Amazon Route 53 | Health Checks & DNS Failover Flashcards

1
Q

Can I use Private DNS to block domains and DNS names that I don’t want to be reached from within my VPC?

Health Checks & DNS Failover

Amazon Route 53 | Networking & Content Delivery

A

Yes, you can block domains and specific DNS names by creating these names in one or more Private DNS hosted zones and pointing these names to your own server (or another location that you manage).

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
2
Q

What is DNS Failover?

Health Checks & DNS Failover

Amazon Route 53 | Networking & Content Delivery

A

DNS Failover consists of two components: health checks and failover. Health checks are automated requests sent over the Internet to your application to verify that your application is reachable, available, and functional. You can configure the health checks to be similar to the typical requests made by your users, such as requesting a web page from a specific URL. With DNS failover, Route 53 only returns answers for resources that are healthy and reachable from the outside world, so that your end users are routed away from a failed or unhealthy part of your application.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
3
Q

How do I get started with DNS Failover?

Health Checks & DNS Failover

Amazon Route 53 | Networking & Content Delivery

A

Visit the Amazon Route 53 Developer Guide for details on getting started. You can also configure DNS Failover from within the Route 53 Console.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
4
Q

Does DNS Failover support Elastic Load Balancers (ELBs) as endpoints?

Health Checks & DNS Failover

Amazon Route 53 | Networking & Content Delivery

A

Yes, you can configure DNS Failover for Elastic Load Balancers (ELBs). To enable DNS Failover for an ELB endpoint, create an Alias record pointing to the ELB and set the “Evaluate Target Health” parameter to true. Route 53 creates and manages the health checks for your ELB automatically. You do not need to create your own Route 53 health check of the ELB. You also do not need to associate your resource record set for the ELB with your own health check, because Route 53 automatically associates it with the health checks that Route 53 manages on your behalf. The ELB health check will also inherit the health of your backend instances behind that ELB. For more details on using DNS Failover with ELB endpoints, please consult the Route 53 Developer Guide.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
5
Q

Can I configure a backup site to be used only when a health check fails?

Health Checks & DNS Failover

Amazon Route 53 | Networking & Content Delivery

A

Yes, you can use DNS Failover to maintain a backup site (for example, a static site running on an Amazon S3 website bucket) and fail over to this site in the event that your primary site becomes unreachable.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
6
Q

What DNS record types can I associate with Route 53 health checks?

Health Checks & DNS Failover

Amazon Route 53 | Networking & Content Delivery

A

You can associate any record type supported by Route 53 except SOA and NS records.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
7
Q

Can I health check an endpoint if I don’t know its IP address?

Health Checks & DNS Failover

Amazon Route 53 | Networking & Content Delivery

A

Yes. You can configure DNS Failover for Elastic Load Balancers and Amazon S3 website buckets via the Amazon Route 53 Console without needing to create a health check of your own. For these endpoint types, Route 53 automatically creates and manages health checks on your behalf which are used when you create an Alias record pointing to the ELB or S3 website bucket and enable the “Evaluate Target Health” parameter on the Alias record.

For all other endpoints, you can specify either the DNS name (e.g. www.example.com) or the IP address of the endpoint when you create a health check for that endpoint.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
8
Q

One of my endpoints is outside AWS. Can I set up DNS Failover on this endpoint?

Health Checks & DNS Failover

Amazon Route 53 | Networking & Content Delivery

A

Yes. Just like you can create a Route 53 resource record that points to an address outside AWS, you can set up health checks for parts of your application running outside AWS, and you can fail over to any endpoint that you choose, regardless of location. For example, you may have a legacy application running in a datacenter outside AWS and a backup instance of that application running within AWS. You can set up health checks of your legacy application running outside AWS, and if the application fails the health checks, you can fail over automatically to the backup instance in AWS.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
9
Q

If failover occurs and I have multiple healthy endpoints remaining, will Route 53 consider the load on my healthy endpoints when determining where to send traffic from the failed endpoint?

Health Checks & DNS Failover

Amazon Route 53 | Networking & Content Delivery

A

No, Route 53 does not make routing decisions based on the load or available traffic capacity of your endpoints. You will need to ensure that you have available capacity at your other endpoints, or the ability to scale at those endpoints, in order to handle the traffic that had been flowing to your failed endpoint.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
10
Q

How many consecutive health check observations does an endpoint need to fail to be considered “failed”?

Health Checks & DNS Failover

Amazon Route 53 | Networking & Content Delivery

A

The default is a threshold of three health check observations: when an endpoint has failed three consecutive observations, Route 53 will consider it failed. However, Route 53 will continue to perform health check observations on the endpoint and will resume sending traffic to it once it passes three consecutive observations. You can change this threshold to any value between 1 and 10 observations. For more details, see the Amazon Route 53 Developer Guide.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
11
Q

When my failed endpoint becomes healthy again, how is the DNS failover reversed?

Health Checks & DNS Failover

Amazon Route 53 | Networking & Content Delivery

A

After a failed endpoint passes the number of consecutive health check observations that you specify when creating the health check (the default threshold is three observations), Route 53 will restore its DNS records automatically, and traffic to that endpoint will resume with no action required on your part.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
12
Q

What is the interval between health check observations?

Health Checks & DNS Failover

Amazon Route 53 | Networking & Content Delivery

A

By default, health check observations are conducted at an interval of 30 seconds. You can optionally select a fast interval of 10 seconds between observations.

By checking three times more often, fast interval health checks enable Route 53 to confirm more quickly that an endpoint has failed, shortening the time required for DNS failover to redirect traffic in response to the endpoint’s failure.

Fast interval health checks also generate three times the number of requests to your endpoint, which may be a consideration if your endpoint has a limited capacity to serve web traffic. Visit the Route 53 pricing page for details on pricing for fast interval health checks and other optional health check features. For more details, see the Amazon Route 53 Developer Guide.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
13
Q

How much load should I expect a health check to generate on my endpoint (for example, a web server)?

Health Checks & DNS Failover

Amazon Route 53 | Networking & Content Delivery

A

Each heath check is conducted from multiple locations around the world. The number and set of locations is configurable; you can modify the number of locations from which each of your health checks is conducted using the Amazon Route 53 console or API. Each location checks the endpoint independently at the interval that you select: the default interval of 30 seconds, or an optional fast interval of 10 seconds. Based on the current default number of health checking locations, you should expect your endpoint to receive one request every 2-3 seconds on average for standard interval health checks and one or more requests per second for fast-interval health checks.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
14
Q

Do Route 53 health checks follow HTTP redirects?

Health Checks & DNS Failover

Amazon Route 53 | Networking & Content Delivery

A

No. Route 53 health checks consider an HTTP 3xx code to be a successful response, so they don’t follow the redirect. This may cause unexpected results for string-matching health checks. The health check searches for the specified string in the body of the redirect. Because the health check doesn’t follow the redirect, it never sends a request to the location that the redirect points to and never gets a response from that location. For string matching health checks, we recommend that you avoid pointing the health check at a location that returns an HTTP redirect.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
15
Q

What is the sequence of events when failover happens?

Health Checks & DNS Failover

Amazon Route 53 | Networking & Content Delivery

A

In simplest terms, the following events will take place if a health check fails and failover occurs:

Route 53 conducts a health check of your application. In this example, your application fails three consecutive health checks, triggering the following events.

Route 53 disables the resource records for the failed endpoint and no longer serves these records. This is the failover step, which causes traffic to begin being routed to your healthy endpoint(s) instead of your failed endpoint.

How well did you know this?
1
Not at all
2
3
4
5
Perfectly
16
Q

Do I need to adjust the TTL for my records in order to use DNS Failover?

Health Checks & DNS Failover

Amazon Route 53 | Networking & Content Delivery

A

The time for which a DNS resolver caches a response is set by a value called the time to live (TTL) associated with every record. We recommend a TTL of 60 seconds or less when using DNS Failover, to minimize the amount of time it takes for traffic to stop being routed to your failed endpoint. In order to configure DNS Failover for ELB and S3 Website endpoints, you need to use Alias records which have fixed TTL of 60 seconds; for these endpoint types, you do not need to adjust TTLs in order to use DNS Failover.

17
Q

What happens if all of my endpoints are unhealthy?

Health Checks & DNS Failover

Amazon Route 53 | Networking & Content Delivery

A

Route 53 can only fail over to an endpoint that is healthy. If there are no healthy endpoints remaining in a resource record set, Route 53 will behave as if all health checks are passing.

18
Q

Can I use DNS Failover without using Latency Based Routing (LBR)?

Health Checks & DNS Failover

Amazon Route 53 | Networking & Content Delivery

A

Yes. You can configure DNS Failover without using LBR. In particular, you can use DNS failover to configure a simple failover scenario where Route 53 monitors your primary website and fails over to a backup site in the event that your primary site is unavailable.

19
Q

Can I configure a health check on a site accessible only via HTTPS?

Health Checks & DNS Failover

Amazon Route 53 | Networking & Content Delivery

A

Yes. Route 53 supports health checks over HTTPS, HTTP or TCP.

20
Q

Do HTTPS health checks validate the endpoint’s SSL certificate?

Health Checks & DNS Failover

Amazon Route 53 | Networking & Content Delivery

A

No, HTTPS health checks test whether it’s possible to connect with the endpoint over SSL and whether the endpoint returns a valid HTTP response code. However, they do not validate the SSL certificate returned by the endpoint.

21
Q

Do HTTPS health checks support Server Name Indication (SNI)?

Health Checks & DNS Failover

Amazon Route 53 | Networking & Content Delivery

A

Yes, HTTPS health checks support SNI.

22
Q

How can I use health checks to verify that my web server is returning the correct content?

Health Checks & DNS Failover

Amazon Route 53 | Networking & Content Delivery

A

You can use Route 53 health checks to check for the presence of a designated string in a server response by selecting the “Enable String Matching” option. This option can be used to check a web server to verify that that the HTML it serves contains an expected string. Or, you can create a dedicated status page and use it to check the health of the server from an internal or operational perspective. For more details, see the Amazon Route 53 Developer Guide.

23
Q

How do I see the status of a health check that I’ve created?

Health Checks & DNS Failover

Amazon Route 53 | Networking & Content Delivery

A

You can view the current status of a health check, as well as details on why it has failed, in the Amazon Route 53 console and via the Route 53 API.

Additionally, each health check’s results are published as Amazon CloudWatch metrics showing the endpoint’s health and, optionally, the latency of the endpoint’s response. You can view a graph of the Amazon CloudWatch metric in the health checks tab of the Amazon Route 53 console to see the current and historical status of the health check. You can also create Amazon CloudWatch alarms on the metric in order to send notifications if the status of the health check changes.

The Amazon CloudWatch metrics for all of your Amazon Route 53 health checks are also visible in the Amazon CloudWatch console. Each Amazon CloudWatch metric contains the Health Check ID (for example, 01beb6a3-e1c2-4a2b-a0b7-7031e9060a6a) which you can use to identify which health check the metric is tracking.

24
Q

How can I measure the performance of my application’s endpoints using Amazon Route 53?

Health Checks & DNS Failover

Amazon Route 53 | Networking & Content Delivery

A

Amazon Route 53 health checks include an optional latency measurement feature which provides data on how long it takes your endpoint to respond to a request. When you enable the latency measurement feature, the Amazon Route 53 health check will generate additional Amazon CloudWatch metrics showing the time required for Amazon Route 53’s health checkers to establish a connection and to begin receiving data. Amazon Route 53 provides a separate set of latency metrics for each AWS region where Amazon Route 53 health checks are conducted.

25
Q

How can I be notified if one of my endpoints starts failing its health check?

Health Checks & DNS Failover

Amazon Route 53 | Networking & Content Delivery

A

Because each Route 53 health check publishes its results as a CloudWatch metric, you can configure the full range of CloudWatch notifications and automated actions which can be triggered when the health check value changes beyond a threshold that you specify. First, in either the Route 53 or CloudWatch console, configure a CloudWatch alarm on the health check metric. Then add a notification action and specify the email or SNS topic that you want to publish your notification to. Please consult the Route 53 Developer Guide for full details.

26
Q

I created an alarm for my health check, but I need to re-send the confirmation email for the alarm’s SNS topic. How can I re-send this email?

Health Checks & DNS Failover

Amazon Route 53 | Networking & Content Delivery

A

Confirmation emails can be re-sent from the SNS console.To find the name of the SNS topic associated with the alarm, click the alarm name within the Route 53 console and looking in the box labeled “Send notification to.”

Within the SNS console, expand the list of topics, and select the topic from your alarm. Open the “Create Subscription” box and select Email for protocol and enter the desired email address. Clicking “Subscribe” will re-send the confirmation email.

27
Q

I’m using DNS Failover with Elastic Load Balancers (ELBs) as endpoints. How can I see the status of these endpoints?

Health Checks & DNS Failover

Amazon Route 53 | Networking & Content Delivery

A

The recommended method for setting up DNS Failover with ELB endpoints is to use Alias records with the “Evaluate Target Health” option. Because you don’t create your own health checks for ELB endpoints when using this option, there are no specific CloudWatch metrics generated by Route 53 for these endpoints.

You can get metrics on the health of your load balancer in two ways. First, Elastic Load Balancing publishes metrics that indicate the health of the load balancer and the number of healthy instances behind it. For details on configuring CloudWatch metrics for ELB, consult the ELB developer guide. Second, you can create your own health check against the CNAME provided by the ELB, e.g. elb-example-123456678.us-west-2.elb.amazonaws.com. You won’t use this health check for DNS Failover itself (because the “Evaluate Target Health” option provides DNS Failover for you), but you can view the CloudWatch metrics for this health check and create alarms to be notified if the health check fails.

For complete details on using DNS Failover with ELB endpoints, please consult the Route 53 Developer Guide.

28
Q

For Alias records pointing to Amazon S3 Website buckets, what is being health checked when I set Evaluate Target Health to “true”?

Health Checks & DNS Failover

Amazon Route 53 | Networking & Content Delivery

A

Amazon Route 53 performs health checks of the Amazon S3 service itself in each AWS region. When you enable Evaluate Target Health on an Alias record pointing to an Amazon S3 Website bucket, Amazon Route 53 will take into account the health of the Amazon S3 service in the AWS region where your bucket is located. Amazon Route 53 does not check whether a specific bucket exists or contains valid website content; Amazon Route 53 will only fail over to another location if the Amazon S3 service itself is unavailable in the AWS region where your bucket is located.

29
Q

What is the cost to use CloudWatch metrics for my Route 53 health checks?

Health Checks & DNS Failover

Amazon Route 53 | Networking & Content Delivery

A

CloudWatch metrics for Route 53 health checks are available free of charge.

30
Q

Can I configure DNS Failover based on internal health metrics, such as CPU load, network, or memory?

Health Checks & DNS Failover

Amazon Route 53 | Networking & Content Delivery

A

Yes. Amazon Route 53’s metric based health checks let you perform DNS failover based on any metric that is available within Amazon CloudWatch, including AWS-provided metrics and custom metrics from your own application. When you create a metric based health check within Amazon Route 53, the health check becomes unhealthy whenever its associated Amazon CloudWatch metric enters an alarm state.

Metric based health checks are useful to enable DNS failover for endpoints that cannot be reached by a standard Amazon Route 53 health check, such as instances within a Virtual Private Cloud (VPC) that only have private IP addresses. Using Amazon Route 53’s calculated health check feature, you can also accomplish more sophisticated failover scenarios by combining the results of metric based health checks with the results of standard Amazon Route 53 health checks, which make requests against an endpoint from a network of checkers around the world. For example, you can create a configuration which fails away from an endpoint if either its public-facing web page is unavailable, or if internal metrics such as CPU load, network in/out, or disk reads show that the server itself is unhealthy.

31
Q

My web server is receiving requests from a Route 53 health check that I did not create. How can I stop these requests?

Health Checks & DNS Failover

Amazon Route 53 | Networking & Content Delivery

A

Occasionally, Amazon Route 53 customers create health checks that specify an IP address or domain name that does not belong to them. If your web server is getting unwanted HTTP(s) requests that you have traced to Amazon Route 53 health checks, please provide information on the unwanted health check using this form, and we will work with our customer to fix the problem.

32
Q

If I specify a domain name as my health check target, will Amazon Route 53 check over IPv4 or IPv6?

Health Checks & DNS Failover

Amazon Route 53 | Networking & Content Delivery

A

If you specify a domain name as the endpoint of an Amazon Route 53 health check, Amazon Route 53 will look up the IPv4 address of that domain name and will connect to the endpoint using IPv4. Amazon Route 53 will not attempt to look up the IPv6 address for an endpoint that is specified by domain name. If you want to perform a health check over IPv6 instead of IPv4, select “IP address” instead of “domain name” as your endpoint type, and enter the IPv6 address in the “IP address” field.