Route 53

Question 1

What does the DNS ‘A’ record type do?

Answer 1

Maps a hostname to IPv4

Question 2

What does the DNS ‘AAAA’ record type do?

Answer 2

Maps a hostname to IPv6

Question 3

What does the DNS ‘CNAME’ record type do?

Answer 3

Maps a hostname to another hostname (the target must have an ‘A’ or ‘AAAA’ record, cannot create a CNAME for the top node of a DNS namespace e.g. example.com but www.example.com is ok).

Question 4

What does the DNS ‘NS’ record type do?

Answer 4

Name servers for the hosted zone, controls how traffic is routed for a domain

Question 5

What is a hosted zone?

Answer 5

A container for records that define how to route traffic to a domain and its sub-domains. Can be public or private.

Question 6

What DNS record type is TTL not required for?

Answer 6

Alias

Question 7

What is the difference between a CNAME and an Alias DNS record type?

Answer 7

CNAME points a hostname to any other hostname, but only for a non-root domain (dev.something.com). An Alias points a hostname to an AWS resource and does work for root domains. Ideal for pointing to a load balancer.

Question 8

What are some example targets of a DNS Alias?

Answer 8

Elastic Load Balancers, Amazon CloudFront, Amazon API Gateway, Elastic Beanstalk, S3 Websites, Another Route53 Record (on same hosted zone)

Question 9

Can you set an Alias DNS record for an EC2 DNS name?

Answer 9

No

Question 10

What is the simple routing policy in Route 53?

Answer 10

Route traffic to a single resource. Can specify multiple values, a random one is chosen by the client (DNS response returns all)

Question 11

What is the weighted routing policy in Route 53?

Answer 11

Control the percentage of the requests that go to each resource. Determines what IP is returned.

Question 12

What is the latency-based routing policy in Route 53?

Answer 12

Selects the resource that has the least latency (can be used to select the closest location)

Question 13

What is the Route 53 health check feature?

Answer 13

For public resources only, checks the health of resources, if a resource goes down automated DNS failover happens

Question 14

In terms of Route 53 and health checks, how can you check the health of a private resource (something on a VPC)?

Answer 14

Create a cloud watch metric and associate a cloud watch alarm, then create a health check that checks the alarm itself

Question 15

What is the failover routing policy in Route 53?

Answer 15

When the primary resource is healthy it is returned as the DNS result, otherwise the secondary is returned. Uses health check (required for primary resource).

Question 16

What is the geolocation routing policy in Route 53?

Answer 16

Routing is based on users actual location, not based on latency. A default record should exist in case no location matched.

Question 17

What is the geoproximity routing policy in Route 53?

Answer 17

Routing based on how close a user is to a resource, a bias can be set to change the balance, for example two resources on opposite sides of a country, a positive bias on resource A will shift more traffic to A vs B.

Question 18

What is the IP based routing policy in Route 53?

Answer 18

Routing based on clients IP address, provide a list of CIDRs and the corresponding resources to map to. Use case: optimise performance, reduce network costs

Question 19

What is the multi-value routing policy in Route 53?

Answer 19

Route traffic to multiple resources, Route 53 returns multiple resources. Can be associated with health checks (return only healthy options). Have up to 8 records returned. Client side load balancing only, not a replacement for ELB.

Question 20

What is a VPC?

Answer 20

Virtual Private Cloud - private network to deploy your resources. You have a VPC per region.

Question 21

What is a VPC subnet?

Answer 21

A partition of your network within a VPC at the AZ level. You can have private or public subnets. Route Tables define access.

Question 22

How would you allow a resource in a private subnet to access the internet to download updates?

Answer 22

Add a NAT gateway in the public subnet, resources in the private subnet talk to the NAT gateway

Question 23

What is a NAT gateway?

Answer 23

Allows instances in your private subnets to access the internet while remaining private

Question 24

What is the ACL or NACL?

Answer 24

(Network) access control list - controls traffic from and to subnet using allow and deny rules, rules only include IP addresses

Question 25

What is VPC peering?

Answer 25

Lets you connect one VPC to another to make them behave as if they were on the same network. Must not have overlapping CIDR

Question 26

What are VPC Endpoints?

Answer 26

Allow you to connect to AWS services using a private network instead of public internet. Gives you enhanced security and lower latency.

Question 27

What two ways lets you connect an on-prem data centre to a VPC?

Answer 27

Site-to-site VPN and Direct Connect

Question 28

A web application hosted on a fleet of EC2 instances managed by an Auto Scaling Group. You are exposing this application through an Application Load Balancer. Both the EC2 instances and the ALB are deployed on a VPC with the following CIDR 192.168.0.0/18. How do you configure the EC2 instances’ security group to ensure only the ALB can access them on port 80?

Answer 28

Add an inbound rule with port 80 and ALB’s security group as the source