This chapter covers Amazon Route 53 routing policies, a critical topic for the SAA-C03 exam under Domain 2: Resilient Architectures (Objective 2.5: Design a highly available and/or fault-tolerant architecture). Route 53 routing policies control how DNS queries are answered to direct traffic across AWS resources, on-premises servers, or other endpoints. Approximately 8-12% of the exam questions involve Route 53, with routing policies being the most commonly tested aspect. Mastering these policies is essential for designing resilient, low-latency, and compliant architectures.
Jump to a section
Imagine a global logistics company with multiple distribution centers worldwide. Each center can fulfill orders for a specific product. The company has a single customer-facing phone number, but behind the scenes, a dispatcher decides which center receives each incoming call. The dispatcher uses different strategies based on business needs. For example, with 'Simple' routing, the dispatcher always sends calls to the same center (e.g., the primary warehouse). With 'Weighted' routing, the dispatcher distributes calls according to assigned percentages (e.g., 70% to Center A, 30% to Center B) to test new processes. 'Latency-based' routing sends calls to the center that can answer fastest based on the caller's location. 'Failover' routing sends all calls to a primary center, but if that center is unreachable, it redirects to a standby. 'Geolocation' routing directs calls based on the caller's country or state, e.g., EU callers to a European center to comply with data laws. 'Geoproximity' routing is like geolocation but also allows shifting traffic using a 'bias' value to route more or less traffic to a center based on its location. The dispatcher maintains a health check system: each center must periodically report its status. If a center fails to respond, the dispatcher marks it unhealthy and reroutes traffic accordingly. This is exactly how Amazon Route 53 routing policies work: they determine how DNS queries are answered to direct user traffic to the most appropriate endpoint based on policy-specific criteria, with health checks enabling failover.
What are Route 53 Routing Policies?
Amazon Route 53 is a highly available and scalable Domain Name System (DNS) web service. Its routing policies determine how Route 53 responds to DNS queries. When a client requests a domain name (e.g., www.example.com), Route 53 returns one or more IP addresses (or other records) based on the configured policy. The choice of policy directly impacts availability, latency, load distribution, and compliance.
There are eight routing policies in Route 53:
Simple
Weighted
Latency-based
Failover
Geolocation
Geoproximity (traffic flow only)
Multi-value answer
IP-based (added later, less common on SAA-C03)
Each policy has a specific use case and behavior. The exam tests your ability to select the correct policy for a given scenario.
How Routing Policies Work Internally
Route 53 is an authoritative DNS service. When you create a hosted zone and add records, Route 53 stores the record sets. When a DNS resolver queries Route 53 for a domain, Route 53 evaluates the routing policy associated with the record and returns the appropriate response. The policy logic is evaluated at query time. For example, for latency-based routing, Route 53 maintains a database of latency measurements between AWS regions and the resolver's IP address (approximated by the resolver's location). It selects the endpoint with the lowest latency for that query.
Health checks are integral to many policies. A health check monitors the health of an endpoint (e.g., an EC2 instance, an ELB, or an on-premises server). If a health check fails, Route 53 can exclude that endpoint from DNS responses (for failover, weighted, latency, multi-value). Health checks can be performed via HTTP/HTTPS, TCP, or DNS query. The default health check interval is 30 seconds (configurable to 10 seconds with a higher cost). The failure threshold is 3 consecutive failures by default.
Key Components and Defaults
TTL (Time to Live): Default 300 seconds for most records. TTL controls how long DNS resolvers cache the response. Lower TTLs allow faster failover but increase query volume and cost. For failover, a TTL of 60 seconds or less is common.
Weighted Record: You assign a weight (0-255) to each record. The probability of a record being returned is its weight divided by the sum of all weights for that name/type. A weight of 0 stops traffic to that record (but the record still exists).
Latency Record: Route 53 uses latency data between AWS regions. It does not use real-time latency from the client; it approximates based on the resolver's location. The latency is measured between the AWS region of the resource and the client's approximate location.
Failover Record: You designate primary and secondary records. Health checks are mandatory for the primary. If the primary fails, Route 53 returns the secondary. You can have multiple secondary records (e.g., for active-passive with secondary in another region).
Geolocation Record: You specify a geographic location (continent, country, or US state) for each record. Route 53 returns the record that matches the query's originating location. If there is no match, a default record is used (if configured). Geolocation is based on the resolver's IP address, not the client's. This can be inaccurate for clients using VPNs or public resolvers.
Geoproximity Record: Available only with traffic flow policies. You can route traffic based on the geographic location of users and resources. You can also shift traffic using a bias value (+/- 99) to send more traffic to a resource (positive bias) or less (negative bias). Bias is added to the distance calculation.
Multi-value Answer Record: Similar to simple routing but allows up to 8 healthy records to be returned. Health checks are supported. This is not a load balancer; it returns multiple IPs and the client chooses one randomly.
IP-based Record: Routes based on the client's IP address (CIDR range). Useful for directing traffic from specific ISPs or corporate networks.
Configuration and Verification
Records are created in the Route 53 console, CLI, or SDK. For example, to create a weighted record using the AWS CLI:
aws route53 change-resource-record-sets --hosted-zone-id ZONEID --change-batch '{
"Changes": [
{
"Action": "CREATE",
"ResourceRecordSet": {
"Name": "www.example.com",
"Type": "A",
"SetIdentifier": "Region1",
"Weight": 70,
"TTL": 60,
"ResourceRecords": [{"Value": "203.0.113.10"}]
}
}
]
}'To verify, use dig or nslookup. For example:
dig www.example.com @ns-xxx.awsdns-xx.netThe response will show the IP address based on the policy.
Interaction with Related Technologies
Elastic Load Balancing (ELB): Often used with alias records pointing to an ELB. Alias records are free and automatically handle health checks. For failover, you can point to two ELBs in different AZs/regions.
AWS Global Accelerator: Can be used with Route 53 to provide static IP addresses and improve latency. Route 53 can route to a Global Accelerator endpoint.
CloudFront: Route 53 can route to a CloudFront distribution for content delivery.
Health Checks: Integrated with CloudWatch alarms. Health checks can monitor endpoints and trigger failover. They can also be linked to other health checks (calculated health checks) for composite status.
Exam-Relevant Details
Simple routing does not support health checks. If you need health checks, use multi-value or failover.
Weighted routing supports health checks. If a health check fails, that record is excluded from responses.
Latency-based routing supports health checks. If an endpoint is unhealthy, it is excluded.
Failover routing requires health checks on the primary record. The secondary does not require a health check (but it's recommended).
Geolocation routing supports health checks. If no matching location is found and no default is configured, Route 53 returns a 'no answer' response.
Geoproximity routing is only available with traffic flow policies (visual editor).
Multi-value answer routing returns up to 8 healthy records. It is not a substitute for a load balancer; it does not provide load balancing across the returned IPs.
Alias records (e.g., to an ELB, CloudFront, S3 bucket) are free and allow you to use the root domain (zone apex). They are not a routing policy per se but can be used with any policy except simple (alias records can be simple).
The exam often tests the difference between geolocation and latency-based. Geolocation is for compliance or regional content; latency is for performance.
Failover routing can be used for multi-region active-passive architectures.
Weighted routing is ideal for blue/green deployments or A/B testing.
Multi-value answer is often confused with simple routing. The key difference is health check support and multiple IPs returned.
Create Hosted Zone
First, you must create a hosted zone in Route 53 for your domain (e.g., example.com). A hosted zone is a container for DNS records. Route 53 automatically creates four name servers (NS records) for the zone. You then update your domain registrar to use these name servers. The hosted zone type can be public (for internet-facing traffic) or private (for VPC internal use). For the SAA-C03, focus on public hosted zones. The hosted zone ID is used in CLI commands.
Define Record Sets
Within the hosted zone, you create record sets. Each record set has a name, type (A, AAAA, CNAME, etc.), TTL, and routing policy. For each policy, you add additional parameters: SetIdentifier (to differentiate multiple records of the same name/type), weight, region (for latency), failover type (PRIMARY/SECONDARY), location (for geolocation), etc. You can create multiple records with the same name and type but different SetIdentifiers to implement routing policies.
Configure Health Checks (Optional)
For policies that support health checks (weighted, latency, failover, geolocation, multi-value), you create health checks in Route 53. Each health check monitors an endpoint (IP address or domain) at a specified interval (default 30s). You configure the protocol (HTTP, HTTPS, TCP), port, path, and thresholds. Health checks can be associated with record sets. If a health check fails, Route 53 stops returning that record in DNS responses. For failover, the primary record must have a health check; without it, failover won't work.
DNS Query Received
When a client (e.g., a web browser) wants to resolve www.example.com, it sends a query to its configured DNS resolver (e.g., ISP's resolver). The resolver recursively queries the root servers, then the TLD servers, then the authoritative name servers for example.com (the Route 53 name servers). The resolver sends the query to one of Route 53's name servers. Route 53 receives the query and identifies the hosted zone and the record set matching the query name and type.
Apply Routing Policy Logic
Route 53 evaluates the routing policy of the matched record set. For simple routing, it returns all values (up to 8) in the order they are defined. For weighted, it selects a record based on the weight distribution using a pseudo-random number. For latency, it determines the client's approximate region (based on resolver IP) and selects the record with the lowest latency from that region to the resource's region. For failover, it checks the health of the primary; if healthy, returns primary; otherwise returns secondary. For geolocation, it maps the resolver's IP to a location and returns the matching record. For multi-value, it returns up to 8 healthy records. The response includes the TTL.
Return DNS Response
Route 53 sends a DNS response containing the selected IP address(es) back to the resolver. The resolver caches the response for the TTL duration and returns it to the client. The client then initiates a connection to the returned IP address. If the endpoint is unhealthy, the client may experience connection failure; however, Route 53 will have already excluded the unhealthy endpoint from responses (if health checks are configured). The resolver may continue to use cached responses until the TTL expires.
Enterprise Scenario 1: Multi-Region Active-Passive Failover
A global e-commerce company runs its website on EC2 instances behind Application Load Balancers (ALBs) in us-east-1 (primary) and eu-west-1 (secondary). They use Route 53 failover routing with a TTL of 60 seconds. The primary record points to the us-east-1 ALB (alias record), and the secondary points to the eu-west-1 ALB. A health check monitors the primary ALB's endpoint every 30 seconds. If the primary region experiences an outage, the health check fails after 3 consecutive failures (90 seconds). Route 53 then returns the secondary ALB's IP. The total failover time is approximately 90 seconds (health check failure detection) plus the TTL propagation time (up to 60 seconds). To reduce failover time, they could use a 10-second health check interval (higher cost) and a 10-second TTL, achieving failover in about 30 seconds. Common misconfiguration: forgetting to set an alias record for the ALB (which requires the hosted zone ID) or not associating the health check with the primary record.
Enterprise Scenario 2: A/B Testing with Weighted Routing
A SaaS company wants to test a new version of its application on a small percentage of users. They have two sets of EC2 instances: v1 (stable) and v2 (beta). They create two A records with the same name (app.example.com) using weighted routing: record A with weight 90 (v1) and record B with weight 10 (v2). Both records have health checks. If the v2 instances become unhealthy, Route 53 automatically routes 100% of traffic to v1. The TTL is set to 300 seconds to reduce DNS query costs. The company gradually shifts traffic by updating weights over time. A common mistake is to set weights that don't sum to 100 (the sum can be any number; the proportion is calculated). Another mistake is using simple routing instead of weighted, which would return both IPs and the client would pick one, not respecting the weight.
Scenario 3: Latency-Based Routing for Global Users
A media streaming service has origins in us-west-2, eu-central-1, and ap-southeast-1. They use latency-based routing to direct users to the region with the lowest latency. They create three records, each with a different region. Route 53 uses latency data between AWS regions and the client's resolver to determine the best region. This improves user experience by reducing buffering. However, they must ensure that each region has sufficient capacity to handle the traffic. A pitfall: latency-based routing does not consider real-time load; it only uses historical latency data. If one region becomes overloaded, traffic continues to be sent there until health checks fail. To mitigate, they combine latency with health checks. Also, latency-based routing is not suitable for compliance (e.g., data sovereignty); for that, geolocation is used.
What the SAA-C03 Tests
Route 53 routing policies are tested under Objective 2.5 (Design a highly available and/or fault-tolerant architecture). The exam expects you to:
Choose the correct routing policy based on requirements (performance, compliance, failover, load distribution).
Understand the difference between geolocation and latency-based routing.
Know which policies support health checks and how failover works.
Recognize when to use multi-value answer vs. simple routing.
Identify the purpose of alias records (especially for ELB, CloudFront, S3).
Common Wrong Answers
Choosing simple routing when health checks are needed: Candidates often pick simple routing because it's the default, but it does not support health checks. The correct answer is failover, weighted, latency, geolocation, or multi-value.
Confusing geolocation with latency-based: Geolocation routes based on geographic location (e.g., country), while latency-based routes based on network latency. A scenario requiring 'lowest latency' should use latency-based, not geolocation.
Selecting weighted routing for active-passive failover: Weighted routing distributes traffic proportionally; failover routing is designed for primary/backup. If the question says 'primary and secondary', the answer is failover.
Thinking multi-value answer provides load balancing: Multi-value returns multiple IPs, but the client selects one randomly. It does not distribute load evenly. For load balancing, use ELB or weighted routing.
Specific Values and Terms
TTL: commonly 60, 300, or 86400 seconds.
Weight: 0-255.
Health check interval: 30 seconds (default), 10 seconds (fast).
Failure threshold: 3 (default).
Failover: PRIMARY and SECONDARY.
Geolocation: continent, country, US state.
Geoproximity: bias (-99 to 99).
Alias records: target must be an AWS resource (ELB, CloudFront, S3, etc.).
Edge Cases and Exceptions
Simple routing can have multiple values (up to 8) but no health checks.
Weighted routing with weight 0 stops traffic but the record remains.
Geolocation: if no default record and no match, returns NXDOMAIN.
Failover: secondary can be a single record or multiple (but only one is returned).
Latency-based: if the client's resolver is in a region not in the latency database, Route 53 uses a default region.
Alias records cannot be used with simple routing if you have multiple alias records with the same name (they must be of different types).
How to Eliminate Wrong Answers
If the scenario mentions 'health check', eliminate simple routing.
If the scenario mentions 'primary and secondary', choose failover.
If the scenario mentions 'lowest latency', choose latency-based.
If the scenario mentions 'compliance' or 'regional restrictions', choose geolocation.
If the scenario mentions 'gradual traffic shift' or 'A/B testing', choose weighted.
If the scenario mentions 'multiple healthy endpoints' and 'health checks', choose multi-value.
If the scenario mentions 'static IP addresses' or 'client IP ranges', consider IP-based routing (less common).
Simple routing returns all values but does not support health checks.
Weighted routing distributes traffic proportionally; weights range 0-255.
Latency-based routing selects the endpoint with the lowest latency based on AWS region.
Failover routing requires a health check on the primary; secondary is used if primary fails.
Geolocation routing uses the resolver's location; must have a default record for unmatched queries.
Geoproximity routing is only available with traffic flow; bias shifts traffic toward/away from a location.
Multi-value answer returns up to 8 healthy records; does not replace a load balancer.
Alias records point to AWS resources (ELB, CloudFront, S3) and are free.
Health check interval: 30s default, 10s fast; failure threshold: 3 by default.
TTL controls caching; lower TTL speeds up failover but increases costs.
These come up on the exam all the time. Here's how to tell them apart.
Latency-based routing
Routes based on network latency between AWS regions and the resolver.
Improves performance by directing users to the fastest region.
Does not consider geographic boundaries; a user in Europe may be routed to US if latency is lower.
Supports health checks.
Ideal for global applications where performance is the primary concern.
Geolocation routing
Routes based on the geographic location of the resolver (continent, country, state).
Used for compliance (e.g., data sovereignty) or regional content delivery.
Does not consider latency; a user in Europe is always routed to a European resource, even if US is faster.
Supports health checks.
Ideal for applications that must adhere to regional regulations.
Failover routing
Designates a primary and one or more secondary endpoints.
Traffic goes to primary unless health check fails.
Health check mandatory on primary.
Simple active-passive failover.
TTL should be low (e.g., 60s) for fast failover.
Weighted routing
Distributes traffic across multiple endpoints based on assigned weights.
Can be used for A/B testing or gradual rollouts.
Health checks optional but recommended.
All endpoints receive traffic simultaneously (unless weight=0).
Weights can be adjusted over time.
Mistake
Simple routing supports health checks.
Correct
Simple routing does NOT support health checks. If you need health checks, use weighted, latency, failover, geolocation, or multi-value.
Mistake
Latency-based routing uses real-time latency from the client.
Correct
Latency-based routing uses historical latency data between AWS regions and the DNS resolver's approximate location, not real-time client latency.
Mistake
Geolocation routing is based on the client's IP address.
Correct
Geolocation routing is based on the DNS resolver's IP address, not the client's. This can lead to inaccuracies if the client uses a VPN or public resolver.
Mistake
Weighted routing requires the sum of weights to be 100.
Correct
The sum of weights can be any number. The probability for a record is its weight divided by the sum of all weights for that name/type.
Mistake
Multi-value answer routing provides load balancing across returned IPs.
Correct
Multi-value returns up to 8 healthy IPs, but the client chooses one randomly. It does not balance load; for load balancing, use ELB or weighted routing.
Reveal each answer, then mark whether you got it right. Score 60%+ to unlock the next chapter.
Simple routing returns all IP addresses (up to 8) in a random order, but it does not support health checks. Multi-value answer routing also returns up to 8 IP addresses, but it supports health checks: only healthy records are returned. Both return multiple values, and the client picks one. The key difference is health check support. If you need to exclude unhealthy endpoints, use multi-value. If you don't need health checks, simple is simpler.
Technically yes, by setting the primary weight to 100 and secondary to 0, then changing weights when failover is needed. However, this is manual. The failover routing policy is designed for automated active-passive failover with health checks. For automatic failover, use failover routing. Weighted is better for load distribution or gradual traffic shifts.
No, latency-based routing uses latency data between AWS regions and the DNS resolver's approximate location, not the client's actual latency. The resolver is typically the ISP's DNS server. The latency is measured periodically by AWS. It is a good approximation but not real-time per-query latency.
Use geolocation routing. Create records for each country or continent, pointing to resources in the desired region. For example, route users from Germany to a record pointing to an ELB in eu-central-1. Ensure you have a default record for unmatched locations. Geolocation is based on the resolver's IP, not the client's, so it's not perfect but generally works.
Failover time depends on the health check interval and failure threshold, plus TTL. Default health check interval is 30 seconds, failure threshold is 3, so it takes 90 seconds to mark unhealthy. Then DNS resolvers may have cached the old response for up to the TTL (e.g., 60 seconds). Total failover time can be 90-150 seconds. To reduce it, use a 10-second health check interval (fast health check) and a low TTL (e.g., 10 seconds).
Yes, alias records can be used with all routing policies except that you cannot have multiple alias records of the same type with the same name under simple routing (you would need different SetIdentifiers, which is not allowed for simple). For other policies, you can create multiple alias records with the same name and type, each with a different SetIdentifier, pointing to different AWS resources.
Route 53 returns a 'no answer' response (NXDOMAIN) for that query. The client will not be able to resolve the domain. Always configure a default record (e.g., pointing to a catch-all region) to handle unmatched locations.
You've just covered Route 53 Routing Policies — now see how well it sticks with free SAA-C03 practice questions. Full explanations included, no account needed.
Done with this chapter?