Resolver Endpoints Monitoring – Hybrid and Multi-account DNS – ANS-C01 Study Guide

Resolver Endpoints Monitoring

Data specific to the resolver endpoints is exported to and monitored by CloudWatch. The raw data is collected at 5-minute intervals; converted into readable, near real-time data; and displayed in dashboards and tables you create.

You can use Amazon CloudWatch to monitor the number of DNS queries that are forwarded by Route 53 Resolver endpoints. Amazon CloudWatch collects and processes raw data into readable, near real-time metrics that are stored for 14 days by default.

Domain Registration Monitoring

Domain name registration logging is accessed directly from the Route 53 console and not CloudWatch. This provides you with current details on the status of your registered domains, newly registered domains, domain transfers into Route 53, and the expiration dates of all of your registered domains.

It is a good practice to monitor this console to make sure your domains are in good standing. Also, keep your contact registration data up-to-date so you can receive important notifications from AWS such as the need to renew expiring domains.

Summary

This chapter continued covering DNS and Route 53, which we introduced in Chapter 2. The focus in this chapter was to look at the advanced capabilities of Route 53. You learned about the operation side of Route 53, and we went over many of the configuration options to enable its many features.

We began with hosted zones in either internal, or private, and external, or public, hosted zones. Internal zones are for name resolution services inside a VPC, and external zones provide name resolution for your domain to the Internet. You learned how to create and configure both types of zones using the Route 53 graphical console.

Traffic management was covered in detail, and the various options to direct the traffic in DNS using options such as latency, geography, weighted, failover, and multivalue were covered. To add resiliency and redundancy, health checking was detailed. The AWS Traffic Policy Editor is used to create policies using the graphical configuration tool in the console.

In larger organizations, there are often many different groups or organizations that need to administer a section of the domain. You learned about domain delegation and forwarding rules for hybrid DNS deployments.

Traffic records are the fundamental building block of a domain, and how they are configured and administered inside Route 53 was discussed in detail. Each of the primary record type’s configuration was covered.

Security was added on to DNS well after it was introduced and it is becoming important to integrate DNSSEC into Route 53 and all DNS services as regulatory and corporate best practices call for a secure DNS service. DNSSEC is the standard solution, and we discussed how it fits into Route 53.

Multi-account Route 53 and how to configure the Route 53 Resolvers for inbound, outbound, and bidirectional name resolution were discussed.

Monitoring and logging options were explained, and some of the common configurations were given. Route 53 uses AWS-based tools such as CloudTrail and CloudWatch. All the various monitoring options were discussed and explained.