. Select any of your resource policies, and select Edit. Editing will give Route 53 permissions to write logs to your log groups. Click Save. The alert goes away, and you can continue to the next step.
    1. If you have never configured query logging before (or if you haven’t created 10 resource policies already), you need to grant permissions to Route 53 to write logs to your CloudWatch logs groups. Choose Grant Permissions. The alert goes away and you can continue to the next step.
  7. Choose Permissions – Optional to see a table that shows whether the resource policy matches the CloudWatch log group and whether Route 53 has the permission to publish logs to CloudWatch.
  8. Choose Create.

Written Lab 3.2: View DNS Query Metrics for a Public Hosted Zone in the CloudWatch Console

  1. Sign in to the Amazon Web Services Management Console and open the CloudWatch console at https://console.amazonaws.cn/cloudwatch.
  2. In the navigation pane, choose Metrics.
  3. On the Amazon region list in the upper-right corner of the console, choose us-east (N. Virginia). Route 53 metrics aren’t available if you choose any other Amazon region.
  4. On the All Metrics tab, choose Route 53.
  5. Choose Hosted Zone Metrics.
  6. Select the check box for one or more hosted zones that have the metric name DNSQueries.
  7. On the Graphed Metrics tab, change the applicable values to view the metrics in the format that you want.
  8. For Statistic, choose Sum or SampleCount; these statistics both display the same value.