Route 53 DNS Setup
A concise, step-by-step guide to registering a domain, setting up hosted zones, and configuring DNS records in AWS Route 53.
What is Route 53?
Route 53 is AWS's DNS (Domain Name System) service. It does three things:
-
Domain Registration — buy and manage domain names
-
DNS Routing — translate domain names to IP addresses
-
Health Checking — monitor the health of your resources
Step 1: Register a Domain
Console
-
Go to Route 53 Console → Registered domains → Register domain
-
Search for your desired domain name and pick a TLD (
.com,.dev,.io, etc.) -
Add to cart → Continue
-
Fill in contact details (registrant, admin, technical)
-
Enable Privacy Protection (hides your info from WHOIS — always enable this)
-
Choose Auto-renew on/off
-
Review → Accept terms → Submit
What happens after registration
-
AWS automatically creates a Hosted Zone with the same name as your domain
-
4 Name Server (NS) records are assigned to your hosted zone
-
Domain registration can take up to 3 days (usually minutes for
.com) -
You'll receive a verification email — click the link or your domain gets suspended
Pricing
-
Domain fee: varies by TLD (
.comis ~$13/year,.devis ~$14/year) -
Hosted zone: $0.50/month
-
DNS queries: $0.40 per million queries
-
Domain fee is non-refundable and you cannot change the domain name after registration
Step 2: Understand Hosted Zones
A Hosted Zone is a container for DNS records for a specific domain. Think of it as a folder that holds all the routing rules for your domain.
Public vs Private Hosted Zones
| Type | Purpose | Accessible From |
| Public | Routes traffic from the internet | Anywhere on the internet |
| Private | Routes traffic within a VPC | Only within associated VPCs |
Auto-Created Records
When a hosted zone is created, Route 53 automatically adds:
-
NS Record — lists the 4 name servers assigned to your zone
-
SOA Record — contains admin info about the zone (start of authority)
Tip: If you delete a hosted zone and recreate it, the NS records will be different. You'd need to update the name servers at your registrar.
Step 3: Using Route 53 with an External Registrar
If you bought your domain elsewhere (GoDaddy, Namecheap, Google Domains, etc.):
-
Create a Public Hosted Zone in Route 53 with your domain name
-
Copy the 4 NS records from the hosted zone
-
Go to your registrar's DNS settings → replace their name servers with the Route 53 NS records
-
Wait for propagation (can take up to 48 hours, usually faster)
Step 4: DNS Record Types
Core Record Types
| Record | What It Does | Example Value |
| A | Maps domain to IPv4 address | 192.0.2.1 |
| AAAA | Maps domain to IPv6 address | 2001:0db8::1 |
| CNAME | Maps domain to another domain name | app.example.com → my-alb.us-east-1.elb.amazonaws.com |
| MX | Mail server routing | 10 mail.example.com |
| TXT | Text data (SPF, DKIM, verification) | "v=spf1 include:_spf.google.com ~all" |
| NS | Delegates a subdomain to other name servers | ns-123.awsdns-45.com |
| CAA | Specifies which CAs can issue SSL certs | 0 issue "amazon.com" |
Alias Records (Route 53 Special)
Alias records are a Route 53-specific feature. They work like CNAMEs but with key advantages:
| Feature | Alias | CNAME |
Works at zone apex (example.com) | ✅ Yes | ❌ No |
| Query cost for AWS resources | Free | $0.40/million |
| Targets | AWS resources only | Any domain |
| Response | Returns actual IP addresses | Returns another domain name |
Use Alias when pointing to: ALB, CloudFront, S3 website, API Gateway, ECS, Elastic Beanstalk
Use CNAME when pointing to: Non-AWS targets (Vercel, Netlify, Heroku, etc.)
Key Rule: You cannot create a CNAME at the zone apex (
example.com). Use an Alias record instead.
Step 5: Create DNS Records
Console
-
Go to Route 53 → Hosted zones → select your zone
-
Click Create record
-
Switch to Quick create if in wizard view
Common Setups
Point domain to an ALB (Alias)
Record name: (leave blank for apex, or enter "www")
Record type: A
Alias: ON
Route traffic to: Alias to Application and Classic Load Balancer
Region: your ALB's region
Load balancer: select from dropdown
Point subdomain to an EC2 instance (A Record)
Record name: app
Record type: A
Value: 54.123.45.67
TTL: 300
Point subdomain to external service (CNAME)
Record name: blog
Record type: CNAME
Value: my-site.netlify.app
TTL: 300
Set up email with Google Workspace (MX)
Record name: (leave blank)
Record type: MX
Value:
1 ASPMX.L.GOOGLE.COM
5 ALT1.ASPMX.L.GOOGLE.COM
5 ALT2.ASPMX.L.GOOGLE.COM
10 ALT3.ASPMX.L.GOOGLE.COM
10 ALT4.ASPMX.L.GOOGLE.COM
TTL: 3600
SSL Certificate Validation (CNAME)
When using ACM (AWS Certificate Manager):
-
Request a certificate in ACM
-
ACM gives you a CNAME name and value
-
Create the CNAME record in Route 53 (ACM can auto-create this for you)
-
Wait for validation (usually a few minutes)
Step 6: Routing Policies
| Policy | Use Case |
| Simple | Single resource, basic routing |
| Weighted | Split traffic between resources (e.g., 70/30 blue-green deploy) |
| Failover | Active-passive setup with health checks |
| Latency | Route to the lowest-latency region |
| Geolocation | Route based on user's country/continent |
| Geoproximity | Route based on geographic distance to resources |
| Multivalue Answer | Return multiple healthy IPs (basic load balancing) |
Step 7: Health Checks
Health checks monitor your endpoints and can trigger DNS failover.
-
Go to Route 53 → Health checks → Create health check
-
Specify: endpoint IP or domain, port, path (e.g.,
/health) -
Set check interval: 30 seconds (standard) or 10 seconds (fast, costs more)
-
Set failure threshold (default: 3 consecutive failures)
-
Link the health check to your DNS record
Health checks cost $0.50/month for AWS endpoints, $0.75/month for non-AWS endpoints.
AWS CLI Reference
Create a Hosted Zone
aws route53 create-hosted-zone \
--name example.com \
--caller-reference "unique-string-$(date +%s)"
Create an A Record
aws route53 change-resource-record-sets \
--hosted-zone-id Z0123456789ABC \
--change-batch '{
"Changes": [{
"Action": "CREATE",
"ResourceRecordSet": {
"Name": "app.example.com",
"Type": "A",
"TTL": 300,
"ResourceRecords": [{"Value": "54.123.45.67"}]
}
}]
}'
Create an Alias Record (ALB)
aws route53 change-resource-record-sets \
--hosted-zone-id Z0123456789ABC \
--change-batch '{
"Changes": [{
"Action": "CREATE",
"ResourceRecordSet": {
"Name": "example.com",
"Type": "A",
"AliasTarget": {
"HostedZoneId": "Z35SXDOTRQ7X7K",
"DNSName": "my-alb-123.us-east-1.elb.amazonaws.com",
"EvaluateTargetHealth": true
}
}
}]
}'
List Records in a Hosted Zone
aws route53 list-resource-record-sets \
--hosted-zone-id Z0123456789ABC
Delete a Record
# Same as CREATE but change Action to "DELETE"
# The record values must match exactly
Common Scenarios
Docusaurus Site on S3 + CloudFront
-
Create S3 bucket → enable static hosting
-
Create CloudFront distribution → set S3 as origin
-
Request ACM cert for
example.comandwww.example.com(must be inus-east-1) -
Create Alias A record for
example.com→ CloudFront distribution -
Create Alias A record for
www.example.com→ CloudFront distribution
Redirect www to apex (or vice versa)
-
Create S3 bucket named
www.example.com -
Configure S3 to redirect all requests to
example.com -
Create Alias A record for
www.example.com→ S3 website endpoint
Subdomain for API
api.example.com → Alias to ALB or API Gateway
TTL (Time to Live)
TTL tells DNS resolvers how long to cache a record (in seconds).
| TTL | Duration | Use Case |
| 60 | 1 minute | During migrations or DNS changes |
| 300 | 5 minutes | Standard for most records |
| 3600 | 1 hour | Stable records that rarely change |
| 86400 | 24 hours | Very stable records (NS, MX) |
Tip: Before making DNS changes, lower TTL to 60s a day in advance. After the change propagates, raise it back.
Note: Alias records don't have TTL — Route 53 uses the target resource's default TTL.
Troubleshooting
Check if DNS is propagated
# Check from specific DNS server
dig example.com @ns-123.awsdns-45.com
# Check A record
dig A example.com
# Check CNAME
dig CNAME www.example.com
# Quick check
nslookup example.com
Common Issues
| Problem | Fix |
| Domain not resolving | Check NS records match between registrar and hosted zone |
| SSL cert not validating | Ensure CNAME validation record exists in Route 53 |
| CNAME at apex failing | Use Alias record instead — CNAME cannot be used at zone apex |
| Changes not reflecting | Wait for TTL expiration, or lower TTL before making changes |
| Alias target not showing in dropdown | Ensure resource is in the same account, or enter the DNS name manually |
Cost Summary
| Resource | Cost |
| Domain registration | $9–$75+/year depending on TLD |
| Hosted zone | $0.50/month per zone |
| Standard DNS queries | $0.40/million |
| Alias queries to AWS resources | Free |
| Health checks (AWS endpoints) | $0.50/month each |
| Health checks (non-AWS) | $0.75/month each |