Amazon Route 53 Developer Guide

User Manual:

Open the PDF directly: View PDF PDF.
Page Count: 333

DownloadAmazon Route 53 Developer Guide
Open PDF In BrowserView PDF
Amazon Route 53
Developer Guide
API Version 2013-04-01

Amazon Route 53 Developer Guide

Amazon Route 53: Developer Guide
Copyright © 2016 Amazon Web Services, Inc. and/or its affiliates. All rights reserved.
Amazon's trademarks and trade dress may not be used in connection with any product or service that is not Amazon's, in any manner
that is likely to cause confusion among customers, or in any manner that disparages or discredits Amazon. All other trademarks not
owned by Amazon are the property of their respective owners, who may or may not be affiliated with, connected to, or sponsored by
Amazon.

Amazon Route 53 Developer Guide

Table of Contents
What Is Amazon Route 53? ............................................................................................................. 1
Domain Registration .............................................................................................................. 1
DNS Service ........................................................................................................................ 1
Health Checking .................................................................................................................... 2
DNS Domain Name Format ..................................................................................................... 2
Formatting Domain Names for Domain Name Registration ................................................... 2
Formatting Domain Names for Hosted Zones and Resource Record Sets ................................ 3
Using an Asterisk (*) in the Names of Hosted Zones and Resource Record Sets ...................... 3
Formatting Internationalized Domain Names ...................................................................... 4
Supported DNS Resource Record Types ................................................................................... 4
A Format ..................................................................................................................... 5
AAAA Format ............................................................................................................... 5
CNAME Format ............................................................................................................ 5
MX Format ................................................................................................................... 6
NS Format ................................................................................................................... 6
PTR Format ................................................................................................................. 6
SOA Format ................................................................................................................. 7
SPF Format .................................................................................................................. 7
SRV Format ................................................................................................................. 7
TXT Format .................................................................................................................. 8
IP Address Ranges of Amazon Route 53 Servers ....................................................................... 8
DNS Constraints and Behaviors ............................................................................................... 8
Maximum Response Size ............................................................................................... 8
Authoritative Section Processing ...................................................................................... 8
Additional Section Processing .......................................................................................... 9
Amazon Route 53 Pricing ....................................................................................................... 9
AWS Identity and Access Management ..................................................................................... 9
Getting Started ............................................................................................................................ 10
The Amazon Route 53 Console .............................................................................................. 10
The Amazon Route 53 API .................................................................................................... 11
AWS SDKs that Support Amazon Route 53 .............................................................................. 11
AWS Command Line Interface Support for Amazon Route 53 ...................................................... 11
AWS Tools for Windows PowerShell Support for Amazon Route 53 ............................................... 12
Registering Domain Names Using Amazon Route 53 ......................................................................... 13
Registering and Updating Domains ......................................................................................... 14
Registering a New Domain ............................................................................................ 14
Values that You Specify When You Register a Domain or Edit Domain Settings ....................... 16
Values that Amazon Route 53 Returns When You Register or Update a Domain ..................... 19
Viewing the Status of a Domain Registration .................................................................... 20
Adding Resource Record Sets for a New Domain .............................................................. 20
Editing Contact Information and Other Settings for a Domain ............................................... 20
Adding or Changing Name Servers and Adding or Changing Glue Records ........................... 22
Privacy Protection for Contact Information ................................................................................ 22
Renewing Registration for a Domain ....................................................................................... 23
Renewing or Restoring an Expired Domain ...................................................................... 25
Extending the Registration Period for a Domain ......................................................................... 26
Transferring Domains ........................................................................................................... 27
Transferring Domain Registration to Amazon Route 53 ....................................................... 27
Viewing the Status of a Domain Transfer .......................................................................... 30
How Transferring a Domain to Amazon Route 53 Affects the Expiration Date .......................... 32
Transferring a Domain to a Different AWS Account ............................................................ 32
Transferring a Domain from Amazon Route 53 .................................................................. 33
Configuring DNSSEC for a Domain ......................................................................................... 35
Overview of How DNSSEC Protects Your Domain .............................................................. 36
Prerequisites and Limits for Configuring DNSSEC for a Domain ........................................... 37
API Version 2013-04-01
iii

Amazon Route 53 Developer Guide

Adding Public Keys for a Domain .................................................................................... 37
Deleting Public Keys for a Domain .................................................................................. 38
Getting a Domain Name Unsuspended .................................................................................... 39
Deleting a Domain Name Registration ..................................................................................... 40
Downloading a Domain Billing Report ...................................................................................... 40
Domains that You Can Register with Amazon Route 53 .............................................................. 41
Generic Top-Level Domains ........................................................................................... 41
Geographic Domains .................................................................................................. 122
Configuring Amazon Route 53 as Your DNS Service ........................................................................ 141
Migrating DNS Service for an Existing Domain to Amazon Route 53 ........................................... 141
Creating a Hosted Zone .............................................................................................. 142
Getting Your Current DNS Configuration from Your DNS Service Provider ............................ 142
Creating Resource Record Sets ................................................................................... 143
Checking the Status of Your Changes (API Only) ............................................................. 143
Updating Your Registrar's Name Servers ........................................................................ 143
Waiting for Your Changes to Take Effect ......................................................................... 144
Creating a Subdomain That Uses Amazon Route 53 as the DNS Service without Migrating the Parent
Domain ............................................................................................................................ 145
Creating a Hosted Zone for the New Subdomain ............................................................. 145
Creating Resource Record Sets ................................................................................... 146
Checking the Status of Your Changes (API Only) ............................................................. 146
Updating Your DNS Service with Name Server Records for the Subdomain .......................... 146
Migrating DNS Service for a Subdomain to Amazon Route 53 without Migrating the Parent
Domain ............................................................................................................................ 147
Creating a Hosted Zone for the Subdomain .................................................................... 147
Getting Your Current DNS Configuration from Your DNS Service Provider ............................ 148
Creating Resource Record Sets ................................................................................... 148
Checking the Status of Your Changes (API Only) ............................................................. 148
Updating Your DNS Service with Name Server Records for the Subdomain .......................... 149
Routing Traffic to AWS Resources ................................................................................................. 151
Routing Traffic to an Amazon CloudFront Distribution (Public Hosted Zones Only) ......................... 151
Routing Traffic to an AWS Elastic Beanstalk Environment .......................................................... 152
Deploying an Application into an Elastic Beanstalk Environment ......................................... 153
Getting the Domain Name for Your Elastic Beanstalk Environment ...................................... 153
Creating an Amazon Route 53 Resource Record Set ....................................................... 153
Routing Traffic to an Elastic Load Balancing Load Balancer ....................................................... 155
Routing Traffic to an Amazon EC2 Instance ............................................................................ 156
Routing Traffic to a Website That Is Hosted in an Amazon S3 Bucket ........................................... 156
Opening Connections to an Amazon RDS Database Instance Using Your Domain Name ................ 157
Prerequisites ............................................................................................................. 157
Configuring Amazon Route 53 So You Can Use Your Domain Name to Open Connections ...... 157
Routing Traffic to Amazon WorkMail (Public Hosted Zones Only) ................................................ 159
Working with Public Hosted Zones ................................................................................................ 162
Creating a Public Hosted Zone ............................................................................................. 162
Getting the Name Servers for a Public Hosted Zone ................................................................. 163
Listing Public Hosted Zones ................................................................................................. 164
Deleting a Public Hosted Zone ............................................................................................. 164
Configuring White Label Name Servers .................................................................................. 165
NS and SOA Resource Record Sets that Amazon Route 53 Creates for a Public Hosted Zone ........ 169
The Name Server (NS) Resource Record Set ................................................................. 169
The Start of Authority (SOA) Resource Record Set .......................................................... 170
Working with Private Hosted Zones ............................................................................................... 171
Creating a Private Hosted Zone ............................................................................................ 172
Listing Private Hosted Zones ................................................................................................ 174
Associating More Amazon VPCs with a Private Hosted Zone ..................................................... 174
Associating Amazon VPCs and Private Hosted Zones That You Create with Different AWS
Accounts .......................................................................................................................... 175
Disassociating Amazon VPCs from a Private Hosted Zone ........................................................ 176
API Version 2013-04-01
iv

Amazon Route 53 Developer Guide

Deleting a Private Hosted Zone ............................................................................................
Working with Resource Record Sets .............................................................................................
Choosing a Routing Policy ...................................................................................................
Weighted Routing ......................................................................................................
Latency-Based Routing ...............................................................................................
Geolocation Routing ...................................................................................................
Choosing Between Alias and Non-Alias Resource Record Sets ..................................................
Creating Resource Record Sets by Using the Amazon Route 53 Console ....................................
Values that You Specify When You Create or Edit Amazon Route 53 Resource Record Sets ............
Values for Basic Resource Record Sets .........................................................................
Values for Weighted Resource Record Sets ....................................................................
Values for Alias Resource Record Sets ..........................................................................
Values for Weighted Alias Resource Record Sets ............................................................
Values for Latency Resource Record Sets ......................................................................
Values for Latency Alias Resource Record Sets ..............................................................
Values for Failover Resource Record Sets ......................................................................
Values for Failover Alias Resource Record Sets ..............................................................
Values for Geolocation Resource Record Sets ................................................................
Values for Geolocation Alias Resource Record Sets .........................................................
Creating Resource Record Sets By Importing a Zone File .........................................................
Editing Resource Record Sets ..............................................................................................
Deleting Resource Record Sets ............................................................................................
Listing Resource Record Sets ..............................................................................................
Using Traffic Flow to Route DNS Traffic ..........................................................................................
Creating and Managing Traffic Policies ...................................................................................
Creating a Traffic Policy ...............................................................................................
Values that You Specify When You Create a Traffic Policy ..................................................
Creating Additional Versions of a Traffic Policy .................................................................
Creating a Traffic Policy by Importing a JSON Document ...................................................
Viewing Traffic Policy Versions and the Associated Policy Records ......................................
Deleting Traffic Policy Versions and Traffic Policies ...........................................................
Creating and Managing Policy Records ..................................................................................
Creating Policy Records ..............................................................................................
Values that You Specify When You Create or Update a Policy Record ..................................
Updating Policy Records .............................................................................................
Deleting Policy Records ..............................................................................................
Health Checks and DNS Failover ..................................................................................................
Creating, Updating, and Deleting Health Checks .....................................................................
Creating and Updating Health Checks ...........................................................................
Deleting Health Checks ...............................................................................................
Updating or Deleting Health Checks when DNS Failover Is Configured ................................
Configuring Router and Firewall Rules for Amazon Route 53 Health Checks .........................
How Amazon Route 53 Determines Whether an Endpoint Is Healthy ...................................
Monitoring Health Check Status and Getting Notifications .........................................................
Viewing Health Check Status and the Reason for Health Check Failures ..............................
Monitoring the Latency Between Health Checkers and Your Endpoint ..................................
Monitoring Health Checks Using CloudWatch .................................................................
Configuring DNS Failover ....................................................................................................
How Health Checks Work in Simple Amazon Route 53 Configurations .................................
How Health Checks Work in Complex Amazon Route 53 Configurations ..............................
Task List for Configuring DNS Failover ...........................................................................
Configuring Failover in a Private Hosted Zone .................................................................
Options for Configuring Amazon Route 53 Active-Active and Active-Passive Failover .............
How Amazon Route 53 Averts Failover Problems .............................................................
Naming and Tagging Health Checks ......................................................................................
Tag Restrictions .........................................................................................................
Adding, Editing, and Deleting Tags for Health Checks .......................................................
Using API Versions Before 2012-12-12 ..................................................................................
API Version 2013-04-01
v

177
178
179
179
180
181
182
184
186
186
189
192
196
202
206
212
215
220
224
230
232
232
233
234
235
235
236
238
239
240
241
242
242
243
243
244
245
245
246
253
253
254
254
255
255
256
257
261
262
264
269
270
271
274
275
275
275
276

Amazon Route 53 Developer Guide

Authentication and Access Control ................................................................................................
Authentication ...................................................................................................................
Access Control ..................................................................................................................
Overview of Managing Access .............................................................................................
ARNs for Amazon Route 53 Resources .........................................................................
Understanding Resource Ownership .............................................................................
Managing Access to Resources ....................................................................................
Specifying Policy Elements: Resources, Actions, Effects, and Principals ..............................
Specifying Conditions in a Policy ...................................................................................
Using IAM Policies for Amazon Route 53 ................................................................................
Permissions Required to Use the Amazon Route 53 Console ............................................
AWS Managed (Predefined) Policies for Amazon Route 53 ................................................
Customer Managed Policy Examples .............................................................................
Amazon Route 53 API Permissions Reference ........................................................................
Required Permissions for Actions on Public Hosted Zones ................................................
Required Permissions for Actions on Private Hosted Zones ...............................................
Required Permissions for Actions on Reusable Delegation Sets .........................................
Required Permissions for Actions on Resource Record Sets ..............................................
Required Permissions for Actions on Traffic Policies .........................................................
Required Permissions for Actions on Traffic Policy Instances ..............................................
Required Permissions for Actions on Health Checks .........................................................
Required Permissions for Actions on Domain Registrations ...............................................
Required Permissions for Actions on Tags for Hosted Zones and Health Checks ...................
Required Permissions for Actions on Tags for Domains .....................................................
Capturing API Requests with CloudTrail .........................................................................................
Configuring CloudTrail for Amazon Route 53 ...........................................................................
Amazon Route 53 Information in CloudTrail Log Files ...............................................................
Understanding Amazon Route 53 Log File Entries ...................................................................
Tagging Amazon Route 53 Resources ...........................................................................................
Tutorials ...................................................................................................................................
Transitioning to Latency-Based Routing in Amazon Route 53 .....................................................
Adding Another Region to Your Latency-Based Routing in Amazon Route 53 ................................
Using Latency and Weighted Resource Record Sets in Amazon Route 53 to Route Traffic to Multiple
Amazon EC2 Instances in a Region ......................................................................................
Managing Over 100 Weighted Resource Record Sets in Amazon Route 53 ..................................
Weighting Fault-Tolerant Multi-Record Answers in Amazon Route 53 ..........................................
Limits .......................................................................................................................................
Limits on API Requests .......................................................................................................
Limits on Entities ................................................................................................................
Resources ................................................................................................................................
AWS Resources ................................................................................................................
Third-Party Tools and Libraries .............................................................................................
Graphical User Interfaces ....................................................................................................
Document History ......................................................................................................................
AWS Glossary ...........................................................................................................................

API Version 2013-04-01
vi

277
277
278
279
279
280
280
282
282
283
284
286
286
288
289
290
290
291
291
292
293
293
295
295
296
296
297
297
302
303
303
305
306
307
307
309
309
310
311
311
312
313
314
327

Amazon Route 53 Developer Guide
Domain Registration

What Is Amazon Route 53?
Amazon Route 53 performs three main functions:
• Domain registration – Amazon Route 53 lets you register domain names such as example.com.
• Domain Name System (DNS) service – Amazon Route 53 translates friendly domains names like
www.example.com into IP addresses like 192.0.2.1. Amazon Route 53 responds to DNS queries using
a global network of authoritative DNS servers, which reduces latency.
• Health checking – Amazon Route 53 sends automated requests over the Internet to your application
to verify that it's reachable, available, and functional.
You can use any combination of these functions. For example, you can use Amazon Route 53 as both
your registrar and your DNS service, or you can use Amazon Route 53 as the DNS service for a domain
that you registered with another domain registrar.

Domain Registration
If you want to create a website, you start by registering the name of your website, known as a domain
name.Your domain name is the name, such as example.com, that your users enter in a browser to display
your website. For more information, see Registering Domain Names Using Amazon Route 53 (p. 13).
If you already registered a domain name with another registrar, you can optionally transfer the domain
registration to Amazon Route 53. This isn't required to use Amazon Route 53 as your DNS service or to
configure health checking for your resources. For more information, see Transferring Registration for a
Domain to Amazon Route 53 (p. 27).
Amazon Route 53 supports domain registration for a wide variety of generic top-level domains (such as
.com or .org) and geographic top-level domains (such as .be or .us). For a complete list of supported
top-level domains, see Domains that You Can Register with Amazon Route 53 (p. 41).

DNS Service
Amazon Route 53 is an authoritative DNS service, meaning that it routes Internet traffic to your website
by translating friendly domain names like www.example.com into the numeric IP addresses like 192.0.2.1
that computers use to connect to each other. When someone enters your domain name in a browser or
sends you email, a DNS request is forwarded to the nearest Amazon Route 53 DNS server in a global
API Version 2013-04-01
1

Amazon Route 53 Developer Guide
Health Checking

network of authoritative DNS servers. Amazon Route 53 responds with the IP address that you specified.
For a list of the locations of Amazon Route 53 DNS servers, see The Amazon Route 53 Global Network
section on the Amazon Route 53 Product Details page.
If you register a new domain name with Amazon Route 53, we automatically configure Amazon Route 53
as the DNS service for the domain, and we create a hosted zone for your domain. You add resource
record sets to the hosted zone, which define how you want Amazon Route 53 to respond to DNS queries
for your domain—for example, with the IP address for a web server, the IP address for the nearest
CloudFront edge location, or the IP address for an Elastic Load Balancing load balancer. For more
information, see Working with Resource Record Sets (p. 178).
If you registered your domain with another domain registrar, that registrar is likely providing the DNS
service for your domain. You can transfer DNS service to Amazon Route 53, either with or without
transferring registration for the domain. For information about transferring DNS service to Amazon
Route 53, see Configuring Amazon Route 53 as Your DNS Service (p. 141).
If you're using Amazon CloudFront, AWS Elastic Beanstalk, Elastic Load Balancing, or Amazon S3, you
can configure Amazon Route 53 to route Internet traffic to those resources. There's no charge for the
DNS queries that Amazon Route 53 routes to CloudFront, Elastic Beanstalk, Elastic Load Balancing, or
Amazon S3. For information about routing queries to a variety of AWS resources, including Amazon EC2
instances, Amazon RDS databases, and Amazon WorkMail, see Routing Traffic to AWS Resources (p. 151).

Health Checking
Amazon Route 53 health checks monitor the health of your resources such as web servers and email
servers. You can configure CloudWatch alarms for your health checks, so that you receive notification
when a resource becomes unavailable. You can also configure Amazon Route 53 to route Internet traffic
away from resources that are unavailable. For more information about using Amazon Route 53 to monitor
the health of your resources, see Amazon Route 53 Health Checks and DNS Failover (p. 245).

DNS Domain Name Format
Domain names (including the names of domains, hosted zones, and resource record sets) consist of a
series of labels separated by dots. Each label can be up to 63 bytes long. The total length of a domain
name cannot exceed 255 bytes, including the dots. Amazon Route 53 supports any valid domain name.
Naming requirements depend on whether you're registering a domain name or you're specifying the name
of a hosted zone or a resource record set. See the applicable topic.
Topics
• Formatting Domain Names for Domain Name Registration (p. 2)
• Formatting Domain Names for Hosted Zones and Resource Record Sets (p. 3)
• Using an Asterisk (*) in the Names of Hosted Zones and Resource Record Sets (p. 3)
• Formatting Internationalized Domain Names (p. 4)

Formatting Domain Names for Domain Name
Registration
For domain name registration, a domain name can contain only the characters a-z, 0-9, and – (hyphen).
You can't specify a hyphen at the beginning or end of a label.

API Version 2013-04-01
2

Amazon Route 53 Developer Guide
Formatting Domain Names for Hosted Zones and
Resource Record Sets

For information about how to register an internationalized domain name (IDN), see Formatting
Internationalized Domain Names (p. 4).

Formatting Domain Names for Hosted Zones and
Resource Record Sets
For hosted zones and resource record sets, the domain name can include any of the following printable
ASCII characters (excluding spaces):
• a-z
• 0-9
• - (hyphen)
• !"#$%&'()*+,-/:;<=>?@[\]^_`{|}~.
Amazon Route 53 stores alphabetic characters as lowercase letters (a-z), regardless of how you specify
them: as uppercase letters, lowercase letters, or the corresponding letters in escape codes.
If your domain name contains any of the following characters, you must specify the characters by using
escape codes in the format \three-digit octal code:
• Characters 000 to 040 octal (0 to 32 decimal, 0x00 to 0x20 hexadecimal)
• Characters 177 to 377 octal (127 to 255 decimal, 0x7F to 0xFF hexadecimal)
• . (period), character 056 octal (46 decimal, 0x2E hexadecimal), when used as a character in a domain
name. When using . as a delimiter between labels, you do not need to use an escape code.
For example, to create a hosted zone for exämple.com, you specify ex\344mple.com.
If the domain name includes any characters other than a to z, 0 to 9, - (hyphen), or _ (underscore), Amazon
Route 53 API actions return the characters as escape codes.This is true whether you specify the characters
as characters or as escape codes when you create the entity. The Amazon Route 53 console displays
the characters as characters, not as escape codes.
For a list of ASCII characters the corresponding octal codes, do an Internet search on "ascii table".
To specify an internationalized domain name (IDN), convert the name to Punycode. For more information,
see Formatting Internationalized Domain Names (p. 4).

Using an Asterisk (*) in the Names of Hosted Zones
and Resource Record Sets
You can create hosted zones that include * in the name. Note the following:
• You can't include an * in the leftmost label in a domain name. For example, *.example.com is not
allowed.
• If you include * in other positions, DNS treats it as an * character (ASCII 42), not as a wildcard.
You can also create resource record sets that include * in the name. DNS treats the * character either as
a wildcard or as the * character (ASCII 42), depending on where it appears in the name. Note the following
restrictions on using * as a wildcard in the name of resource record sets:
• The * must replace the leftmost label in a domain name, for example, *.example.com. It can't replace
any of the middle labels, for example, marketing.*.example.com.

API Version 2013-04-01
3

Amazon Route 53 Developer Guide
Formatting Internationalized Domain Names

• The * must replace the entire label. For example, you can't specify *prod.example.com or
prod*.example.com.
• You can't use the * as a wildcard for resource records sets that have a type of NS.
For resource record sets, if you include * in any position other than the leftmost label in a domain name,
DNS treats it as an * character (ASCII 42), not as a wildcard.

Formatting Internationalized Domain Names
When you register a new domain name or create hosted zones and resource record sets, you can specify
characters in other alphabets (for example, Cyrillic or Arabic) and characters in Chinese, Japanese, or
Korean. Amazon Route 53 stores these internationalized domain names (IDNs) in Punycode, which
represents Unicode characters as ASCII strings.
The following example shows the Punycode representation of the internationalized domain name

.asia:

xn--fiqs8s.asia

When you enter an IDN in the address bar of a modern browser, the browser converts it to Punycode
before submitting a DNS query or making an HTTP request.
How you enter an IDN depends on what you're creating (domain names, hosted zones, or resource record
sets), and how you're creating it (API, SDK, or Amazon Route 53 console):
• If you're using the Amazon Route 53 API or one of the AWS SDKs, you can programmatically convert
a Unicode value to Punycode. For example, if you're using Java, you can convert a Unicode value to
Punycode by using the toASCII method of the java.net.IDN library.
• If you're using the Amazon Route 53 console to register a domain name, you can paste the name,
including Unicode characters, into the name field, and the console converts the value to Punycode
before saving it.
• If you're using the Amazon Route 53 console to create hosted zones or resource record sets, you need
to convert the domain name to Punycode before you enter the name in the applicable Name field. For
information about online converters, perform an Internet search on "punycode converter".
If you're registering a domain name, note that not all top-level domains (TLDs) support IDNs. For a list
of TLDs supported by Amazon Route 53, see Domains that You Can Register with Amazon
Route 53 (p. 41). TLDs that don't support IDNs are noted.

Supported DNS Resource Record Types
Amazon Route 53 supports the DNS resource record types that are listed in this section. Each record
type also includes an example of how to format the Value element when you are accessing Amazon
Route 53 using the API.

Note
For resource record types that include a domain name, enter a fully qualified domain name, for
example, www.example.com. The trailing dot is optional; Amazon Route 53 assumes that the
domain name is fully qualified. This means that Amazon Route 53 treats www.example.com
(without a trailing dot) and www.example.com. (with a trailing dot) as identical.
Topics
• A Format (p. 5)
• AAAA Format (p. 5)

API Version 2013-04-01
4

Amazon Route 53 Developer Guide
A Format

• CNAME Format (p. 5)
• MX Format (p. 6)
• NS Format (p. 6)
• PTR Format (p. 6)
• SOA Format (p. 7)
• SPF Format (p. 7)
• SRV Format (p. 7)
• TXT Format (p. 8)

A Format
The value for an A record is an IPv4 address in dotted decimal notation.
Example for the Amazon Route 53 console
192.0.2.1

Example for the Amazon Route 53 API
192.0.2.1

AAAA Format
The value for a AAAA record is an IPv6 address in colon-separated hexadecimal format.
Example for the Amazon Route 53 console
2001:0db8:85a3:0:0:8a2e:0370:7334

Example for the Amazon Route 53 API
2001:0db8:85a3:0:0:8a2e:0370:7334

CNAME Format
A CNAME Value element is the same format as a domain name.

Important
The DNS protocol does not allow you to create a CNAME record for the top node of a DNS
namespace, also known as the zone apex. For example, if you register the DNS name
example.com, the zone apex is example.com. You cannot create a CNAME record for
example.com, but you can create CNAME records for www.example.com,
newproduct.example.com, and so on.
In addition, if you create a CNAME record for a subdomain, you cannot create any other resource
record sets for that subdomain. For example, if you create a CNAME for www.example.com,
you cannot create any other resource record sets for which the value of the Name field is
www.example.com.
Amazon Route 53 also supports alias resource record sets, which allow you to route queries to a CloudFront
distribution, an Elastic Beanstalk environment, an ELB load balancer, an Amazon S3 bucket that is
configured as a static website, or another Amazon Route 53 resource record set. Aliases are similar in
API Version 2013-04-01
5

Amazon Route 53 Developer Guide
MX Format

some ways to the CNAME resource record type; however, you can create an alias for the zone apex. For
more information, see Choosing Between Alias and Non-Alias Resource Record Sets (p. 182).
Example for the Amazon Route 53 console
hostname.example.com

Example for the Amazon Route 53 API
hostname.example.com

MX Format
The value for an MX record contains a decimal number that represents the priority of the MX record, and
the domain name of an email server.
Example for the Amazon Route 53 console
10 mail.example.com

Example for the Amazon Route 53 API
10 mail.example.com

NS Format
An NS record identifies the name servers for the hosted zone. The value for an NS record is the domain
name of a name server. For more information about NS records, see NS and SOA Resource Record
Sets that Amazon Route 53 Creates for a Public Hosted Zone (p. 169). For information about configuring
white label name servers, see Configuring White Label Name Servers (p. 165).
Example for the Amazon Route 53 console
ns-1.example.com

Example for the Amazon Route 53 API
ns-1.example.com

PTR Format
A PTR record Value element is the same format as a domain name.
Example for the Amazon Route 53 console
hostname.example.com

Example for the Amazon Route 53 API

API Version 2013-04-01
6

Amazon Route 53 Developer Guide
SOA Format

hostname.example.com

SOA Format
A start of authority (SOA) record provides information about a domain and the corresponding Amazon
Route 53 hosted zone. For information about the fields in an SOA record, see NS and SOA Resource
Record Sets that Amazon Route 53 Creates for a Public Hosted Zone (p. 169).
Example for the Amazon Route 53 console
ns-2048.awsdns-64.net hostmaster.awsdns.com 1 1 1 1 60

Example for the Amazon Route 53 API
ns-2048.awsdns-64.net hostmaster.awsdns.com 1 1 1 1 60

SPF Format
SPF records were formerly used to verify the identity of the sender of email messages. However, we no
longer recommend that you create resource record sets for which the record type is SPF. RFC 7208,
Sender Policy Framework (SPF) for Authorizing Use of Domains in Email, Version 1, has been updated
to say, "...[I]ts existence and mechanism defined in [RFC4408] have led to some interoperability issues.
Accordingly, its use is no longer appropriate for SPF version 1; implementations are not to use it." In RFC
7208, see section 14.1, The SPF DNS Record Type.
Instead of an SPF record, we recommend that you create a TXT record that contains the applicable value.
For more information about valid values, see Sender Policy Framework, SPF Record Syntax.
Example for the Amazon Route 53 console
"v=spf1 ip4:192.168.0.1/16 -all"

Example for the Amazon Route 53 API
"v=spf1 ip4:192.168.0.1/16 -all"

SRV Format
An SRV record Value element consists of four space-separated values.The first three values are decimal
numbers representing priority, weight, and port. The fourth value is a domain name. For information about
SRV record format, refer to the applicable documentation.
Example for the Amazon Route 53 console
10 5 80 hostname.example.com

Example for the Amazon Route 53 API
10 5 80 hostname.example.com

API Version 2013-04-01
7

Amazon Route 53 Developer Guide
TXT Format

TXT Format
A TXT record contains a space-separated list of double-quoted strings. A single string include a maximum
of 255 characters. In addition to the characters that are permitted unescaped in domain names, space
is allowed in TXT strings. All other octet values must be quoted in octal form. Unlike domain names, case
is preserved in character strings, meaning that Ab is not the same as aB. You can include a literal quote
in a string by preceding it with a \ character.
Example for the Amazon Route 53 console
"This string includes \"quotation marks\"." "The last character in this string
is an accented e specified in octal format: \351"

Example for the Amazon Route 53 API
"This string includes \"quotation marks\"." "The last character in this
string is an accented e specified in octal format: \351"

IP Address Ranges of Amazon Route 53 Servers
Amazon Web Services (AWS) publishes its current IP address ranges in JSON format. To view the current
ranges, download ip-ranges.json. For more information, see AWS IP Address Ranges in the Amazon
Web Services General Reference.
To find the IP address ranges that are associated with Amazon Route 53 name servers, search
ip-ranges.json for the following string:
"service": "ROUTE53"

To find the IP address ranges that are associated with Amazon Route 53 health checkers, search
ip-ranges.json for the following string:
"service": "ROUTE53_HEALTHCHECKS"

DNS Constraints and Behaviors
DNS messaging is subject to factors that affect how you create and use hosted zones and resource
record sets. This section explains these factors.

Maximum Response Size
To comply with DNS standards, responses sent over UDP are limited to 512 bytes in size. Responses
exceeding 512 bytes are truncated and the resolver must re-issue the request over TCP. If the resolver
supports EDNS0 (as defined in RFC 2671), and advertises the EDNS0 option to Amazon Route 53,
Amazon Route 53 permits responses up to 4096 bytes over UDP, without truncation.

Authoritative Section Processing
For successful queries, Amazon Route 53 appends name server (NS) resource record sets for the relevant
hosted zone to the Authority section of the DNS response. For names that are not found (NXDOMAIN

API Version 2013-04-01
8

Amazon Route 53 Developer Guide
Additional Section Processing

responses), Amazon Route 53 appends the start of authority (SOA) resource record set (as defined in
RFC 1035) for the relevant hosted zone to the Authority section of the DNS response.

Additional Section Processing
Amazon Route 53 appends resource record sets to the Additional section. If the records are known and
appropriate, the service appends A or AAAA resource record sets for any target of an MX, CNAME, NS,
or SRV record cited in the Answer section. For more information about these DNS record types, see
Supported DNS Resource Record Types (p. 4).

Amazon Route 53 Pricing
As with other AWS products, there are no contracts or minimum commitments for using Amazon
Route 53—you pay only for the hosted zones you configure and the number of queries that Amazon
Route 53 answers. For more information, see Amazon Route 53 Pricing.

AWS Identity and Access Management
Amazon Route 53 integrates with AWS Identity and Access Management (IAM), a service that lets your
organization do the following:
•
•
•
•
•

Create users and groups under your organization's AWS Account
Easily share your AWS Account resources between the users in the account
Assign unique security credentials to each user
Granularly control users access to services and resources
Get a single AWS bill for all users in the AWS Account

For example, you can use IAM with Amazon Route 53 to control which users in your AWS Account can
create a new hosted zone or change resource record sets.
For information about using Amazon Route 53 with IAM, see Authentication and Access Control for
Amazon Route 53 (p. 277).
For general information about IAM, go to:
• Identity and Access Management (IAM)
• IAM Getting Started Guide
• IAM User Guide

API Version 2013-04-01
9

Amazon Route 53 Developer Guide
The Amazon Route 53 Console

Getting Started with Amazon
Route 53
Getting started with Amazon Route 53 is easy: create an AWS account if you don't already have one,
register a domain, and create some resource record sets, all in the Amazon Route 53 console. For a
detailed explanation of the process, see Registering a New Domain (p. 14).

Note
If you want to migrate an existing domain or subdomain to use Amazon Route 53 as the DNS
service, see Configuring Amazon Route 53 as Your DNS Service (p. 141).
You can access Amazon Route 53 using the Amazon Route 53 console, the Amazon Route 53 API, AWS
SDKs, or the AWS command-line interface. For more information, see the applicable topic.
Topics
• The Amazon Route 53 Console (p. 10)
• The Amazon Route 53 API (p. 11)
• AWS SDKs that Support Amazon Route 53 (p. 11)
• AWS Command Line Interface Support for Amazon Route 53 (p. 11)
• AWS Tools for Windows PowerShell Support for Amazon Route 53 (p. 12)

The Amazon Route 53 Console
You can use the Amazon Route 53 console to create, delete, and list Amazon Route 53 hosted zones,
resource record sets, and health checks.

Note
Some ad-blocking plugins for web browsers interfere with Amazon Route 53 console operations,
which can cause the console to behave unpredictably. If you installed an ad-blocking plugin for
your browser, we recommend that you add the URL for the Amazon Route 53 console, https://
console.aws.amazon.com/route53/home, to the whitelist for the plugin.

To access the Amazon Route 53 console
•

Sign in to the AWS Management Console and open the Amazon Route 53 console at https://
console.aws.amazon.com/route53/.

API Version 2013-04-01
10

Amazon Route 53 Developer Guide
The Amazon Route 53 API

To display help for the Amazon Route 53 console
• To display help for a field, move the cursor over the field name.

•

To display help for the current page in the console, click the help icon,
the Amazon Route 53 console.

in the upper right corner of

The Amazon Route 53 API
The Amazon Route 53 API is a REST API that you can use to create, delete, and list Amazon Route 53
hosted zones and resource record sets. (When using the API, you change a resource record set by
deleting the existing one and creating a new one.) For information about the Amazon Route 53 API, see
the Amazon Route 53 API Reference. For information about how to use the API, including how to
authenticate REST requests, see Making API Requests in the Amazon Route 53 API Reference.

AWS SDKs that Support Amazon Route 53
The following AWS SDKs include a client for Amazon Route 53:
•
•
•
•
•

AWS SDK for Java version 1.2.13 and later. For more information, see AWS SDK for Java.
AWS SDK for .NET version 1.4.1 and later. For more information, see AWS SDK for .NET.
AWS SDK for PHP version 2.0.3 and later. For more information, see AWS SDK for PHP.
AWS SDK for Python version 2.0 and later. For more information, see boto on github.
AWS SDK for Ruby version 1.6.0 and later. For more information, see AWS SDK for Ruby.

AWS Command Line Interface Support for
Amazon Route 53
The AWS command line interface (AWS CLI) supports Amazon Route 53. For information about getting
set up to use the AWS CLI, see the AWS Command Line Interface User Guide. For information about
AWS CLI commands for Amazon Route 53, see route53 Available Commands in the AWS Command
Line Interface Reference.

API Version 2013-04-01
11

Amazon Route 53 Developer Guide
AWS Tools for Windows PowerShell Support for Amazon
Route 53

AWS Tools for Windows PowerShell Support for
Amazon Route 53
AWS Tools for Windows PowerShell supports Amazon Route 53. For more information, see AWS Tools
for Windows PowerShell Documentation.

API Version 2013-04-01
12

Amazon Route 53 Developer Guide

Registering Domain Names Using
Amazon Route 53
When you want to get a new domain name, such as the example.com part of the URL http://example.com,
you can register it with Amazon Route 53.You can also transfer the registration for existing domains from
other registrars to Amazon Route 53 or transfer the registration for domains that you register with Amazon
Route 53 to another registrar.
The procedures in this chapter explain how to register and transfer domains using the Amazon Route 53
console, and how to edit domain settings and view domain status. If you're only registering and managing
a few domains, using the console is the easiest way.
If you need to register and manage a lot of domains, you might prefer to use the Amazon Route 53 API
or one of the AWS SDKs. For more information about API actions for domain registration, see Actions
on Domain Registrations in the Amazon Route 53 API Reference. For a list of the AWS SDKs that support
Amazon Route 53 and for links to the corresponding SDK pages on the AWS website, see AWS SDKs
that Support Amazon Route 53 (p. 11).

Note
If you are using a language for which an AWS SDK exists, use the SDK rather than trying to
work your way through the APIs. The SDKs make authentication simpler, integrate easily with
your development environment, and provide easy access to Amazon Route 53 commands.
Domain name registration services are provided under our Domain Name Registration Agreement.
Topics
• Registering and Updating Domains (p. 14)
• Privacy Protection for Contact Information (p. 22)
• Renewing Registration for a Domain (p. 23)
• Extending the Registration Period for a Domain (p. 26)
•
•
•
•

Transferring Domains (p. 27)
Configuring DNSSEC for a Domain (p. 35)
Getting a Domain Name Unsuspended (p. 39)
Deleting a Domain Name Registration (p. 40)

• Downloading a Domain Billing Report (p. 40)
• Domains that You Can Register with Amazon Route 53 (p. 41)

API Version 2013-04-01
13

Amazon Route 53 Developer Guide
Registering and Updating Domains

Registering and Updating Domains
For information about registering new domains and updating the settings in existing domains, see the
applicable topic.
Topics
• Registering a New Domain (p. 14)
• Values that You Specify When You Register a Domain or Edit Domain Settings (p. 16)
• Values that Amazon Route 53 Returns When You Register or Update a Domain (p. 19)
• Viewing the Status of a Domain Registration (p. 20)
• Adding Resource Record Sets for a New Domain (p. 20)
• Editing Contact Information and Other Settings for a Domain (p. 20)
• Adding or Changing Name Servers and Adding or Changing Glue Records (p. 22)

Registering a New Domain
When you want to register a new domain using the Amazon Route 53 console, perform the following
procedure.

Important
When you register a domain with Amazon Route 53, we automatically create a hosted zone for
the domain to make it easier for you to use Amazon Route 53 as the DNS service provider for
your new domain. This hosted zone is where you store information about how to route traffic for
your domain, for example, to an Amazon EC2 instance or a CloudFront distribution. We charge
a small monthly fee for the hosted zone in addition to the annual charge for the domain
registration. If you don't want to use your domain right now, you can delete the hosted zone; if
you delete it within 12 hours of registering the domain, there won't be any charge for the hosted
zone on your AWS bill. We also charge a small fee for the DNS queries that we receive for your
domain. For more information, see Amazon Route 53 Pricing.

To register a new domain using Amazon Route 53
1.

2.
3.

By default, you can register up to five domains. If you want to register more than five domains, open
a case with the Support Center, and request an increase in the number of domains that you can
register.
Sign in to the AWS Management Console and open the Amazon Route 53 console at https://
console.aws.amazon.com/route53/.
If you're new to Amazon Route 53, under Domain Registration, choose Get Started Now.
If you're already using Amazon Route 53, in the navigation pane, choose Registered Domains.

4.
5.

Choose Register Domain.
Enter the domain name that you want to register, and choose Check to find out whether the domain
name is available.

6.

For information about how to specify characters other than a-z, 0-9, and - (hyphen) and how to specify
internationalized domain names, see DNS Domain Name Format (p. 2).
If the domain is available, choose Add to cart. The domain name appears in your shopping cart.

7.

The Availability for popular TLDs list shows other domains that you might want to register instead
of your first choice (if it's not available) or in addition to your first choice. Choose Add to cart for
each additional domain that you want to register, up to a maximum of five domains.
In the shopping cart, choose the number of years that you want to register the domain for.

8.

To register more domains, repeat steps 5 through 7.
API Version 2013-04-01
14

Amazon Route 53 Developer Guide
Registering a New Domain

9. Choose Continue.
10. On the Contact Details for Your n Domains page, enter contact information for the domain registrant,
administrator, and technical contacts. The values that you enter here are applied to all of the domains
that you're registering.
By default, we use the same information for all three contacts. If you want to enter different information
for one or more contacts, change the value of My Registrant, Administrative, and Technical
Contacts are all the same to No.
If you're registering more than one domain, we use the same contact information for all of the domains.
For more information, see Values that You Specify When You Register a Domain or Edit Domain
Settings (p. 16).
11. For some top-level domains (TLDs), we're required to collect additional information. For these TLDs,
enter the applicable values after the Postal/Zip Code field.
12. Choose whether you want to hide your contact information from WHOIS queries. For more information,
see the following topics:
• Privacy Protection for Contact Information (p. 22)
• Domains that You Can Register with Amazon Route 53 (p. 41)

13. Choose Continue.
14. Review the information that you entered, read the terms of service, and select the check box to
confirm that you've read the terms of service.
15. Choose Complete Purchase.
We send an email to the registrant for the domain to verify that the registrant contact can be reached
at the email address that you specified. (This is an ICANN requirement.) The email comes from one
of the following email addresses:
• noreply@registrar.amazon.com – for TLDs registered by Amazon Registrar.
• noreply@domainnameverification.net – for TLDs registered by our registrar associate, Gandi.
To determine who the registrar is for your TLD, see Domains that You Can Register with Amazon
Route 53 (p. 41).

Important
The registrant contact must follow the instructions in the email to confirm that the email was
received, or we must suspend the domain as required by ICANN. When a domain is
suspended, it's not accessible on the Internet.
You'll receive another email when your domain registration has been approved. To determine the
current status of your request, see Viewing the Status of a Domain Registration (p. 20).
16. When domain registration is complete, your next step depends on whether you want to use Amazon
Route 53 or another DNS service as the DNS service for the domain:
• Amazon Route 53 – Create resource record sets to tell Amazon Route 53 how you want to route
traffic for the domain. For more information, see Adding Resource Record Sets for a New
Domain (p. 20).
• Another DNS service – Configure your new domain to route DNS queries to the other DNS service.
Perform the procedure To update the name servers for your domain when you want to use another
DNS service (p. 16).

API Version 2013-04-01
15

Amazon Route 53 Developer Guide
Values that You Specify When You Register a Domain
or Edit Domain Settings

To update the name servers for your domain when you want to use another DNS service
1.

Use the process that is provided by your DNS service to get the name servers for the domain.

2.

Sign in to the AWS Management Console and open the Amazon Route 53 console at https://
console.aws.amazon.com/route53/.
In the navigation pane, choose Registered Domains.
Choose the name of the domain that you want to configure to use another DNS service.

3.
4.
5.
6.

Choose Add/Edit Name Servers.
Change the names of the name servers to the name servers that you got from your DNS service in
step 1.

7.
8.

Choose Update.
(Optional) Delete the hosted zone that Amazon Route 53 created automatically when you registered
your domain. This prevents you from being charged for a hosted zone that you aren't using.
a.

In the navigation pane, choose Hosted Zones.

b.
c.
d.

Select the radio button for the hosted zone that has the same name as your domain.
Choose Delete Hosted Zone.
Choose Confirm to confirm that you want to delete the hosted zone.

Values that You Specify When You Register a
Domain or Edit Domain Settings
When you register a domain, transfer domain registration to Amazon Route 53, or edit the settings for a
domain, you specify the values that are described in this topic.
If you change contact information for the domain, we send an email notification to the registrant contact
about the change. This email comes from route53-dev-admin@amazon.com. For most changes, the
registrant contact is not required to respond.
For changes to contact information that also constitute a change in ownership, we send the registrant
contact an additional email. ICANN requires that the registrant contact confirm receiving the email. For
more information, see First Name, Last Name and Organization later in this section.
If you're registering more than one domain, Amazon Route 53 uses the values that you specify for all of
the domains that are in your shopping cart.
My Registrant, Administrative, and Technical contacts are all the same
Specifies whether you want to use the same contact information for the registrant of the domain, the
administrative contact, and the technical contact.
Contact Type
Category for this contact. If you choose an option other than Person, you must enter an organization
name.
For some TLDs, the privacy protection available depends on the value that you choose for Contact
Type. For the privacy protection settings for your TLD, see Domains that You Can Register with
Amazon Route 53 (p. 41).
First Name, Last Name
The first and last names of the contact.

API Version 2013-04-01
16

Amazon Route 53 Developer Guide
Values that You Specify When You Register a Domain
or Edit Domain Settings

When the contact type is Person and you change the First Name and/or Last Name fields for the
registrant contact, you change the owner of the domain. ICANN requires that we email the registrant
contact to get approval. The email comes from one of the following email addresses:
TLDs

Email address that approval email comes from

TLDs registered by
Amazon Registrar

noreply@registrar.amazon.com

.com.au and .net.au

domains@tppwholesale.com.au

.fr

nic@nic.fr (The email is sent both to the current registrant contact and the
new registrant contact.)

All others

noreply@domainnameverification.net

To determine who the registrar is for your TLD, see Domains that You Can Register with Amazon
Route 53 (p. 41).

Important
The registrant contact must follow the instructions in the email to confirm that the email was
received, or we must suspend the domain as required by ICANN. When a domain is
suspended, it's not accessible on the Internet.
If you change the email address of the registrant contact, this email is sent to the former email address
and the new email address for the registrant contact.
Some TLD registrars charge a fee for changing the domain owner. When you change one of these
values, the Amazon Route 53 console displays a message that tells you whether there is a fee.
Organization
The organization that is associated with the contact, if any. For the registrant and administrative
contacts, this is typically the organization that is registering the domain. For the technical contact,
this might be the organization that manages the domain.
When the contact type is any value except Person and you change the Organization field for the
registrant contact, you change the owner of the domain. ICANN requires that we email the registrant
contact to get approval. The email comes from one of the following email addresses:
TLDs

Email address that approval email comes from

TLDs registered by
Amazon Registrar

noreply@registrar.amazon.com

.com.au and .net.au

domains@tppwholesale.com.au

.fr

nic@nic.fr (The email is sent both to the current registrant contact and the
new registrant contact.)

All others

noreply@domainnameverification.net

To determine who the registrar is for your TLD, see Domains that You Can Register with Amazon
Route 53 (p. 41).
If you change the email address of the registrant contact, this email is sent to the former email address
and the new email address for the registrant contact.

API Version 2013-04-01
17

Amazon Route 53 Developer Guide
Values that You Specify When You Register a Domain
or Edit Domain Settings

Some TLD registrars charge a fee for changing the domain owner. When you change the value of
Organization, the Amazon Route 53 console displays a message that tells you whether there is a
fee.
Email
The email address for the contact.
If you change the email address for the registrant contact, we send a notification email to the former
email address and the new email address.This email comes from route53-dev-admin@amazon.com.
Phone
The phone number for the contact:
• If you're entering a phone number for locations in the United States or Canada, enter 1 in the first
field and the 10-digit area code and phone number in the second field.
• If you're entering a phone number for any other location, enter the country code in the first field,
and enter the rest of the phone number in the second field. See CountryCode.org for a list of phone
country codes, for example, 423 for Liechtenstein.
Address 1
The street address for the contact.
Address 2
Additional address information for the contact, for example, apartment number or mail stop.
Country
The country for the contact.
State
The state or province for the contact, if any.
City
The city for the contact.
Postal/Zip code
The postal or zip code for the contact.
Fields for selected top-level domains
Some top-level domains require that you specify additional values.
Privacy Protection
Whether you want to conceal your contact information from WHOIS queries. If you select Hide
contact information, WHOIS ("who is") queries will return contact information for the registrar or
the value "Protected by policy."
If you select Don't hide contact information, you'll get more email spam at the email address that
you specified.
Anyone can send a WHOIS query for a domain and get back all of the contact information for that
domain. The WHOIS command is available in many operating systems, and it's also available as a
web application on many websites.

Important
Although there are legitimate users for the contact information associated with your domain,
the most common users are spammers, who target domain contacts with unwanted email
and bogus offers. In general, we recommend that you choose Hide contact information
for Privacy Protection.
For more information, see the following topics:
• Privacy Protection for Contact Information (p. 22)
• Domains that You Can Register with Amazon Route 53 (p. 41)
Auto Renew (Only available when editing domain settings)
Whether you want Amazon Route 53 to automatically renew the domain before it expires. The
registration fee is charged to your AWS account. For more information, see Renewing Registration
for a Domain (p. 23).

API Version 2013-04-01
18

Amazon Route 53 Developer Guide
Values that Amazon Route 53 Returns When You
Register or Update a Domain

Caution
If you disable automatic renewal, registration for the domain will not be renewed when the
expiration date passes, and you might lose control of the domain name.
The period during which you can renew a domain name varies by top-level domain (TLD). For an
overview about renewing domains, see Renewing Registration for a Domain (p. 23). For information
about extending domain registration for a specified number of years, see Extending the Registration
Period for a Domain (p. 26).

Values that Amazon Route 53 Returns When You
Register or Update a Domain
When you register your domain with Amazon Route 53, Amazon Route 53 returns the following values
in addition to the values that you specified.
Registered on
The date on which the domain was originally registered with Amazon Route 53.
Expires on
The date and time on which the current registration period expires, in Greenwich Mean Time (GMT).
The registration period is typically one year, although the registries for some top-level domains (TLDs)
have longer registration periods. For the registration and renewal period for your TLD, see Domains
that You Can Register with Amazon Route 53 (p. 41).
For most TLDs, you can extend the registration period by up to ten years. For more information, see
Extending the Registration Period for a Domain (p. 26).
Domain name status code
The current status of the domain.
ICANN, the organization that maintains a central database of domain names, has developed a set
of domain name status codes (also known as EPP status codes) that tell you the status of a variety
of operations on a domain name, for example, registering a domain name, transferring a domain
name to another registrar, renewing the registration for a domain name, and so on. All registrars use
this same set of status codes.
For a current list of domain name status codes and an explanation of what each code means, go to
the ICANN website and search for epp status codes. (Search on the ICANN website; web searches
sometimes return an old version of the document.)
Transfer lock
Whether the domain is locked to reduce the possibility of someone transferring your domain to another
registrar without your permission. If the domain is locked, the value of Transfer Lock is Enabled. If
the domain is not locked, the value is Disabled.
Auto renew
Whether Amazon Route 53 will automatically renew the registration for this domain shortly before
the expiration date.
Authorization code
The code that is required if you want to transfer registration of this domain to another registrar. An
authorization code is only generated when you request it. For information about transferring a domain
to another registrar, see Transferring a Domain from Amazon Route 53 to Another Registrar (p. 33).
Name servers
The Amazon Route 53 servers that respond to DNS queries for this domain. We recommend that
you don't delete Amazon Route 53 name servers.
For information about adding, changing, or deleting name servers, see Editing Contact Information
and Other Settings for a Domain (p. 20).
API Version 2013-04-01
19

Amazon Route 53 Developer Guide
Viewing the Status of a Domain Registration

Viewing the Status of a Domain Registration
ICANN, the organization that maintains a central database of domain names, has developed a set of
domain name status codes (also known as EPP status codes) that tell you the status of a variety of
operations, for example, registering a domain name, transferring a domain name to another registrar,
renewing the registration for a domain name, and so on. All registrars use this same set of status codes.
To view the status code for your domains, perform the following procedure.

To view the status of a domain
1.
2.

Sign in to the AWS Management Console and open the Amazon Route 53 console at https://
console.aws.amazon.com/route53/.
In the navigation pane, choose Registered Domains.

3.
4.

Choose the name of your domain.
For the current status of your domain, see the value of the Domain name status field.
For a current list of domain name status codes and an explanation of what each code means, go to
the ICANN website and search for epp status codes. (Search on the ICANN website; web searches
sometimes return an old version of the document.)

Adding Resource Record Sets for a New Domain
As soon as you receive email confirmation that we successfully registered a domain for you, you can
start to create resource record sets for the domain. These resource record sets tell Amazon Route 53
how you want to route queries for your domain. For example, when someone enters your domain name
in a browser and that query makes its way to Amazon Route 53, do you want Amazon Route 53 to respond
to the query with the IP address of a web server in your data center or with the name of an ELB load
balancer?
When you register your domain with Amazon Route 53, we automatically create a hosted zone for the
new domain. This hosted zone, which has the same name as your domain, is the container in which
Amazon Route 53 will store the resource record sets for your domain. For more information about how
to create resource record sets, see Working with Resource Record Sets (p. 178).

Editing Contact Information and Other Settings
for a Domain
When you want to edit settings for a domain that you registered using Amazon Route 53, perform the
following procedure.

Note
For most top-level domains (TLDs), you can change the expiration date for a domain. For more
information, see Extending the Registration Period for a Domain (p. 26).

To edit contact information and other settings for a domain
1.
2.
3.

Sign in to the AWS Management Console and open the Amazon Route 53 console at https://
console.aws.amazon.com/route53/.
In the navigation pane, choose Registered Domains.
Choose the name of the domain that you want to edit settings for.

4.

Edit the applicable values:

API Version 2013-04-01
20

Amazon Route 53 Developer Guide
Editing Contact Information and Other Settings for a
Domain

Edit Contacts
To edit contact information, including the privacy-protection setting for a contact, choose Edit
Contacts. For more information, see Values that You Specify When You Register a Domain or
Edit Domain Settings (p. 16).
Transfer Lock
To change whether the domain is locked to prevent an unauthorized transfer to another registrar,
choose Enable (to lock the domain) or Disable (to unlock the domain).
Auto Renew
To change whether Amazon Route 53 automatically renews the registration for your domain
before the expiration date, choose Enable (to turn on automatic renewal) or Disable (to turn off
automatic renewal). We strongly recommend that you choose Enable to ensure that you retain
ownership of your domain.
Add/Edit Name Servers
To edit name servers, choose Add/Edit Name Servers and enter the applicable values. Then
choose Update. For more information about editing name servers, see Adding or Changing
Name Servers and Adding or Changing Glue Records (p. 22).

5.

Choose Save.
When you change some values, you change the owner of the domain:
• When the contact type is Person and you change the First Name and/or Last Name fields for the
registrant contact, you change the owner of the domain.
• When the contact type is any other value and you change the Organization field for the registrant
contact, you change the owner of the domain.
ICANN requires that we email the registrant contact to get approval. The email comes from one of
the following email addresses:
TLDs

Email address that approval email comes from

TLDs registered by
Amazon Registrar

noreply@registrar.amazon.com

.com.au and .net.au

domains@tppwholesale.com.au

.fr

nic@nic.fr (The email is sent both to the current registrant contact and
the new registrant contact.)

All others

noreply@domainnameverification.net

To determine who the registrar is for your TLD, see Domains that You Can Register with Amazon
Route 53 (p. 41).

Important
Within 15 days, the registrant contact must follow the instructions in the email to confirm
that the email was received, or we must suspend the domain as required by ICANN. When
a domain is suspended, it's not accessible on the Internet.

API Version 2013-04-01
21

Amazon Route 53 Developer Guide
Adding or Changing Name Servers and Adding or
Changing Glue Records

Adding or Changing Name Servers and Adding or
Changing Glue Records
In general, you don't need to change the name servers that Amazon Route 53 assigned to your domain
and to the corresponding hosted zone when you registered the domain. If you do need to add or change
name servers, perform the following procedure. You can also use this procedure to specify glue records
(IP addresses) when you're configuring white label name servers—name servers that have the same
domain name as the hosted zone. For more information about configuring white label name servers (also
known as vanity name servers or private name servers), see Configuring White Label Name Servers (p. 165).

Caution
If you change name servers to the wrong values, specify the wrong IP addresses in glue records,
or delete one or more name servers without specifying new ones, your website or application
might become unavailable on the Internet.

To add or change name servers and glue records
1.

.fi domains only – Order an authorization key from the Finnish Communications Regulatory Authority,
the registry for .fi domains. You use the authorization key later in this process. For more information,
see Ordering of authorization key on the Finnish Communications Regulatory Authority website.

Important
The Finnish Communications Regulatory Authority mails the authorization key to you, which
can take two weeks or more. Do not continue with this procedure until you have the key.
2.
3.
4.
5.
6.
7.

Sign in to the AWS Management Console and open the Amazon Route 53 console at https://
console.aws.amazon.com/route53/.
In the navigation pane, choose Registered Domains.
Choose the name of the domain for which you want to edit settings.
Choose Add/Edit Name Servers.
.fi domains only – In the Authorization Key field, type the authorization key that you got in step 1.
In the Edit Name Servers dialog box, you can do the following:
• Add one or more name servers.
• Replace the name of an existing name server.
• Add glue records or change the IP addresses in glue records. If you add a name server or change
the name of a name server and specify a name that is a subdomain of the domain that you're
updating (for example, ns1.example.com in the domain example.com), Amazon Route 53 prompts
you to specify one or more IP addresses for the name server. These IP addresses are known as
glue records.
• Delete a name server. Choose the x icon on the right side of the field for that name server.

8.

Choose Update.

Privacy Protection for Contact Information
When you register a domain with Amazon Route 53, we enable privacy protection by default for all the
contacts for the domain. This typically hides most of your contact information from WHOIS ("Who is")
queries and reduces the amount of spam that you receive. Your contact information is replaced either
with contact information for the registrar or with the phrase "Protected by policy."

API Version 2013-04-01
22

Amazon Route 53 Developer Guide
Renewing Registration for a Domain

Important
You can hide contact information only when the domain is locked to prevent transfers. If you're
transferring the domain to or from Amazon Route 53, you must disable privacy protection, so
your contact information is visible in WHOIS queries.You can re-enable privacy protection when
the transfer is complete.
You can choose to disable privacy protection for some or all contacts for a domain. If you do, anyone can
send a WHOIS query for the domain and, for most top-level domains (TLDs), get all the contact information
that you provided when you registered the domain, including name, address, phone number, and email
address. The WHOIS command is widely available; it's included in many operating systems, and it's also
available as a web application on many websites.
The information that you can hide from WHOIS queries depends on two main factors:
The registry for the top level domain
Some TLD registries hide all contact information automatically, some allow you to choose to hide all
contact information, some allow you to hide only some information, and some do not allow you to
hide any information. For example, most registries allow you to hide your address, phone number,
and email address. Only a few also allow you to hide your name.
The registrar
When you register a domain with Amazon Route 53 or transfer a domain to Amazon Route 53, the
registrar for the domain is either Amazon Registrar or our registrar associate, Gandi. Amazon Registrar
and Gandi hide different information by default:
• Amazon Registrar – By default, all of your contact information is hidden.
• Gandi – By default, all of your contact information is hidden except first and last name, and
organization name. However, regulations for the TLD registry take precedence.
To find out what information is hidden for the TLD for your domain, see Domains that You Can Register
with Amazon Route 53 (p. 41). For information about how to change the privacy settings for the contacts
for a domain, see Editing Contact Information and Other Settings for a Domain (p. 20).

Renewing Registration for a Domain
When you register a domain with Amazon Route 53 or you transfer domain registration to Amazon
Route 53, we configure the domain to renew automatically. The automatic renewal period is typically one
year, although the registries for some top-level domains (TLDs) have longer renewal periods. For the
registration and renewal period for your TLD, see Domains that You Can Register with Amazon
Route 53 (p. 41).
For most top-level domains (TLDs), you can change the expiration date for a domain. For more information,
see Extending the Registration Period for a Domain (p. 26).

Caution
If you turn off automatic renewal, be aware of the following effects on your domain:
• Some TLD registries delete domains even before the expiration date if you don't renew early
enough. We strongly recommend that you leave automatic renewal enabled if you want to
keep a domain name.
• We also strongly recommend that you not plan to re-register a domain after it has expired.
Some registrars allow others to register domains immediately after the domains expire, so
you might not be able to re-register before the domain is taken by someone else.
• Some registries charge a large premium to restore expired domains.
• On or near the expiration date, the domain becomes unavailable on the Internet.

API Version 2013-04-01
23

Amazon Route 53 Developer Guide
Renewing Registration for a Domain

To determine whether automatic renewal is enabled for your domain, see Editing Contact Information
and Other Settings for a Domain (p. 20).
If automatic renewal is enabled, here's what happens:
45 days before expiration
We send an email to the registrant contact that tells you that automatic renewal is currently enabled
and gives instructions about how to disable it. Keep your registrant contact email address current so
you don't miss this email.
35 or 30 days before expiration
For all domains except .com.ar, .com.br, and .jp domains, we renew domain registration 35 days
before the expiration date so we have time to resolve any issues with your renewal before the domain
name expires.
The registries for .com.ar, .com.br, and .jp domains require that we renew the domains no more than
30 days before expiration. You'll get a renewal email from Gandi, our registrar associate, 30 days
before expiration, which is the same day that we renew your domain if you have automatic renewal
enabled.

Note
When we renew your domain, we send you an email to let you know that we renewed it. If
the renewal failed, we send you an email to explain why it failed.
If automatic renewal is disabled, here's what happens as the expiration date for a domain name
approaches:
45 days before expiration
We send an email to the registrant contact for the domain that tells you that automatic renewal is
currently disabled and gives instructions about how to enable it. Keep your registrant contact email
address current so you don't miss this email.
30 days and 7 days before expiration
If automatic renewal is disabled for the domain, ICANN, the governing body for domain registration,
requires the registrar to send you an email. The email comes from one of the following email
addresses:
• noreply@registrar.amazon.com – For domains for which the registrar is Amazon Registrar.
• noreply@domainnameverification.net – For domains for which the registrar is our registrar
associate, Gandi.
To determine who the registrar is for your TLD, see Domains that You Can Register with Amazon
Route 53 (p. 41).
If you enable automatic renewal less than 30 days before expiration, and the renewal period has not
passed, we renew the domain within 24 hours.

Caution
Some TLD registries stop allowing renewals as much as 25 days before the expiration date,
and many don't allow renewal after the expiration date. In addition, processing a renewal
can take up to a day. If you delay too long before enabling automatic renewal, the domain
might expire before renewal can be processed, and you might lose the domain. If the
expiration date is approaching, we recommend that you manually extend the expiration date
for the domain. For more information, see Extending the Registration Period for a
Domain (p. 26).
For more information about renewal periods, go to the "Renewal, restoration, and deletion times"
table on the Renewing a Domain Name page on the Gandi website.
After the expiration date
Most domains are held by the registrar for a brief time after expiration, so you might be able to renew
an expired domain after the expiration date, but we strongly recommend that you keep automatic
API Version 2013-04-01
24

Amazon Route 53 Developer Guide
Renewing or Restoring an Expired Domain

renewal enabled if you want to keep your domain. For information about trying to renew a domain
after the expiration date, see Renewing or Restoring an Expired Domain (p. 25).

Renewing or Restoring an Expired Domain
If you don't renew a domain before the expiration date, some registries for top-level domains (TLDs) allow
you to do one or both of the following:
• Renew the expired domain during a late-renewal period
• Restore the domain after the late-renewal period passes and before it becomes available for others to
register

To try to renew or restore domain registration for a domain that has expired
1.

Determine whether the TLD registry for the domain supports renewing or restoring expired domains.
a.
b.

Go to the "Renewal, restoration, and deletion times" table on the Renewing a Domain Name
page on the Gandi website.
Find the TLD for your domain, and review the applicable values:
• Determine whether the registry supports renewing or restoring an expired domain.
• If renewal or restoration is supported, determine whether the domain is still within the renewal
or restoration period.
The list includes some TLDs that Amazon Route 53 doesn't support.

Important
We forward renewal and restoration requests to Gandi, which processes the requests during
business hours Monday through Friday. Gandi is based in Paris, where the time is UTC/GMT
+1 hour. As a result, depending on when you submit your request, in rare cases it can take
a week or more for a request to be processed.
2.

Get the expiration date for the domain:
a.

Sign in to the AWS Management Console and open the Amazon Route 53 console at https://
console.aws.amazon.com/route53/.

b.
c.

In the navigation pane, choose Registered Domains.
Choose the name of the domain that you want to view the expiration date for.

d.

Check the value of Expires on.

3.

Using the AWS account that the domain was registered to, sign in to the AWS Support Center.

4.

Specify the following values:
Regarding
Accept the default value of Account and Billing Support.
Service
Accept the default value of Billing.
Category
Accept the default value of Domain name registration issue.
Subject
Type Renew an expired domain.

API Version 2013-04-01
25

Amazon Route 53 Developer Guide
Extending the Registration Period for a Domain

Description
Provide the following information:
• The domain that you want to renew
• The account ID of the AWS account that the domain was registered to
Contact method
Specify a contact method and, if you choose Phone, enter the applicable values.

5.

Choose Submit.

6.

When we learn whether we were able to renew or restore your expired domain, a customer support
representative will contact you. In addition, if we were able to renew or restore your domain, the
expiration date in the console will change to the new date.

Extending the Registration Period for a Domain
When you register a domain with Amazon Route 53 or you transfer domain registration to Amazon
Route 53, we configure the domain to renew automatically. The automatic renewal period is typically one
year, although the registries for some top-level domains (TLDs) have longer renewal periods.
All generic TLDs and many country-code TLDs let you extend domain registration for longer periods,
typically up to ten years in one-year increments. To determine whether you can extend the registration
period for your domain, see Domains that You Can Register with Amazon Route 53 (p. 41). If longer
registration periods are allowed, perform the following procedure.

Note
Some TLD registries have restrictions on when you can renew or extend a domain registration,
for example, the last two months before the domain expires. Even if the registry allows extending
the registration period for a domain, they might not allow it at the current number of days before
the domain expires.

To extend the registration period for your domain
1.
2.
3.

Open the Amazon Route 53 console at https://console.aws.amazon.com/route53/.
In the navigation pane, choose Registered Domains.
Choose the name of the domain for which you want to extend the registration period.
The Expires on field lists the current expiration date for the domain. If the registry for the TLD allows
extending the registration period, an extend link appears on the right side of the expiration date.

4.
5.

6.

Choose extend.
In the Extend registration for list, choose the number of years that you want to extend the registration
for.
The list shows all the current options based on the current expiration date and the maximum
registration period allowed by the registry for this domain. The New expiration date field shows the
expiration date with that number of years applied.
Choose Extend domain registration.
When we receive confirmation from the registry that they've updated your expiration date, we send
you an email to confirm that we've changed the expiration date.

API Version 2013-04-01
26

Amazon Route 53 Developer Guide
Transferring Domains

Transferring Domains
You can transfer domain registration from another registrar to Amazon Route 53, from one AWS account
to another, or from Amazon Route 53 to another registrar.
Topics
• Transferring Registration for a Domain to Amazon Route 53 (p. 27)
• Viewing the Status of a Domain Transfer (p. 30)
• How Transferring a Domain to Amazon Route 53 Affects the Expiration Date for Your Domain
Registration (p. 32)
• Transferring a Domain to a Different AWS Account (p. 32)
• Transferring a Domain from Amazon Route 53 to Another Registrar (p. 33)

Transferring Registration for a Domain to Amazon
Route 53
When you transfer a domain name from another registrar to Amazon Route 53, you need to get some
information from your current registrar and enter it on the Amazon Route 53 console.
For information about how transferring your domain affects the current expiration date, see How
Transferring a Domain to Amazon Route 53 Affects the Expiration Date for Your Domain
Registration (p. 32). By default, Amazon Route 53 automatically renews registration for the domain. For
information about changing this setting, see Editing Contact Information and Other Settings for a
Domain (p. 20).
When you transfer a domain to Amazon Route 53, the transfer fee that we apply to your AWS account
depends on the top-level domain (TLD). For more information, see Amazon Route 53 Pricing.

Transfer Requirements for Top-Level Domains
Registries for top-level domains (such as .com) have requirements for transferring domains. Requirements
vary among TLDs, but the following requirements are typical:
• You must have registered the domain with the current registrar at least 60 days ago.
• If the registration for a domain name expired and had to be restored, it must have been restored at
least 60 days ago.
• You must have transferred registration for the domain to the current registrar at least 60 days ago.
• The domain cannot have any of the following domain name status codes:
• pendingDelete
• pendingTransfer
• redemptionPeriod
• clientTransferProhibited
• Some registries block transfers until changes, such as ownership changes, are complete.
For a current list of domain name status codes and an explanation of what each code means, go to the
ICANN website and search for epp status codes. (Search on the ICANN website; web searches sometimes
return an old version of the document.)

API Version 2013-04-01
27

Amazon Route 53 Developer Guide
Transferring Domain Registration to Amazon Route 53

Transferring a Domain to Amazon Route 53
To transfer a domain to Amazon Route 53, perform the following procedure.

To transfer a domain to Amazon Route 53 from another registrar
1.

2.

Confirm that Amazon Route 53 supports the top-level domain (for example, .com or .org) for the
domain name that you want to transfer. For more information, see Domains that You Can Register
with Amazon Route 53 (p. 41). If your top-level domain isn't on the list, you can't currently transfer
the domain name to Amazon Route 53.
If the registrar for your domain is also the DNS service provider for the domain, we highly recommend
that you consider transferring your DNS service to Amazon Route 53 or another DNS service provider
before you transfer your registration. Some registrars provide free DNS service when you purchase
a domain registration. When you transfer the registration, the previous registrar will not renew your
domain registration and might disable DNS service for the domain as soon as they receive transfer
the request from Amazon Route 53. For more information, see Migrating DNS Service for an Existing
Domain to Amazon Route 53 (p. 141).

Caution
If the registrar for your domain is also the DNS service provider for the domain and you
don't transfer DNS service to another provider, your website, email, and the web applications
associated with the domain might become unavailable.
The Amazon Route 53 DNS service doesn't support DNSSEC. If DNSSEC is configured for the
domain, you must do one of the following:
• Delete DNSSEC keys for the domain.
• Use a DNS service provider that supports DNSSEC and that won't cancel your DNS service when
you transfer the domain to Amazon Route 53.

3.

For more information, see Configuring DNSSEC for a Domain (p. 35).
Using the method provided by your current registrar, perform the following tasks for each domain
that you want to transfer:
• Unlock the domain so it can be transferred.
• Disable privacy protection for the domain. This makes your contact information visible to WHOIS
queries.
• Confirm that the email for the registrant for your domain is up to date. That's the email address at
which we'll contact you with information about the progress of the transfer.
• Confirm that the domain status allows you to transfer the domain. For more information, see
Transfer Requirements for Top-Level Domains (p. 27).
• Get an authorization code, which authorizes us to request that registration for the domain be
transferred to Amazon Route 53. You'll enter this code in the Amazon Route 53 console later in
the process.
.co.uk, .me.uk, and .org.uk domains
If you're transferring a .co.uk, .me.uk, or .org.uk domain to Amazon Route 53, you don't need
to specify an authorization code. Instead, use the method provided by your current domain
registrar to update the value of the IPS tag for the domain to GANDI, all uppercase. (An IPS
tag is required by Nominet, the registry for .uk domain names.) If your registrar will not change
the value of the IPS tag, contact Nominet.
.jp domains
If you're transferring a .jp domain to Amazon Route 53, you don't need to specify an
authorization code. Instead, use the method provided by your current domain registrar to
update the value of the AGNT code to AGNT-1744, all uppercase.

API Version 2013-04-01
28

Amazon Route 53 Developer Guide
Transferring Domain Registration to Amazon Route 53

.ru domains
If you're transferring a .ru domain to Amazon Route 53, you don't need to specify an
authorization code. Instead, use the method provided by RU-Center, the registry for .ru domains,
to update the Partner Handle for the domain to 5427/NIC-REG. For more information, see
the Registrar's or Registrant's Transfer page on the RU-Center website.

4.

If you're already using Amazon Route 53 as the DNS service provider for the domains that you want
to transfer, get the names of the Amazon Route 53 name servers for each of the corresponding
hosted zones. For more information, see Getting the Name Servers for a Public Hosted Zone (p. 163).
Then go to the next step.
If you want to continue using another DNS service provider for the domains that you're transferring,
use the method provided by your current DNS service provider to get the names of the name servers
for each domain that you want to transfer.

5.
6.
7.
8.
9.

Open the Amazon Route 53 console at https://console.aws.amazon.com/route53/.
In the navigation pane, choose Registered Domains.
Choose Transfer Domain.
Enter the name of the domain for which you want to transfer registration to Amazon Route 53, and
choose Check.
If the domain is available for transfer, choose Add to cart.

If the domain is not available for transfer, the Amazon Route 53 console lists the reasons. Contact
your registrar for information about how to resolve the issues that prevent you from transferring your
domain.
10. If you want to transfer other domains, repeat steps 8 and 9.
11. When you've added all of the domains that you want to transfer, choose Continue.
12. For each domain name that you want to transfer, enter the applicable values:
Authorization Code
Enter the authorization code that you got from your current registrar in step 3 of this procedure.
Name Servers
Enter the names of the name servers that you got from the DNS service for the domain in step
4 of this procedure. If you're using Amazon Route 53 as your DNS service provider, enter all
four of the name servers that Amazon Route 53 assigned to the hosted zone for your domain.

13. On the Contact Details for Your n Domains page, enter contact information for the domain registrant,
administrator, and technical contact. The values that you enter here are applied to all of the domains
that you're transferring.
By default, we use the same information for all three contacts. If you want to enter different information
for one or more contacts, change the value of My Registrant, Administrative, and Technical
contacts are all the same to No.

14.
15.
16.
17.

For more information, see Values that You Specify When You Register a Domain or Edit Domain
Settings (p. 16).
For some top-level domains (TLDs), we're required to collect additional information. For these TLDs,
enter the applicable values after the Postal/Zip Code field.
If the value of Contact Type is Person, choose whether you want to hide your contact information
from WHOIS queries. For more information, see Privacy Protection for Contact Information (p. 22).
Choose Continue.
Review the information you entered, read the terms of service, and select the check box to confirm
that you've read the terms of service.

18. Choose Complete Purchase.
API Version 2013-04-01
29

Amazon Route 53 Developer Guide
Viewing the Status of a Domain Transfer

We confirm that the domain is eligible for transfer, and we send the registrant for the domain an email
to confirm that the registrant requested the transfer. The email comes from one of the following email
addresses:
TLDs

Email address that approval email comes from

TLDs registered by
Amazon Registrar

noreply@registrar.amazon.com

.com.au and .net.au

domains@tppwholesale.com.au

.fr

nic@nic.fr, if you're changing the registrant contact for a .fr domain name
at the same time that you're transferring the domain. (The email is sent
both to the current registrant contact and the new registrant contact.)

All others

noreply@domainnameverification.net

To determine who the registrar is for your TLD, see Domains that You Can Register with Amazon
Route 53 (p. 41).
19. If you're the registrant contact for the domain, follow the instructions in the email to confirm that the
email was received. If someone else is the registrant contact, ask that person to confirm that the
email was received.
We wait up to five days for the registrant to confirm the transfer. If the registrant doesn't confirm the
transfer within five days, we cancel the transfer operation and send an email to the registrant about
the cancellation.
If the registrant contact confirms the transfer, we start to work with your current registrar to transfer
your domain. This step might take up to seven days, depending on your current registrar. If your
current registrar doesn't reply to our transfer request, which is common among registrars, the transfer
happens automatically. If your current registrar rejects the transfer request, we send an email
notification to the current registrant. The registrant needs to contact the current registrar and resolve
the issues with the transfer.
When your domain transfer has been approved, we send another email to the registrant contact. For
more information about the process, see Viewing the Status of a Domain Transfer (p. 30).
We charge your AWS account for the domain transfer as soon as the transfer is complete. This is a
one-time charge, so the charge doesn't appear in your CloudWatch billing metrics. For a list of charges
by TLD, see Amazon Route 53 Pricing for Domain Registration.

Viewing the Status of a Domain Transfer
After you initiate the transfer of a domain from another domain registrar to Amazon Route 53, you can
track the status on the Registered Domains page of the Amazon Route 53 console. The Status column
includes a brief description of the current step. The following list includes the text in the console and a
more detailed description of each step.

Note
When you submit a transfer request, the initial status is Domain transfer request submitted,
which indicates that we've received your request.
Determining whether the domain meets transfer requirements (step 1 of 14)
We're confirming that your domain's status is eligible for transfer. You must unlock your domain, and
the domain can't have any of the following status codes when you submit the transfer request:
• clientTransferProhibited

API Version 2013-04-01
30

Amazon Route 53 Developer Guide
Viewing the Status of a Domain Transfer

• pendingDelete
• pendingTransfer
• redemptionPeriod
Verifying WHOIS information (step 2 of 14)
We sent a WHOIS query for your domain to determine whether you've disabled the privacy protection
for the domain. If privacy protection is still enabled with your current registrar, we won't be able to
access the information we need to transfer the domain.
Sent email to registrant contact to get transfer authorization (step 3 of 14)
We've sent an email to the registrant contact for the domain to confirm that the transfer was requested
by an authorized contact of the domain.
Verifying transfer with current registrar (step 4 of 14)
We've sent a request to the current registrar for the domain to initiate the transfer.
Awaiting authorization from registrant contact (step 5 of 14)
We're waiting for the registrant contact of the domain to authorize the transfer (see step 3). If the
registrant contact does not receive the email, confirm that the current registrar for the domain has
the correct email address for the registrant contact.
Contacted current registrar to request transfer (step 6 of 14)
We're working with the current registrar for the domain to finalize the transfer.
Waiting for the current registrar to complete the transfer (step 7 of 14)
Your current registrar is confirming that your domain meets the requirements for being transferred.
Requirements vary among TLDs, but the following requirements are typical:
• You must have registered the domain with the current registrar at least 60 days ago.
• If the registration for a domain name expired and had to be restored, it must have been restored
at least 60 days ago.
• You must have transferred registration for the domain to the current registrar at least 60 days ago.
• The domain cannot have any of the following domain name status codes:
• clientTransferProhibited
• pendingDelete
• pendingTransfer
• redemptionPeriod
Confirming with the registrant contact that the contact initiated the transfer (step 8 of 14)
Some TLD registries send the registrant contact another email to confirm that the domain transfer
was requested by an authorized user.
Synchronizing name servers with the registry (step 9 of 14)
This step occurs only if the name servers that you provided as part of the transfer request are different
from the name servers that are listed with the current registrar. We'll try to update your name servers
to the new name servers that you provided.
Synchronizing settings with the registry (step 10 of 14)
We're verifying that the transfer has completed successfully, and we're synchronizing your
domain-related data with our registrar associate.
Sending updated contact information to the registry (step 11 of 14)
If you changed the ownership of the domain when you requested the transfer, we're trying to make
this change. However, most registries don't allow a transfer of ownership as part of the domain
transfer process.
Finalizing the transfer to Route 53 (step 12 of 14)
We're confirming that the transfer process was successful.
Finalizing transfer (step 13 of 14)
We're setting up your domain in Amazon Route 53.
Transfer Complete (step 14 of 14)
Your transfer has been successfully completed.

API Version 2013-04-01
31

Amazon Route 53 Developer Guide
How Transferring a Domain to Amazon Route 53 Affects
the Expiration Date

How Transferring a Domain to Amazon Route 53
Affects the Expiration Date for Your Domain
Registration
When you transfer a domain to another registrar, some TLD registries let you keep the same expiration
date for your domain, some registries add a year to the expiration date, and some registries change the
expiration date to one year after the transfer date.

Note
For most TLDs, you can extend the registration period for a domain by up to ten years after you
transfer it to Amazon Route 53. For more information, see Extending the Registration Period for
a Domain (p. 26).

Generic TLDs
When you transfer a domain that has a generic TLD (for example, .com) to Amazon Route 53, the new
expiration date for the domain is the expiration date with your previous registrar plus one year.

Geographic TLDs
When you transfer a domain that has a geographic TLD (for example, .co.uk) to Amazon Route 53, the
new expiration date for the domain depends on the TLD. Find your TLD in the following table to determine
how transferring your domain affects the expiration date.
Continent

Geographic TLDs and the Effect of Transferring a Domain on the Expiration Date

Africa

.co.za – The expiration date remains the same.

Americas

.cl, .com.ar, .com.br – The expiration date remains the same.
.ca, .co, .mx, .us – One year is added to the old expiration date.

Asia/Oceania

.co.nz, .com.au, .com.sg, .jp, .net.au, .net.nz, .org.nz, .ru, .sg – The expiration date remains the same.
.in – One year is added to the old expiration date.

Europe

.ch, .co.uk, .de, .es, .fi, .me.uk, .org.uk, .se – The expiration date remains
the same.
.berlin, .eu, .io, .me, .ruhr, .wien – One year is added to the old expiration
date.
.be, .fr, .it, .nl – The new expiration date is one year after the date of transfer.

Transferring a Domain to a Different AWS Account
If you registered a domain using one AWS account and you want to transfer the domain to another AWS
account, you can do so simply by contacting the AWS Support Center and requesting the transfer.
When you transfer domain registration between AWS accounts, Amazon Route 53 does not transfer the
hosted zone for your domain. If domain registration is associated with one account and the corresponding
hosted zone is associated with another account, neither domain registration nor DNS functionality is

API Version 2013-04-01
32

Amazon Route 53 Developer Guide
Transferring a Domain from Amazon Route 53

affected. The only effect is that you'll need to sign into the Amazon Route 53 console using one account
to see the domain, and sign in using the other account to see the hosted zone.

Important
If you want to transfer the hosted zone to another account, you must manually create the new
hosted zone, create resource record sets in the new hosted zone, and update your domain with
the name servers for the new hosted zone.
To transfer registration for a domain from one AWS account to another, perform the following procedure.

To transfer a domain to a different AWS account
1.

Using the AWS account that the domain is currently registered to, sign in to the AWS Support Center.

Important
You must sign in by using the root account that the domain is currently registered to. If you
sign in by using an IAM user or any other account, we can't perform the transfer. This
requirement prevents unauthorized users from transferring domains to other AWS accounts.
2.

Specify the following values:
Regarding
Accept the default value of Account and Billing Support.
Service
Accept the default value of Billing.
Category
Accept the default value of Domain name registration issue.
Subject
Specify Transfer a domain to another AWS account.
Description
Provide the following information:
• Domain that you want to transfer
• Account ID of the AWS account that the domain is currently registered to
• Account ID of the AWS account that you want to transfer domain registration to
Contact method
Specify a contact method and, if you choose Phone, enter the applicable values.

3.

Choose Submit.

Transferring a Domain from Amazon Route 53 to
Another Registrar
When you transfer a domain from Amazon Route 53 to another registrar, you get some information from
Amazon Route 53 and provide it to the new registrar. The new registrar will do the rest.

Important
If you're currently using Amazon Route 53 as your DNS service provider and you also want to
transfer DNS service to another provider, be aware that the following Amazon Route 53 features
don't have direct parallels with features provided by other DNS service providers. You'll need to
work with the new DNS service provider to determine how to achieve comparable functionality:
• Alias resource record sets
• Weighted resource record sets
• Latency resource record sets

API Version 2013-04-01
33

Amazon Route 53 Developer Guide
Transferring a Domain from Amazon Route 53

• Failover resource record sets
• Geo resource record sets
Usually, you can transfer registration of a domain name to another registrar without much trouble.
Requirements vary among TLDs, but the following requirements are typical:
• You must have registered the domain with the current registrar at least 60 days ago.
• If the registration for a domain name expired and had to be restored, it must have been restored at
least 60 days ago.
• You must have transferred registration for the domain to the current registrar at least 60 days ago.
• The domain cannot have any of the following domain name status codes:
• pendingDelete
• pendingTransfer
• redemptionPeriod
• clientTransferProhibited
For a current list of domain name status codes and an explanation of what each code means, go to the
ICANN website and search for epp status codes. (Search on the ICANN website; web searches sometimes
return an old version of the document.)

To transfer a domain from Amazon Route 53 to another registrar
1.

.fi domains only – If you're transferring a .fi domain to another registrar, order an authorization key
from the Finnish Communications Regulatory Authority, the registry for .fi domains. You use the
authorization key later in this process. For more information, see Ordering of authorization key on
the Finnish Communications Regulatory Authority website.

Important
The Finnish Communications Regulatory Authority mails the authorization key to you, which
can take two weeks or more. Do not continue with this procedure until you have the key.
2.
3.
4.
5.

Sign in to the AWS Management Console and open the Amazon Route 53 console at https://
console.aws.amazon.com/route53/.
In the navigation pane, choose Registered Domains.
Choose the name of the domain that you want to transfer to another registrar.
On the Your Domains > domain name page, check the value of Domain name status. If it is one
of the following values, you can't currently transfer the domain:
• pendingDelete
• pendingTransfer
• redemptionPeriod
• clientTransferProhibited
For a current list of domain name status codes and an explanation of what each code means, go to
the ICANN website and search for epp status codes. (Search on the ICANN website; web searches
sometimes return an old version of the document.)

6.
7.

If the value of Transfer lock is Enabled, choose Disable.
Choose Edit contacts.

8.

On the Edit Contact Details for domain name page, for Privacy Protection, select Don't hide
contact information for all contacts.

9.

In addition, update the contact information so the new registrar can contact you.
Choose Save.
API Version 2013-04-01
34

Amazon Route 53 Developer Guide
Configuring DNSSEC for a Domain

10. All domains except .co.uk, .me.uk, .org.uk, and .fi domains – On the Your Domains > domain name
page, at Authorization Code, choose Generate and make note of the authorization code. You'll
provide this value to your registrar later in this procedure.
.co.uk, .me.uk, and .org.uk domains – Change the IPS tag to the value for the new registrar:
a.
b.
c.

Go to the Find a Registrar page on the Nominet website, and find the IPS tag for the new registrar.
(Nominet is the registry for .co.uk, .me.uk, and .org.uk domains.)
On the Your Domains > domain name page, at IPS Tag, choose Change IPS Tag, and specify
the value that you got in step a.
Choose Update.

.fi domains – Skip this step.
11. If you're not currently using Amazon Route 53 as the DNS service provider for your domain, skip to
step 13.
If you are currently using Amazon Route 53 as the DNS service provider for the domain, perform the
following steps:
a.
b.
c.

Choose Hosted Zones.
Double-click the name of the hosted zone for your domain. The domain and the hosted zone
have the same name.
If you want to continue using Amazon Route 53 as the DNS service provider for the domain:
Find the NS record for the hosted zone, and make note of the names of the four name servers.
These names all begin with ns-.
If you do not want to continue using Amazon Route 53 as the DNS service provider for the
domain: Make note of the settings for all of your resource record sets except the NS and SOA
records. For Amazon Route 53–specific features such as alias resource record sets, you'll need
to work with your new DNS service provider to determine how to achieve comparable functionality.

12. If you're transferring DNS service to another provider, use the methods that are provided by the new
DNS service to create a hosted zone and resource record sets to reproduce the functionality of your
Amazon Route 53 resource record sets.
13. Using the process that is provided by the new registrar, request a transfer of the domain.
All domains except .co.uk, .me.uk, .org.uk, and .fi domains – You'll be prompted to enter the
authorization code that you got from the Amazon Route 53 console in step 10 of this procedure.
If you still want to use Amazon Route 53 as your DNS service provider, specify the names of the
Amazon Route 53 name servers that you got in step 11. If you want to use another DNS service
provider, specify the names of the name servers that the new provider gave you when you created
a new hosted zone in step 12.
.fi domains – Go to the Finnish Communications Regulatory Authority website and request a transfer.
For more information, see the procedure "Domain name transfer made by domain name holder" on
the Transfer of domain name to new holder page.

Configuring DNSSEC for a Domain
Attackers sometimes hijack traffic to Internet endpoints such as web servers by intercepting DNS requests
and returning their own IP addresses to DNS resolvers in place of the actual IP addresses for those
endpoints. Users are then routed to the IP addresses provided by the attackers in the spoofed response,
for example, to fake websites.
API Version 2013-04-01
35

Amazon Route 53 Developer Guide
Overview of How DNSSEC Protects Your Domain

You can protect your domain from this type of attack, known as DNS spoofing or a man-in-the-middle
attack, by configuring Domain Name System Security Extensions (DNSSEC), a protocol for securing
DNS traffic.

Important
Amazon Route 53 supports DNSSEC for domain registration but does not support DNSSEC for
DNS service. If you want to configure DNSSEC for a domain that is registered with Amazon
Route 53, you must use another DNS service provider.
Topics
• Overview of How DNSSEC Protects Your Domain (p. 36)
• Prerequisites and Limits for Configuring DNSSEC for a Domain (p. 37)
• Adding Public Keys for a Domain (p. 37)
• Deleting Public Keys for a Domain (p. 38)

Overview of How DNSSEC Protects Your Domain
When you configure DNSSEC for your domain, a DNS resolver establishes a chain of trust for responses
from intermediate resolvers. The chain of trust begins with the TLD registry for the domain (your domain's
parent zone) and ends with the authoritative name servers at your DNS service provider. Not all DNS
resolvers support DNSSEC; resolvers that don't support DNSSEC don't perform any signature or
authenticity validation.
Here's how you configure DNSSEC for domains registered with Amazon Route 53 to protect your Internet
hosts from DNS spoofing, simplified for clarity:
1. Use the method provided by your DNS service provider to sign the resource record sets in your hosted
zone with the private key in an asymmetric key pair.

Important
Amazon Route 53 supports DNSSEC for domain registration but does not support DNSSEC
for DNS service. If you want to configure DNSSEC for a domain that is registered with Amazon
Route 53, you must use another DNS service provider.
2. Provide the public key from the key pair to your domain registrar, and specify the algorithm that was
used to generate the key pair. The domain registrar forwards the public key and the algorithm to the
registry for the top-level domain (TLD).
For information about how to perform this step for domains that you registered with Amazon Route 53,
see Adding Public Keys for a Domain (p. 37).
After you configure DNSSEC, here's how it protects your domain from DNS spoofing:
1. Submit a DNS request, for example, by browsing to a website or by sending an email message.
2. The request is routed to a DNS resolver. Resolvers are responsible for returning the appropriate value
to clients based on the request, for example, the IP address for the host that is running a web server
or an email server.
3. If the IP address is cached on the DNS resolver (because someone else has already submitted the
same DNS request, and the resolver already got the value), the resolver returns the IP address to the
client that submitted the request. The client then uses the IP address to access the host.
If the IP address isn't cached on the DNS resolver, the resolver sends a request to the parent zone
for your domain, at the TLD registry, which returns two values:
• The Delegation Signer (DS) record, which is a public key that corresponds with the private key that
was used to sign the resource record set.
• The IP addresses of the authoritative name servers for your domain.
API Version 2013-04-01
36

Amazon Route 53 Developer Guide
Prerequisites and Limits for Configuring DNSSEC for a
Domain

4. The DNS resolver sends the original request to another DNS resolver. If that resolver doesn't have
the IP address, it repeats the process until a resolver sends the request to a name server at your DNS
service provider. The name server returns two values:
• The resource record set for the domain, such as example.com. Typically this contains the IP address
of a host.
• The signature for the resource record set, which you created when you configured DNSSEC.
5. The DNS resolver uses the public key that you provided to the domain registrar (and the registrar
forwarded to the TLD registry) to do to things:
• Establish a chain of trust.
• Verify that the signed response from the DNS service provider is legitimate and hasn't been replaced
with a bad response from an attacker.
6. If the response is authentic, the resolver returns the value to the client that submitted the request.
If the response can't be verified, the resolver returns an error to the user.
If the TLD registry for the domain doesn't have the public key for the domain, the resolver responds
to the DNS request by using the response that it got from the DNS service provider.

Prerequisites and Limits for Configuring DNSSEC
for a Domain
To configure DNSSEC for a domain, your domain and DNS service provider must meet the following
prerequisites:
• The registry for the TLD must support DNSSEC.To determine whether the registry for your TLD supports
DNSSEC, see Domains that You Can Register with Amazon Route 53 (p. 41).
• The DNS service provider for the domain must support DNSSEC.

Important
Amazon Route 53 supports DNSSEC for domain registration but does not support DNSSEC
for DNS service. If you want to configure DNSSEC for a domain that is registered with Amazon
Route 53, you must use another DNS service provider.
• You must configure DNSSEC with the DNS service provider for your domain before you add public
keys for the domain to Amazon Route 53.
• The number of public keys that you can add to a domain depends on the TLD for the domain:
• .com and .net domains – up to thirteen keys
• All other domains – up to four keys

Adding Public Keys for a Domain
When you're rotating keys or you're enabling DNSSEC for a domain, perform the following procedure
after you configure DNSSEC with the DNS service provider for the domain.

To add public keys for a domain
1.

If you haven't already configured DNSSEC with your DNS service provider, use the method provided
by your service provider to configure DNSSEC.

2.
3.

Sign in to the AWS Management Console and open the Amazon Route 53 console at https://
console.aws.amazon.com/route53/.
In the navigation pane, choose Registered domains.

4.

Choose the name of the domain that you want to add keys for.

API Version 2013-04-01
37

Amazon Route 53 Developer Guide
Deleting Public Keys for a Domain

5.
6.

At the DNSSEC status field, choose Manage keys.
Specify the following values:
Key type
Choose whether you want to upload a key-signing key (KSK) or a zone-signing key (ZSK).
Algorithm
Choose the algorithm that you used to sign the resource record sets for the hosted zone.
Public key
Specify the public key from the asymmetric key pair that you used to configure DNSSEC with
your DNS service provider.

7.

Choose Add.

Note
You can only add one public key at a time. If you need to add more keys, wait until you
receive a confirmation email from Amazon Route 53.
8.

When Amazon Route 53 receives a response from the registry, we send an email to the registrant
contact for the domain. The email either confirms that the public key has been added to the domain
at the registry or explains why the key couldn't be added.

Deleting Public Keys for a Domain
When you're rotating keys or you're disabling DNSSEC for the domain, delete public keys using the
following procedure before you disable DNSSEC with your DNS service provider. We recommend that
you wait for up to three days to delete public keys after you rotate keys or disable DNSSEC with your
DNS service provider. Note the following:
• If you're rotating public keys, we recommend that you wait for up to three days after you add the new
public keys to delete the old public keys.
• If you're disabling DNSSEC, delete public keys for the domain first. We recommend that you wait for
up to three days before you disable DNSSEC with the DNS service for the domain.

Caution
If DNSSEC is enabled for the domain and you disable DNSSEC with the DNS service, DNS
resolvers that support DNSSEC will return a SERVFAIL error to clients, and the clients won't be
able to access the endpoints that are associated with the domain.

To delete public keys for a domain
1.
2.

Sign in to the AWS Management Console and open the Amazon Route 53 console at https://
console.aws.amazon.com/route53/.
In the navigation pane, choose Registered domains.

3.
4.

Choose the name of the domain that you want to delete keys from.
At the DNSSEC status field, choose Manage keys.

5.

Find the key that you want to delete, and choose Delete.

Note
You can only delete one public key at a time. If you need to delete more keys, wait until you
receive a confirmation email from Amazon Route 53.
6.

When Amazon Route 53 receives a response from the registry, we send an email to the registrant
contact for the domain. The email either confirms that the public key has been deleted from the
domain at the registry or explains why the key couldn't be deleted.

API Version 2013-04-01
38

Amazon Route 53 Developer Guide
Getting a Domain Name Unsuspended

Getting a Domain Name Unsuspended
When you register a domain with Amazon Route 53 or transfer a domain from another registrar to Amazon
Route 53, we send you a confirmation email. This email includes instructions about how to verify that we
have a valid email address for the registrant contact. The email comes from one of the following email
addresses:
TLDs

Email Address that Approval Email Comes from

TLDs registered by
Amazon Registrar

noreply@registrar.amazon.com

.com.au and .net.au

domains@tppwholesale.com.au (only if you're transferring the domain to
Amazon Route 53)

.fr

nic@nic.fr (only if you're transferring the domain and you're changing the registrant contact at the same time. The email is sent both to the current registrant contact and the new registrant contact.)

All others

noreply@domainnameverification.net

To determine who the registrar is for your TLD, see Domains that You Can Register with Amazon
Route 53 (p. 41).
If you don't respond to the email within 15 days—for example, because the email ended up in your junk
email folder—ICANN requires us to suspend the domain, meaning that it's no longer available on the
Internet. To get the domain unsuspended, perform the following procedure to request another copy of
the email, and follow the instructions in the email.

To get a domain unsuspended
1.
2.
3.
4.

Sign in to the AWS Management Console and open the Amazon Route 53 console at https://
console.aws.amazon.com/route53/.
In the navigation pane, choose Registered Domains.
Choose the name of the domain that you want to get unsuspended.
On the Registered Domains > domain-name page, confirm that the email address for the registrant
contact is valid and an address that you're able to receive email at.
If you need to correct the email address, choose Edit Contacts and change the value of Email for
the registrant contact.

5.

On the Registered Domains > domain-name page, choose Send Email Again.

Important
If the domain was suspended for abuse, the Send Email Again button isn't available. You
must open a case with the AWS Support Center. Accept the default values for Regarding,
Service, and Category, and enter the applicable information for Subject, Description, and
Contact Method.
6.

Follow the instructions in the email.
Typically, after you respond to the email, the domain is unsuspended in less than 30 minutes, but it
can take up to two hours.

API Version 2013-04-01
39

Amazon Route 53 Developer Guide
Deleting a Domain Name Registration

Deleting a Domain Name Registration
For most top-level domains (TLDs), you can delete the registration if you no longer want it. Registries for
some TLDs don't allow you to delete a domain name registration; instead, you must wait for it to expire.
To determine whether you can delete the registration for your domain, see Domains that You Can Register
with Amazon Route 53 (p. 41).
If the registry allows you to delete the registration, perform the procedure in this topic. If the registry
doesn't allow you to delete a domain name registration, disable automatic renewal of domain registration
for this domain. When the Expires on date passes, Amazon Route 53 will automatically delete the
registration for the domain. For information about how to change the automatic renewal setting, see
Editing Contact Information and Other Settings for a Domain (p. 20).

Important
If you delete a domain name registration before the registration was scheduled to expire, we will
not refund the registration fee.

To delete a domain name registration
1.
2.
3.
4.
5.

Sign in to the AWS Management Console and open the Amazon Route 53 console at https://
console.aws.amazon.com/route53/.
In the navigation pane, choose Registered Domains.
Choose the name of your domain.
Choose Delete Domain.
If the registry for your TLD allows deleting a domain name registration, choose Delete Domain.

Downloading a Domain Billing Report
AWS invoices don't include the domain name for domain registration charges. If you manage multiple
domains and you want to view charges by domain for a specified time period, you can download a domain
billing report. This report includes all charges that apply to domain registration, including the following:
•
•
•
•

Registering a domain
Renewing registration for a domain
Transferring a domain to Amazon Route 53
Changing the owner of a domain (for some TLDs, this operation is free)

The billing report, in CSV format, includes the following values:
• The AWS invoice ID that the charge appears on.
• The operation (REGISTER_DOMAIN, RENEW_DOMAIN, TRANSFER_IN_DOMAIN, or
CHANGE_DOMAIN_OWNER).
• The name of the domain.
• The charge for the operation in US dollars.
• The date and time in ISO 8601 format, for example, 2016-03-03T19:20:25.177Z. For more information
about ISO 8601 format, see the Wikipedia article ISO 8601.

To download a domain billing report
1.

Sign in to the AWS Management Console and open the Amazon Route 53 console at https://
console.aws.amazon.com/route53/.

API Version 2013-04-01
40

Amazon Route 53 Developer Guide
Domains that You Can Register with Amazon Route 53

2.
3.

In the navigation pane, choose Registered Domains.
Choose Domain billing report.

4.
5.

Choose the date range for the report, and then choose Download domain report.
Follow the prompts to open the report or to save it.

Domains that You Can Register with Amazon
Route 53
The following lists show the top-level domains (TLDs) for which you can register domains with Amazon
Route 53.
Topics
• Generic Top-Level Domains (p. 41)
• Geographic Domains (p. 122)

Generic Top-Level Domains
Generic top-level domains (gTLDs) are global extensions that are used and recognized around the world,
such as .com, .net, and .org. They also include specialty domains such as .bike, .condos, and .marketing.
Not all gTLDs support internationalized domain names (IDNs). The following list indicates whether each
gTLD supports IDNs. For more information about internationalized domain names, see DNS Domain
Name Format (p. 2).
A | B | C | D | E | F | G | H | I,J | K | L | M | N | O | P | Q | R | S | T | U | V | W,X,Y,Z

A
.academy, .accountants, .adult, .agency, .apartments, .associates, .auction, .audio
.academy
Used by educational institutions such as schools and universities. Also used by recruiters, advisors,
advertisers, students, teachers, and administrators who are affiliated with educational institutions.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for French and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.accountants
Used by businesses, groups, and individuals affiliated with the accounting profession.
Registration and renewal period
One to ten years.
API Version 2013-04-01
41

Amazon Route 53 Developer Guide
Generic Top-Level Domains

Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for French and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.adult
Used for websites that host adults-only content.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Not supported.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.agency
Used by any businesses or groups that identify as agencies.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for French and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.apartments
Used by real estate agents, landlords, and renters.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for French and Spanish.
API Version 2013-04-01
42

Amazon Route 53 Developer Guide
Generic Top-Level Domains

DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.associates
Used by businesses and firms that include the term "associates" in their titles. Also used by any
groups or agencies that want to indicate the professional nature of their organizations.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for French and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.auction
Used for events related to auctions and auction-based buying and selling.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for Chinese, French, German, Spanish, and Latin.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.audio
Used by the audiovisual industry and anyone interested in broadcasting, sound equipment, audio
production, and audio streaming.
Registration and renewal period
One to ten years.
Privacy protection
Not supported.
Internationalized domain names
Supported for Cyrillic (primarily Russian), French, German, Italian, Portuguese, and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.

API Version 2013-04-01
43

Amazon Route 53 Developer Guide
Generic Top-Level Domains

B
.band, .bargains, .bike, .bingo, .biz, .black, .blue, .boutique, .builders, .business, .buzz
.band
Used for sharing information about musical bands and band events. Also used by musicians to
connect with their fan base and sell band-related merchandise.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for Chinese, French, German, Spanish, and Latin.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.bargains
Used for information about sales and promotions.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for French and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.bike
Used by businesses or groups that cater to cyclists, such as bike stores, motorcycle dealerships,
and repair shops.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for French and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.

API Version 2013-04-01
44

Amazon Route 53 Developer Guide
Generic Top-Level Domains

.bingo
Used for online gaming websites or for sharing information about the game of bingo.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for French and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.biz
Used for business or commercial use.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Not supported.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.black
Used by those who like the color black or those who want to associate the color black with their
business or brand.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Not supported.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.blue
Used by those who like the color blue or those who want to associate the color blue with their business
or brand.
Registration and renewal period
One to ten years.

API Version 2013-04-01
45

Amazon Route 53 Developer Guide
Generic Top-Level Domains

Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Not supported.
DNSSEC
Not supported.
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.boutique
Used for information about boutiques and small specialty shops.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for French and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.builders
Used by companies and individuals affiliated with the construction industry.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for French and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.business
Used by any kind of business. Can be used as an alternative to the .biz extension.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for French and Spanish.

API Version 2013-04-01
46

Amazon Route 53 Developer Guide
Generic Top-Level Domains

DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.buzz
Used for information about the latest news and events.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for Spanish.
DNSSEC
Not supported.
Registrar
The registrar for this TLD is our registrar associate, Gandi.

C
.cab, .cafe, .camera, .camp, .capital, .cards, .care, .careers, .cash, .casino, .catering, .center, .ceo, .chat,
.cheap, .church, .city, .claims, .cleaning, .click, .clinic, .clothing, .cloud, .club, .coach, .codes, .coffee,
.college, .com, .community, .company, .computer, .condos, .construction, .consulting, .contractors, .cool,
.coupons, .credit, .creditcard, .cruises
.cab
Used by companies and individuals affiliated with the taxicab industry.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for French and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.cafe
Used by cafe businesses and those who have an interest in cafe culture.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name

API Version 2013-04-01
47

Amazon Route 53 Developer Guide
Generic Top-Level Domains

Internationalized domain names
Supported for Chinese, French, German, and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.camera
Used by photography enthusiasts and anyone who wants to share photos.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for French and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.camp
Used by parks and recreation departments, summer camps, writers' workshops, fitness camps, and
camping enthusiasts.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for French and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.capital
Used as a general category that describes any kind of capital, such as financial capital or the capital
of a city.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for French and Spanish.

API Version 2013-04-01
48

Amazon Route 53 Developer Guide
Generic Top-Level Domains

DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.cards
Used by businesses that specialize in cards such as ecards, printed greeting cards, business cards,
and playing cards. Also ideal for gamers who want to discuss the rules and strategies of card games.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for French and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.care
Used by businesses or agencies in the care-giving field. Also used by charitable organizations.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for French and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.careers
Used for information about job recruitment.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for French and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.

API Version 2013-04-01
49

Amazon Route 53 Developer Guide
Generic Top-Level Domains

.cash
Used by any organization, group, or individual engaged in money-related activities.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for French and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.casino
Used by the gambling industry or by gamers who want to share information about gambling and
casino games.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for French and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.catering
Used by catering businesses or those who share information about food-related events.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for French and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.center
Used as a generic extension for everything from research organizations to community centers.
Registration and renewal period
One to ten years.

API Version 2013-04-01
50

Amazon Route 53 Developer Guide
Generic Top-Level Domains

Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for French and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.ceo
Used for information about CEOs and their equals.
Registration and renewal period
One to ten years.
Privacy protection
Not supported.
Internationalized domain names
Supported for German.
DNSSEC
Not supported.
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.chat
Used by any kind of online chat website.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for French and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.cheap
Used by e-commerce websites to promote and sell inexpensive products.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for French and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
API Version 2013-04-01
51

Amazon Route 53 Developer Guide
Generic Top-Level Domains

Registrar
The registrar for this TLD is our registrar associate, Gandi.
.church
Used by churches of any size or denomination to connect with their congregations and to publish
information about church-related events and activities.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for French and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.city
Used to provide information about specific cities, such as points of interest, top local spots to visit,
or neighborhood activities.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for French and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.claims
Used by companies that handle insurance claims or provide legal services.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for French and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.cleaning
Used by businesses or individuals that provide cleaning services.

API Version 2013-04-01
52

Amazon Route 53 Developer Guide
Generic Top-Level Domains

Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for French and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.click
Used by businesses that want to associate the action of clicking with their websites, for example,
clicking products on a website to purchase them.
Registration and renewal period
One to ten years.
Privacy protection
Not supported.
Internationalized domain names
Supported for Cyrillic (primarily Russian), French, German, Italian, Portuguese, and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.clinic
Used by the health care industry and by medical professionals.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for French and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.clothing
Used by those in the fashion industry, including retailers, department stores, designers, tailors, and
outlets.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name

API Version 2013-04-01
53

Amazon Route 53 Developer Guide
Generic Top-Level Domains

Internationalized domain names
Supported for French and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.cloud
Used as a general extension, but ideal for companies that provide cloud computing technologies and
services.
Registration and renewal period
One to ten years.
Privacy protection
Not supported.
Internationalized domain names
Not supported.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.club
Used by any type of club or organization.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for Spanish and Japanese.
DNSSEC
Not supported.
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.coach
Used by anyone with an interest in coaching, such as sports professionals, lifestyle coaches, or
corporate trainers.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for French and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.

API Version 2013-04-01
54

Amazon Route 53 Developer Guide
Generic Top-Level Domains

.codes
Used as a generic extension for all kinds of code, such as codes of conduct, building codes, or
programming code.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for French and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.coffee
Used by those in the coffee industry.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for French and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.college
Used by educational institutions such as schools and universities. Also used by recruiters, advisors,
advertisers, students, teachers, and administrators who are affiliated with educational institutions.
Registration and renewal period
One to ten years.
Privacy protection
Not supported.
Internationalized domain names
Supported for Arabic, simplified and traditional Chinese, Cyrillic, Greek, Hebrew, Japanese, and
Thai.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.com
Used for commercial websites. It is the most popular extension on the Internet.
Registration and renewal period
One to ten years.
Privacy protection
All information is hidden.
API Version 2013-04-01
55

Amazon Route 53 Developer Guide
Generic Top-Level Domains

Internationalized domain names
Supported.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is Amazon Registrar, Inc.
.community
Used by any type of community, club, organization, or special interest group.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for French and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.company
Used as a generic extension for companies of all kinds.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for French and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.computer
Used as a generic extension for information about computers.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for French and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).

API Version 2013-04-01
56

Amazon Route 53 Developer Guide
Generic Top-Level Domains

Registrar
The registrar for this TLD is our registrar associate, Gandi.
.condos
Used by individuals and businesses associated with condominiums.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for French and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.construction
Used by those in the construction industry, such as builders and contractors.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for French and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.consulting
Used by consultants and others who are affiliated with the consulting industry.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for Chinese, French, German, Latin, and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.contractors
Used by contractors, such as contractors in the construction industry.
Registration and renewal period
One to ten years.
API Version 2013-04-01
57

Amazon Route 53 Developer Guide
Generic Top-Level Domains

Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for French and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.cool
Used by organizations and groups who want to associate their brand with the latest trends.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for French and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.coupons
Used by retailers and manufacturers that provide online coupons and coupon codes.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for Chinese, French, German, and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.credit
Used by the credit industry.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for French and Spanish.
API Version 2013-04-01
58

Amazon Route 53 Developer Guide
Generic Top-Level Domains

DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.creditcard
Used by companies or banks that issue credit cards.
Registration and renewal period
One to ten years.
Privacy protection
Not supported.
Internationalized domain names
Supported for French and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.cruises
Used by the voyage industry.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for French and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.

D
.dance, .dating, .deals, .delivery, .democrat, .dental, .diamonds, .diet, .digital, .direct, .directory, .discount,
.dog, .domains
.dance
Used by dancers, dance instructors, and dance schools.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for Chinese, French, German, Latin, and Spanish.
DNSSEC
Not supported.

API Version 2013-04-01
59

Amazon Route 53 Developer Guide
Generic Top-Level Domains

Registrar
The registrar for this TLD is our registrar associate, Gandi.
.dating
Used for dating websites.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for French and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.deals
Used to provide information about online bargains and sales.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for French and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.delivery
Used by companies that deliver any kind of merchandise or service.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for French and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.democrat
Used for information about the Democratic Party. Also used by officials running for elected office,
elected officials, political enthusiasts, consultants, and advisors.

API Version 2013-04-01
60

Amazon Route 53 Developer Guide
Generic Top-Level Domains

Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for Chinese, French, German, Latin, and Spanish.
DNSSEC
Not supported.
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.dental
Used by dental professionals and dental suppliers.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for French and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.diamonds
Used by diamond enthusiasts and those in the diamond industry, including sellers, resellers, and
merchandisers.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for French and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.diet
Used by health and fitness professionals.
Registration and renewal period
One to ten years.
Privacy protection
Not supported.
Internationalized domain names
Supported for Cyrillic (primarily Russian), French, German, Italian, Portuguese, and Spanish.
API Version 2013-04-01
61

Amazon Route 53 Developer Guide
Generic Top-Level Domains

DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.digital
Used for anything and everything digital, but ideal for technology businesses.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for French and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.direct
Used as a general extension, but ideal for those who sell products directly to customers through an
e-commerce website.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for French and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.directory
Used by the media sector.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for French and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.

API Version 2013-04-01
62

Amazon Route 53 Developer Guide
Generic Top-Level Domains

.discount
Used for discount websites and businesses that slash prices.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for French and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.dog
Used by dog lovers and those who provide canine services and products.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for Chinese, French, German, and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.domains
Used for information about domain names.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for French and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.

E
.education, .email, .energy, .engineering, .enterprises, .equipment, .estate, .events, .exchange, .expert,
.exposed, .express

API Version 2013-04-01
63

Amazon Route 53 Developer Guide
Generic Top-Level Domains

.education
Used for information about education.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for French and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.email
Used for information about promoting email.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for French and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.energy
Used as a general extension, but ideal for those in the energy or energy conservation fields.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for French and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.engineering
Used by engineering firms and professionals.
Registration and renewal period
One to ten years.

API Version 2013-04-01
64

Amazon Route 53 Developer Guide
Generic Top-Level Domains

Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for French and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.enterprises
Used for information about enterprises and businesses.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for French and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.equipment
Used for information about equipment, equipment retailers or manufacturers, and rental shops.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for French and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.estate
Used for information about housing and the housing sector.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for French and Spanish.
API Version 2013-04-01
65

Amazon Route 53 Developer Guide
Generic Top-Level Domains

DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.events
Used for information about events of all kinds.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for French and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.exchange
Used for any type of exchange: the stock exchange, the exchange of goods, or even the simple
exchange of information.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for French and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.expert
Used by those who have specialized knowledge in a variety of fields.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for French and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.

API Version 2013-04-01
66

Amazon Route 53 Developer Guide
Generic Top-Level Domains

.exposed
Used as a generic extension for a variety of subjects, including photography, tabloids, and investigative
journalism.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for French and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.express
Used as a general extension, but ideal for those who want to emphasize the speedy delivery of good
or services.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for Chinese, French, German, and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.

F
.fail, .farm, .finance, .financial, .fish, .fitness, .flights, .florist, .flowers, .football, .forsale, .foundation, .fund,
.furniture, .futbol, .fyi
.fail
Used by anyone who has made mistakes, but ideal for publishing humorous "fail" blunders and
bloopers.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for French and Spanish.

API Version 2013-04-01
67

Amazon Route 53 Developer Guide
Generic Top-Level Domains

DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.farm
Used by those in the farming industry, such as farmers and agricultural engineers.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for French and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.finance
Used by the financial sector.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for French and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.financial
Used by the financial sector.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for French and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.

API Version 2013-04-01
68

Amazon Route 53 Developer Guide
Generic Top-Level Domains

.fish
Used as a general extension, but ideal for websites related to fish and fishing.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for French and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.fitness
Used to promote fitness and fitness services.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for French and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.flights
Used by travel agents, airlines, and anyone affiliated with the travel industry.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for French and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.florist
Used by florists.
Registration and renewal period
One to ten years.

API Version 2013-04-01
69

Amazon Route 53 Developer Guide
Generic Top-Level Domains

Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for French and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.flowers
Used for anything related to flowers, such as online flower sales or information about flower growing
and breeding.
Registration and renewal period
One to ten years.
Privacy protection
Not supported.
Internationalized domain names
Supported for Cyrillic (primarily Russian), French, German, Italian, Portuguese, and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.football
Used by anyone involved in the sport of football.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for French and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.forsale
Used for selling goods and services.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for Chinese, French, German, Latin, and Spanish.

API Version 2013-04-01
70

Amazon Route 53 Developer Guide
Generic Top-Level Domains

DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.foundation
Used by non-profit organizations, charities, and other kinds of foundations.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for French and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.fund
Used as a general extension for anything related to funding.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for French and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.furniture
Used by furniture makers and sellers and anyone affiliated with the furniture industry.
Registration and renewal period
One to ten years.
Privacy protection
Not supported.
Internationalized domain names
Supported for French and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.futbol
Used for information about soccer (futbol).

API Version 2013-04-01
71

Amazon Route 53 Developer Guide
Generic Top-Level Domains

Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for Chinese, French, German, Latin, and Spanish.
DNSSEC
Not supported.
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.fyi
Used as a general extension, but ideal for sharing information of all kinds. "FYI" is an acronym for
"for your information."
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for Chinese, French, German, and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.

G
.gallery, .gift, .gifts, .glass, .global, .gold, .golf, .graphics, .gratis, .green, .gripe, .guide, .guitars, .guru
.gallery
Used by owners of art galleries.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for French and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.gift
Used by businesses or organizations that sell gifts or provide gift-related services.

API Version 2013-04-01
72

Amazon Route 53 Developer Guide
Generic Top-Level Domains

Registration and renewal period
One to ten years.
Privacy protection
Not supported.
Internationalized domain names
Supported for Cyrillic (primarily Russian), French, German, Italian, Portuguese, and Spanish.
DNSSEC
Not supported.
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.gifts
Used by businesses or organizations that sell gifts or provide gift-related services.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for French and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.glass
Used by those in the glass industry, such as glass cutters and window installers.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for French and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.global
Used by businesses or groups with an international market or vision.
Registration and renewal period
One to ten years.
Privacy protection
Not supported.
Internationalized domain names
Supported for Arabic, Belarusian, Bosnian, Bulgarian, Chinese (Simplified) Chinese (Traditional),
Danish, German, Hindi, Hungarian, Icelandic, Korean, Latvian, Lithuanian, Macedonian,
Montenegrin, Polish, Russian, Serbian, Spanish, Swedish, and Ukrainian.

API Version 2013-04-01
73

Amazon Route 53 Developer Guide
Generic Top-Level Domains

DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.gold
Used as a general extension, but ideal for companies that purchase or sell gold or gold-related
products.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for Chinese, French, German, and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.golf
Used for websites devoted to the game of golf.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for Chinese, French, German, and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.graphics
Used by those in the graphics industry.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for French and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.

API Version 2013-04-01
74

Amazon Route 53 Developer Guide
Generic Top-Level Domains

.gratis
Used for websites that offer free products, such as promotional items, downloads, or coupons. "Gratis"
is a Spanish word that means "free."
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for French and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.green
Used for websites devoted to conservation, ecology, the environment, and the green lifestyle.
Registration and renewal period
One to ten years.
Privacy protection
Not supported.
Internationalized domain names
Not supported.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.gripe
Used for sharing complaints and criticism.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for French and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.guide
Used as a general extension, but ideal for websites that focus on travel destinations, services, and
products.
Registration and renewal period
One to ten years.

API Version 2013-04-01
75

Amazon Route 53 Developer Guide
Generic Top-Level Domains

Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for French and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.guitars
Used by guitar enthusiasts.
Registration and renewal period
One to ten years.
Privacy protection
Not supported.
Internationalized domain names
Supported for Cyrillic (primarily Russian), French, German, Italian, Portuguese, and Spanish.
DNSSEC
Not supported.
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.guru
Used by those who want to share their knowledge about a variety of subjects.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for French and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.

H
.haus, .healthcare, .help, .hiv, .hockey, .holdings, .holiday, .host, .hosting, .house
.haus
Used by real estate and construction industries. "Haus" is a German word that means "house."
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
API Version 2013-04-01
76

Amazon Route 53 Developer Guide
Generic Top-Level Domains

Internationalized domain names
Supported for Chinese, French, German, Latin, and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.healthcare
Used by the heathcare sector.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for French and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.help
Used as a general extension, but ideal for websites that provide online help and information.
Registration and renewal period
One to ten years.
Privacy protection
Not supported.
Internationalized domain names
Supported for Cyrillic (primarily Russian), French, German, Italian, Portuguese, and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.hiv
Used for websites devoted to the fight against HIV.
Registration and renewal period
One to ten years.
Privacy protection
Not supported.
Internationalized domain names
Supported for Cyrillic (primarily Russian), French, German, Italian, Portuguese, and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.hockey
Used for websites devoted to the game of hockey.
Registration and renewal period
One to ten years.
API Version 2013-04-01
77

Amazon Route 53 Developer Guide
Generic Top-Level Domains

Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for Chinese, French, German, and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.holdings
Used by financial advisors, stockbrokers, and those who work with investments.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for French and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.holiday
Used by those in the travel industry and individuals and businesses involved in party planning and
special occasions.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for French and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.host
Used by companies that provide web hosting platforms and services.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name

API Version 2013-04-01
78

Amazon Route 53 Developer Guide
Generic Top-Level Domains

Internationalized domain names
Not supported.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.hosting
Used for hosting websites or by those in the hosting industry.
Registration and renewal period
One to ten years.
Privacy protection
Not supported.
Internationalized domain names
Supported for Chinese, French, German, and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.house
Used by real estate agents and buyers and sellers of houses.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for French and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.

I,J
.immo, .immobilien, .industries, .info, .ink, .institute, .insure, .international, .investments, .irish, .jewelry,
.juegos
.immo
Used by the real estate sector.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for French and Spanish.

API Version 2013-04-01
79

Amazon Route 53 Developer Guide
Generic Top-Level Domains

DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.immobilien
Used for information about real estate.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for Chinese, French, German, and Spanish.
DNSSEC
Not supported.
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.industries
Used by any business or commercial enterprise that wants to identify as an industry.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for French and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.info
Used for the dissemination of information.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Not supported.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.ink
Used by tattoo enthusiasts or any industry related to ink, such as printing and publishing industries.
API Version 2013-04-01
80

Amazon Route 53 Developer Guide
Generic Top-Level Domains

Registration and renewal period
One to ten years.
Privacy protection
Not supported.
Internationalized domain names
Supported for Arabic and Latin.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.institute
Used by any organization or group, especially research and educational organizations.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for French and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.insure
Used by insurance companies and insurance brokers.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for French and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.international
Used by businesses that have international chains, individuals who travel internationally, or charity
organizations with an international influence.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name

API Version 2013-04-01
81

Amazon Route 53 Developer Guide
Generic Top-Level Domains

Internationalized domain names
Supported for French and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.investments
Used as a general extension, but ideal for promoting investment opportunities.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for French and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.irish
Used for promoting Irish culture and organizations.
Registration and renewal period
One to ten years.
Privacy protection
Not supported.
Internationalized domain names
Not supported.
DNSSEC
Not supported.
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.jewelry
Used by jewelry sellers and buyers.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for Chinese, French, German, and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.juegos
Used for gaming websites of all kinds. "Juegos" is a Spanish word that means "games."

API Version 2013-04-01
82

Amazon Route 53 Developer Guide
Generic Top-Level Domains

Registration and renewal period
One to ten years.
Privacy protection
Not supported.
Internationalized domain names
Supported for Cyrillic (primarily Russian), French, German, Italian, Portuguese, and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.

K
.kaufen, .kim, .kitchen, .kiwi
.kaufen
Used for information about e-commerce.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for Chinese, French, German, Latin, and Spanish.
DNSSEC
Not supported.
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.kim
Used by people whose name or surname is Kim.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported.
DNSSEC
Not supported.
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.kitchen
Used by kitchen retailers, cooks, food bloggers, and anyone in the food industry.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
API Version 2013-04-01
83

Amazon Route 53 Developer Guide
Generic Top-Level Domains

• Not hidden – contact name and organization name
Internationalized domain names
Supported for French and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.kiwi
Used by companies and individuals who want to support New Zealand kiwi culture. It is also used
as a platform for charitable aid in the reconstruction of Christchurch, damaged by earthquakes in
2010 and 2011.
Registration and renewal period
One to ten years.
Privacy protection
Not supported.
Internationalized domain names
Supported for Maori.
DNSSEC
Not supported.
Registrar
The registrar for this TLD is our registrar associate, Gandi.

L
.land, .lease, .legal, .lgbt, .life, .lighting, .limited, .limo, .link, .live, .loan, .loans, .lol
.land
Used by farmers, real estate agents, commercial developers, and anyone with an interest in property.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for French and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.lease
Used by realtors, landlords, and renters.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name

API Version 2013-04-01
84

Amazon Route 53 Developer Guide
Generic Top-Level Domains

Internationalized domain names
Supported for French and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.legal
Used by members of the legal profession.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for French and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.lgbt
Used by the community of lesbian, gay, bisexual, and transgender people.
Registration and renewal period
One to ten years.
Privacy protection
Not supported.
Internationalized domain names
Not supported.
DNSSEC
Not supported.
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.life
Used as a general extension, and suitable for a wide range of businesses, groups, and individuals.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for French and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.lighting
Used by photographers, designers, architects, engineers, and others with an interest in lighting.

API Version 2013-04-01
85

Amazon Route 53 Developer Guide
Generic Top-Level Domains

Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for French and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.limited
Used as a general extension, and suitable for a wide range of businesses, groups, and individuals.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for French and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.limo
Used by chauffeurs, limousine companies, and car rental agencies.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for French and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.link
Used for information about the creation of online shortcut links.
Registration and renewal period
One to ten years.
Privacy protection
Not supported.
Internationalized domain names
Supported for Cyrillic (primarily Russian), French, German, Italian, Portuguese, and Spanish.
API Version 2013-04-01
86

Amazon Route 53 Developer Guide
Generic Top-Level Domains

DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.live
Used as a general extension, and suitable for a wide range of businesses, groups, and individuals.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for Chinese, French, German, Latin, and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.loan
Used by lenders, borrowers, and credit professionals.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for Danish, German, Norwegian, and Swedish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.loans
Used by lenders, borrowers, and credit professionals.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for French and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.

API Version 2013-04-01
87

Amazon Route 53 Developer Guide
Generic Top-Level Domains

.lol
Used for humor and comedy websites. "LOL" is an acronym for "laugh out loud."
Registration and renewal period
One to ten years.
Privacy protection
Not supported.
Internationalized domain names
Supported for Cyrillic, French, German, Italian, Portuguese, and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.

M
.maison, .management, .marketing, .mba, .media, .memorial, .mobi, .moda, .money, .mortgage, .movie
.maison
Used by the real estate sector.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for French and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.management
Used for information about the business world and company management.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for French and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.marketing
Used by the marketing sector for a variety of purposes.

API Version 2013-04-01
88

Amazon Route 53 Developer Guide
Generic Top-Level Domains

Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for French and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.mba
Used for websites that provide information about the master's degree in business administration
(MBA).
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for Chinese, French, German, and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.media
Used by the media and entertainment sectors.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for French and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.memorial
Used by commemorative organizations dedicated to honoring events and people.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
API Version 2013-04-01
89

Amazon Route 53 Developer Guide
Generic Top-Level Domains

• Not hidden – contact name and organization name
Internationalized domain names
Supported for French and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.mobi
Used by companies and individuals who want to have their websites accessible on mobile phones.
Registration and renewal period
One to ten years.
Privacy protection
Not supported.
Internationalized domain names
Not supported.
DNSSEC
Not supported.
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.moda
Used for information about fashion.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for Chinese, French, German, Latin, and Spanish.
DNSSEC
Not supported.
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.money
Used for websites that focus on money and money-related activities.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for French and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.mortgage
Used by the mortgage industry.
API Version 2013-04-01
90

Amazon Route 53 Developer Guide
Generic Top-Level Domains

Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for Chinese, French, German, Latin, and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.movie
Used for websites that provide information about movies and movie-making. Suitable for both
professionals and fans.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for Chines, French, German, and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.

N
.name, .net, .network, .news, .ninja
.name
Used by anyone who wants to create a personalized web presence.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.net
Used for all types of websites. The .net extension is an abbreviation of network.

API Version 2013-04-01
91

Amazon Route 53 Developer Guide
Generic Top-Level Domains

Registration and renewal period
One to ten years.
Privacy protection
All information is hidden.
Internationalized domain names
Supported.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is Amazon Registrar, Inc.
.network
Used by those in the network industry or those who want to build connections through networking.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for French and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.news
Used for distributing any newsworthy information such as current events or information related to
journalism and communication.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for Chinese, French, German, Latin, and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.ninja
Used by individuals and businesses who want to associate themselves with the abilities of a ninja.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name

API Version 2013-04-01
92

Amazon Route 53 Developer Guide
Generic Top-Level Domains

Internationalized domain names
Supported for Chinese, French, German, Latin, and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.

O
.onl, .online, .org
.onl
The .onl extension is an abbreviation for "online," and it is also the short term in Spanish for non-profit
organization.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for Arabic, Belarussian, Bosnian, Bulgarian, Chinese (Simplified and Traditional),
Danish, German, Hindi, Hungarian, Icelandic, Korean, Lithuanian, Latvian, Macedonian, Polish,
Russian, Serbian, and Spanish.
DNSSEC
Not supported.
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.online
The .onl extension is an abbreviation for "online," and it is also the short term in Spanish for non-profit
organization.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.org
Used by all kinds of organizations.
Registration and renewal period
One to ten years.
Privacy protection
All information is hidden.

API Version 2013-04-01
93

Amazon Route 53 Developer Guide
Generic Top-Level Domains

Internationalized domain names
Not supported.
DNSSEC
Not supported.
Registrar
The registrar for this TLD is Amazon Registrar, Inc.

P
.partners, .parts, .photo, .photography, .photos, .pics, .pictures, .pink, .pizza, .place, .plumbing, .plus,
.poker, .porn, .pro, .productions, .properties, .property, .pub
.partners
Used by law firms, investors, and a variety of companies. Also used for social websites that build
relationships.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for French and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.parts
Used as a general extension, but ideal for parts manufacturers, sellers, and buyers.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for French and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.photo
Used by photographers and anyone interested in photos.
Registration and renewal period
One to ten years.
Privacy protection
Not supported.
Internationalized domain names
Supported for Cyrillic (primarily Russian), French, German, Italian, Portuguese, and Spanish.

API Version 2013-04-01
94

Amazon Route 53 Developer Guide
Generic Top-Level Domains

DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.photography
Used by photographers and anyone interested in photos.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for French and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.photos
Used by photographers and anyone interested in photos.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for French and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.pics
Used by photographers and anyone interested in photos.
Registration and renewal period
One to ten years.
Privacy protection
Not supported.
Internationalized domain names
Supported for Cyrillic (primarily Russian), French, German, Italian, Portuguese, and Spanish.
DNSSEC
Not supported.
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.pictures
Used by anyone interested in photography, art, and media.
Registration and renewal period
One to ten years.

API Version 2013-04-01
95

Amazon Route 53 Developer Guide
Generic Top-Level Domains

Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for French and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.pink
Used by those who like the color pink or those who want to associate the color pink with their business
or brand.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported.
DNSSEC
Not supported.
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.pizza
Used by pizza restaurants and pizza lovers.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for French and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.place
Used as a general extension, but ideal for the home and travel sectors.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for French and Spanish.
API Version 2013-04-01
96

Amazon Route 53 Developer Guide
Generic Top-Level Domains

DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.plumbing
Used by those in the plumbing industry.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for French and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.plus
Used as a general extension, but ideal for plus-size clothing, add-on software, or any product that
offers "extra" features or dimensions.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for Chinese, French, German, and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.poker
Used by poker players and gaming websites.
Registration and renewal period
One to ten years.
Privacy protection
Not supported.
Internationalized domain names
Not supported.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.porn
Used for adults-only websites.

API Version 2013-04-01
97

Amazon Route 53 Developer Guide
Generic Top-Level Domains

Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Not supported.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.pro
Used by licensed and credentialed professionals and professional organizations.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
Not supported.
Internationalized domain names
Not supported.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.productions
Used by studios and production houses that make commercials, radio ads, and music videos.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for French and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.properties
Used for information about any type of property, including real estate or intellectual property. Also
used by those who have houses, buildings, or land to sell, lease, or rent.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name

API Version 2013-04-01
98

Amazon Route 53 Developer Guide
Generic Top-Level Domains

Internationalized domain names
Supported for French and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.property
Used for information about any type of property, including real estate or intellectual property. Also
used by those who have houses, buildings, or land to sell, lease, or rent.
Registration and renewal period
One to ten years.
Privacy protection
Not supported.
Internationalized domain names
Supported for Cyrillic (primarily Russian), French, German, Italian, Portuguese, and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.pub
Used by those in the publication, advertising, or brewing business.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for Chinese, French, German, Latin, and Spanish.
DNSSEC
Not supported.
Registrar
The registrar for this TLD is our registrar associate, Gandi.

Q
.qpon
.qpon
Used for coupons and promo codes.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for Spanish.

API Version 2013-04-01
99

Amazon Route 53 Developer Guide
Generic Top-Level Domains

DNSSEC
Not supported.
Registrar
The registrar for this TLD is our registrar associate, Gandi.

R
.recipes, .red, .reise, .reisen, .rentals, .repair, .report, .republican, .restaurant, .reviews, .rich, .rip, .rocks,
.run
.recipes
Used by those with recipes to share.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for French and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.red
Used by those who like the color red or those who want to associate the color red with their business
or brand.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported.
DNSSEC
Not supported.
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.reise
Used for websites related to travels or journeys. "Reise" is a German word that means "rise," "arise,"
or "set out on a journey."
Registration and renewal period
One to ten years.
Privacy protection
Not supported.
Internationalized domain names
Supported for Chinese, French, German, and Spanish.

API Version 2013-04-01
100

Amazon Route 53 Developer Guide
Generic Top-Level Domains

DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.reisen
Used for websites related to travels or journeys. "Reisen" is a German word that means "to arise" or
"to set out on a journey."
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for French and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.rentals
Used for all types of rentals.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for French and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.repair
Used by repair services or by those who want to teach others how to repair all kinds of items.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for French and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.

API Version 2013-04-01
101

Amazon Route 53 Developer Guide
Generic Top-Level Domains

.report
Used as a general extension, but ideal for information about business reports, community publications,
book reports, or news reporting.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for French and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.republican
Used for information about the Republican Party. Also used by officials running for elected office,
elected officials, political enthusiasts, consultants, and advisors.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for Chinese, French, German, Latin, and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.restaurant
Used by the restaurant industry.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for French and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.reviews
Used by those who want give their opinions and read the comments of others.
Registration and renewal period
One to ten years.

API Version 2013-04-01
102

Amazon Route 53 Developer Guide
Generic Top-Level Domains

Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for Chinese, French, German, Latin, and Spanish.
DNSSEC
Not supported.
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.rich
Used for information about wealthy people, including celebrities from the worlds of industry, art,
fashion, sports, and entertainment. Also used by providers of luxury services and brands.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Arabic, Belarussian, Bosnian, Bulgarian, Chinese (Simplified and Traditional), Danish, German,
Hindi, Hungarian, Icelandic, Korean, Lithuanian, Latvian, Macedonian, Polish, Russian, Serbian,
and Spanish.
DNSSEC
Not supported.
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.rip
Used for websites dedicated to death and memorials. "RIP" is an acronym for "rest in peace."
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for Chinese, French, German, Latin, and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.rocks
Used as a general extension, but ideal for anyone who “rocks”: musicians, geologists, jewelers,
climbers, and more.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
API Version 2013-04-01
103

Amazon Route 53 Developer Guide
Generic Top-Level Domains

Internationalized domain names
Supported for Chinese, French, German, Latin, and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.run
Used as a general extension, but ideal for the fitness and sports industry.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for Chinese, French, German, and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.

S
.sale, .sarl, .school, .schule, .services, .sex, .sexy, .shiksha, .shoes, .show, .singles, .soccer, .social,
.solar, .solutions, .studio, .style, .sucks, .supplies, .supply, .support, .surgery, .systems
.sale
Used by e-commerce websites.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for Chinese, French, German, Latin, and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.sarl
Used by limited liability companies typically located in France. "SARL" is an acronym for Société à
Responsabilité Limité.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address

API Version 2013-04-01
104

Amazon Route 53 Developer Guide
Generic Top-Level Domains

• Not hidden – contact name and organization name
Internationalized domain names
Supported for French and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.school
Used for information about education, educational institutions, and school-related activities.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for French and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.schule
Used for information about German-based education, educational institutions, and school-related
activities. "Schule" is a German word that means "school."
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for French and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.services
Used for websites that focus on services of any kind.
Registration and renewal period
One to ten years.
Privacy protection
Not supported.
Internationalized domain names
Supported for French and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).

API Version 2013-04-01
105

Amazon Route 53 Developer Guide
Generic Top-Level Domains

Registrar
The registrar for this TLD is our registrar associate, Gandi.
.sex
Used for adults-only content.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Not supported.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.sexy
Used for sexual content. Also used for describing the most popular and exciting brands, products,
information, and websites.
Registration and renewal period
One to ten years.
Privacy protection
Not supported.
Internationalized domain names
Supported for Cyrillic (primarily Russian), French, German, Italian, Portuguese, and Spanish.
DNSSEC
Not supported.
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.shiksha
Used by educational institutions. "Shiksha" is an Indian term for school.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported.
DNSSEC
Not supported.
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.shoes
Used by shoe retailers, designers, manufacturers, or fashion bloggers.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
API Version 2013-04-01
106

Amazon Route 53 Developer Guide
Generic Top-Level Domains

• Not hidden – contact name and organization name
Internationalized domain names
Supported for French and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.show
Used as a general extension, but ideal for the entertainment industry.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for Chinese, French, German, and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.singles
Used by dating services, resorts, and other businesses that cater to those who want to make a
connection.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for French and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.soccer
Used for websites dedicated to the game of soccer.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for Chinese, French, German, and Spanish.

API Version 2013-04-01
107

Amazon Route 53 Developer Guide
Generic Top-Level Domains

DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.social
Used for information about social media, forums, and online conversations.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for Chinese, French, German, Latin, and Spanish.
DNSSEC
Not supported.
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.solar
Used for information about the solar system or solar energy.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for French and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.solutions
Used by consultants, do-it-yourself services, and advisors of all kinds.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for French and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.studio
Used as a general extension, but ideal for those in the real estate, art, or entertainment industries.
API Version 2013-04-01
108

Amazon Route 53 Developer Guide
Generic Top-Level Domains

Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for Chinese, French, German, Latin, and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.style
Used as a general extension, but ideal for websites dedicated to the latest trends, especially trends
in fashion, design, architecture, and art.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for French and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.sucks
Used as a general extension, but ideal for those who want to share negative experiences or warn
others about scams, frauds, or faulty products.
Registration and renewal period
One to ten years.
Privacy protection
Not supported.
Internationalized domain names
Not supported.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.supplies
Used by businesses that sell goods online.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name

API Version 2013-04-01
109

Amazon Route 53 Developer Guide
Generic Top-Level Domains

Internationalized domain names
Supported for French and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.supply
Used by businesses that sell goods online.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for French and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.support
Used by businesses, groups, or charities that offer any kind of support, including customer, product,
or system support or emotional, financial, or spiritual support.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for French and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.surgery
Used for information about surgery, medicine, and healthcare.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for French and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).

API Version 2013-04-01
110

Amazon Route 53 Developer Guide
Generic Top-Level Domains

Registrar
The registrar for this TLD is our registrar associate, Gandi.
.systems
Used primarily by the technology industry and those who offer technology services.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for French and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.

T
.tattoo, .tax, .taxi, .team, .technology, .tennis, .theater, .tienda, .tips, .tires, .today, .tools, .tours, .town,
.toys, .trade, .training, .tv
.tattoo
Used by tattoo enthusiasts and the tattoo industry.
Registration and renewal period
One to ten years.
Privacy protection
Not supported.
Internationalized domain names
Supported for Cyrillic (primarily Russian), French, German, Italian, Portuguese, and Spanish.
DNSSEC
Not supported.
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.tax
Used for information about taxes, tax preparation, and tax law.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for French and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.

API Version 2013-04-01
111

Amazon Route 53 Developer Guide
Generic Top-Level Domains

.taxi
Used by cab, chauffeur, and shuttle companies.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for Chinese, French, German, and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.team
Used by any business or organization that wants to identify as a team.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for Chinese, French, German, and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.technology
Used by technology enthusiasts and those dedicated to technology in companies, services, and
manufacturers.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for French and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.tennis
Used for information related to the game of tennis.
Registration and renewal period
One to ten years.

API Version 2013-04-01
112

Amazon Route 53 Developer Guide
Generic Top-Level Domains

Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for French and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.theater
Used for websites dedicated to theaters, plays, and musicals.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for Chinese, French, German, and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.tienda
Used by retail businesses that want to connect with Spanish-speaking consumers.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for French and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.tips
Used by those who want to share their knowledge and advice on virtually any topic.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for French and Spanish.
API Version 2013-04-01
113

Amazon Route 53 Developer Guide
Generic Top-Level Domains

DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.tires
Used by manufacturers, distributors, or buyers of tires.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for French and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.today
Used for information about current events, news, weather, entertainment, and more.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for French and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.tools
Used for information about any kind of tool.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for French and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.

API Version 2013-04-01
114

Amazon Route 53 Developer Guide
Generic Top-Level Domains

.tours
Used as a general extension, but ideal for travel companies.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for Chinese, French, German, and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.town
Used to promote a city's locale, culture, and community.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for French and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.toys
Used by the toy industry.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for French and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.trade
Used as a general extension, but ideal for commerce websites or trading services.
Registration and renewal period
One to ten years.

API Version 2013-04-01
115

Amazon Route 53 Developer Guide
Generic Top-Level Domains

Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for Danish, German, Norwegian, and Swedish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.training
Used by trainers, coaches, and educators.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for French and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.tv
Used for information about television and media.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Not supported.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.

U
.university, .uno
.university
Used by universities and other educational organizations.
Registration and renewal period
One to ten years.

API Version 2013-04-01
116

Amazon Route 53 Developer Guide
Generic Top-Level Domains

Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for French and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.uno
Used for information about the Hispanic, Portuguese, and Italian communities.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.

V
.vacations, .vegas, .ventures, .viajes, .video, .villas, .vision, .voyage
.vacations
Used by the travel and tourism industry.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for French and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.vegas
Used to promote the city of Las Vegas and the Las Vegas lifestyle.
Registration and renewal period
One to ten years.

API Version 2013-04-01
117

Amazon Route 53 Developer Guide
Generic Top-Level Domains

Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Not supported.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.ventures
Used by entrepreneurs, startups, venture capitalists, investment banks, and financiers.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for French and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.viajes
Used by travel agencies, tour operators, travel blogs, tour companies, rental services, travel bloggers,
and travel retailers.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for French and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.video
Used by media and video industries.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name

API Version 2013-04-01
118

Amazon Route 53 Developer Guide
Generic Top-Level Domains

Internationalized domain names
Supported for Chinese, French, German, Latin, and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.villas
Used by real estate agents and property owners who have villas to sell, rent, or lease.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for French and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.vision
Used as a general extension, but ideal for vision specialists such as optometrists and ophthalmologists.
Registration and renewal period
One to ten years.
Privacy protection
Not supported.
Internationalized domain names
Supported for French and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.voyage
Used by travel agencies, tour operators, travel blogs, tour companies, rental services, travel bloggers,
and travel retailers.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for French and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.

API Version 2013-04-01
119

Amazon Route 53 Developer Guide
Generic Top-Level Domains

W,X,Y,Z
.watch, .website, .wiki, .works, .world, .wtf, .xyz, .zone
.watch
Used for information about streaming websites, web TVs, video, or watches.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for French and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.website
Used for information about website development, promotion, improvements, and experiences.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Not supported.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.wiki
Used for information about online documentation.
Registration and renewal period
One to ten years.
Privacy protection
Not supported.
Internationalized domain names
Supported for Arabic and Latin.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.works
Used by businesses, organizations, and individuals for information about work, job, and employment
services. This extension can be used as an alternative to the .com, .net, or .org extensions.
Registration and renewal period
One to ten years.
API Version 2013-04-01
120

Amazon Route 53 Developer Guide
Generic Top-Level Domains

Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for French and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.world
Used by anyone who wants to provide information about global subjects.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.wtf
Used by anyone who wants to identify with the popular (but profane) acronym "WTF."
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for French and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.xyz
Used as a general extension for any purpose.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported.
API Version 2013-04-01
121

Amazon Route 53 Developer Guide
Geographic Domains

DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.zone
Used for information about any kind of zone, including time zones, climate zones, and sports zones.
Registration and renewal period
One to ten years.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported for French and Spanish.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.

Geographic Domains
The following domain extensions are grouped by geography and include official country-specific extensions
known as country code top-level domains (ccTLDs). Examples include .be (Belgium), .in (India), and .mx
(Mexico). The rules for registration of ccTLDs vary by country. Some countries are unrestricted, meaning
that anyone in the world can register, while others have certain restrictions, such as residency.
Not all ccTLDs support internationalized domain names (IDNs). The following list indicates whether each
ccTLD supports IDNs. For more information about internationalized domain names, see DNS Domain
Name Format (p. 2).
Geographic Regions
• Africa (p. 122)
• Americas (p. 123)
• Asia/Oceania (p. 126)
• Europe (p. 131)

Africa
.co.za
.co.za (South Africa)
Registration and renewal period
One year.
Restrictions
Only second-level domains are available for the .za extension. Amazon Route 53 supports the
second-level domain .co.za.
Open to the public, with some restrictions:
• Registration is open to identifiable legal entities (individuals and legal persons).
API Version 2013-04-01
122

Amazon Route 53 Developer Guide
Geographic Domains

• The domain name must pass a zone check during the registration process.
Privacy protection
Determined by the registry
Internationalized domain names
Not supported.
DNSSEC
Not supported.
Registrar
The registrar for this TLD is our registrar associate, Gandi.

Americas
.ca, .cl, .co, .com.ar, .com.br, .mx, .us
.ca (Canada)
Confirmation email from the TLD registry
When you register a .ca domain, you will receive an email with a link to the acceptation procedure
of the registrant agreement.You must complete the procedure within seven days or your domain
will not be registered.
Registration and renewal period
One to ten years.
Restrictions
Open to the public, with some restrictions:
• Registration is open to individuals or organizations connected to Canada, as described by the
Canadian Presence Requirements for Registrants.
• Registrant contact:You must provide the full and exact legal name of the owner of the domain.
• Admin and tech contacts: You must specify Person as the contact type and provide contact
information for individuals living in Canada.
• You must select one of the following legal types during the registration process:
• CCO represents a corporation.
• CCT represents a Canadian citizen.
• RES represents a Canadian resident.
• GOV represents a government entity.
• EDU represents an educational entity.
• ASS represents an unincorporated association.
• HOP represents a hospital.
• PRT represents a partnership.
• TDM represents a trademark.
• TRD represents a trade union.
• PLT represents a political party.
• LAM represents libraries, archives, and museums.
• TRS represents a trust.
• ABO represents Aboriginal Peoples.
• INB represents Indian Band.
• LGR represents legal representative.
• OMK represents an official mark (protected by the Trademarks Act).
• MAJ represents Her Majesty the Queen.

API Version 2013-04-01
123

Amazon Route 53 Developer Guide
Geographic Domains

Privacy protection
• Person – For all contacts, contact name, address, phone number, fax number, and email
address are hidden.
• Company, association, or public body – Not supported.
Internationalized domain names
Supported.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
Deletion of domain registration
The registry for .ca domains doesn't allow you to delete domain registrations. Instead, you must
disable automatic renewal and wait for the domain to expire. For more information, see Deleting
a Domain Name Registration (p. 40).
.cl (Chile)
Registration and renewal period
Two years.
Restrictions
Open to the public, with some restrictions:
• The .cl extension is open to individuals who are present or a resident of Chile and to companies
that are duly authorized to perform business in Chile.
• A local administrative contract is required for persons who do not reside in Chile.
Privacy protection
Determined by the registry
Internationalized domain names
Not supported.
DNSSEC
Not supported.
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.co (Colombia)
Registration and renewal period
One to five years.
Restrictions
Open to the public, with no restrictions.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Supported.
DNSSEC
Not supported.
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.com.ar (Argentina)
Registration and renewal period
One year.

API Version 2013-04-01
124

Amazon Route 53 Developer Guide
Geographic Domains

Restrictions
Only second-level domains are available. Amazon Route 53 supports the second-level domain
.com.ar.
Open to the public, with some restrictions:
• A local presence is required.
• During the registration process, you must provide your ID number. For individuals, this might
be your passport number, national ID, or driver's license number. Companies and organizations
can provide their tax ID or VAT number.
Privacy protection
Not supported.
Internationalized domain names
Not supported.
DNSSEC
Not supported.
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.com.br (Brazil)
Registration and renewal period
One year.
Restrictions
Only second-level domains are available. Amazon Route 53 supports the second-level domain
.com.br.
Open to the public, with some restrictions:
• The .com.br is open to individuals and companies that are legally located or established in
Brazil.
Privacy protection
Determined by the registry
Internationalized domain names
Not supported.
DNSSEC
Not supported.
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.mx (Mexico)
Registration and renewal period
One to five years.
Restrictions
Open to the public, with no restrictions.
Privacy protection
Determined by the registry
Internationalized domain names
Not supported.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.us (United States)
Registration and renewal period
One to ten years.

API Version 2013-04-01
125

Amazon Route 53 Developer Guide
Geographic Domains

Restrictions
The registry for .us domains doesn't allow domain names that contain any of the seven words
identified in the "Appendix to Opinion of the Court" of Federal Communications Commission v.
Pacifica Foundation No. 77-528.
Open to the public, with one restriction:
• The .us extension is for websites or activities that are located in the United States of America.
Privacy protection
Not supported.
Internationalized domain names
Not supported.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.

Asia/Oceania
.co.nz, .com.au, .com.sg, .in, .jp, .io, .net.au, .net.nz, .org.nz, .ru, .sg
.co.nz (New Zealand)
Registration and renewal period
One to ten years.
Restrictions
Your can register the following second-level domains with Amazon Route 53: .co.nz, .net.nz,
and .org.nz. You can't register .nz (first-level) domains with Amazon Route 53 or transfer .nz
domains to Amazon Route 53.
Open to the public, with some restrictions:
• Individuals must be at least 18.
• Organizations must be registered.
Privacy protection
Not supported.
Internationalized domain names
Supported.
DNSSEC
Not supported.
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.com.au (Australia)
Confirmation email from the TLD registry
Our registrar partner, Gandi, resells .com.au domains through the Australian company TPP
Wholesale. When you transfer a domain name to Amazon Route 53, tppwholesale.com.au sends
an email to the registrant contact for the domain to verify contact information or to authorize
transfer requests.
Registration and renewal period
Two years.
Restrictions
Only second-level domains are available. Amazon Route 53 supports the second-level domains
.com.au and net.au.
Open to the public, with some restrictions:
API Version 2013-04-01
126

Amazon Route 53 Developer Guide
Geographic Domains

• The .com.au and .net.au domains are open to legal persons, partnerships, or sole traders
registered in Australia; to foreign companies licensed to trade in Australia; and to owners or
applicants of an Australian-registered trademark.
• Your domain name must be identical to your name (as registered with the relevant Australian
authorities) or to your trademark (or to the abbreviation or acronym for your trademark).
• The domain name should indicate your activity. For example, it should indicate a product that
you sell or a service that you provide.
• During the registration process, you must provide the following information:
• Your registration type: ABN (Australian Business Number), ACN (Australian Company
Number), RBN (Registered Business Number), or TM (Trademark) if the domain name
corresponds to your trademark.
• Your ID number, which can be a Medicare card number, a tax file number (TFN), a state
driver's license number, or an Australian Business Number (ABN).
• Your state or province.
Privacy protection
Not supported.
Internationalized domain names
Not supported.
DNSSEC
Not supported.
Registrar
The registrar for this TLD is our registrar associate, Gandi.
Deletion of domain registration
The registry for .com.au domains doesn't allow you to delete domain registrations. Instead, you
must disable automatic renewal and wait for the domain to expire. For more information, see
Deleting a Domain Name Registration (p. 40).
.com.sg (Republic of Singapore)
Registration and renewal period
One year.
Restrictions
Amazon Route 53 supports the .sg extension plus a second-level domain, .com.sg.
Open to the public, with one restriction:
• A Singapore presence is required. You must provide the national identification number of the
registrant. In Singapore, a National Registration Identity Card (NRIC) is issued to Singapore
citizens and permanent residents.
Deletion of domain registration
The registry for .com.sg domains doesn't allow you to delete domain registrations. Instead, you
must disable automatic renewal and wait for the domain to expire. For more information, see
Deleting a Domain Name Registration (p. 40).
Privacy protection
Determined by the registry
Internationalized domain names
Supported for two to 18 Chinese characters.
DNSSEC
Not supported.
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.in (India)
Registration and renewal period
One to ten years.

API Version 2013-04-01
127

Amazon Route 53 Developer Guide
Geographic Domains

Restrictions
Open to the public, with no restrictions.
Privacy protection
Not supported.
Internationalized domain names
Not supported.
DNSSEC
Not supported.
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.jp (Japan)
Domain transfer
To transfer a .jp domain to Amazon Route 53, use the method provided by your current domain
registrar to update the value of the AGNT code for the domain to AGNT-1744, all uppercase.
Registration and renewal period
One year.
Restrictions
Open to the public, with one restriction:
• Only individuals or companies in Japan can register a .jp domain name.
Privacy protection
Determined by the registry
Internationalized domain names
Supported for Japanese.
DNSSEC
Not supported.
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.io (British Indian Ocean Territory)
Registration and renewal period
One year.
Restrictions
Open to the public, with no restrictions.
Privacy protection
Determined by the registry
Internationalized domain names
Supported.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
Deletion of domain registration
The registry for .io domains doesn't allow you to delete domain registrations. Instead, you must
disable automatic renewal and wait for the domain to expire. For more information, see Deleting
a Domain Name Registration (p. 40).
.net.au (Australia)
Confirmation email from the TLD registry
Our registrar partner, Gandi, resells .net.au domains through the Australian company TPP
Wholesale. When you transfer a domain name to Amazon Route 53, tppwholesale.com.au sends
an email to the registrant contact for the domain to verify contact information or to authorize
transfer requests.

API Version 2013-04-01
128

Amazon Route 53 Developer Guide
Geographic Domains

Registration and renewal period
Two years.
Restrictions
Only second-level domains are available. Amazon Route 53 supports the second-level domains
.com.au and net.au.
Open to the public, with some restrictions:
• The .com.au and .net.au domains are open to legal persons, trading, partnerships, or sole
traders registered in Australia; to foreign companies licensed to trade in Australia; and to
owners or applicants of an Australian-registered trademark.
• Your domain name must be identical to your name, as registered with the relevant Australian
authorities or to your trademark (or to the abbreviation or acronym).
• The domain name should indicate your activity. For example, it should indicate a product that
you sell or a service that you provide.
• During the registration process, you must indicate the following:
• Your registration type: ABN (Australian Business Number), ACN (Australian Company
Number), RBN (Business Registration Number), or TM (Trademark) if the domain name
corresponds to your trademark.
• Your ID number, which can be a Medicare card number, a tax file number (TFN), a state
driver's license number, or an Australian Business Number (ABN).
• Your state or province.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Not supported.
DNSSEC
Not supported.
Registrar
The registrar for this TLD is our registrar associate, Gandi.
Deletion of domain registration
The registry for .net.au domains doesn't allow you to delete domain registrations. Instead, you
must disable automatic renewal and wait for the domain to expire. For more information, see
Deleting a Domain Name Registration (p. 40).
.net.nz (New Zealand)
Registration and renewal period
One to ten years.
Restrictions
Your can register the following second-level domains with Amazon Route 53: .co.nz, .net.nz,
and .org.nz. You can't register .nz (first-level) domains with Amazon Route 53 or transfer .nz
domains to Amazon Route 53.
Open to the public, with some restrictions:
• Individuals must be at least 18.
• Organizations must be registered.
Privacy protection
Not supported.
Internationalized domain names
Supported.
DNSSEC
Not supported.

API Version 2013-04-01
129

Amazon Route 53 Developer Guide
Geographic Domains

Registrar
The registrar for this TLD is our registrar associate, Gandi.
.org.nz (New Zealand)
Registration and renewal period
One to ten years.
Restrictions
Your can register the following second-level domains with Amazon Route 53: .co.nz, .net.nz,
and .org.nz. You can't register .nz (first-level) domains with Amazon Route 53 or transfer .nz
domains to Amazon Route 53.
Open to the public, with some restrictions:
• Individuals must be at least 18.
• Organizations must be registered.
Privacy protection
Not supported.
Internationalized domain names
Supported.
DNSSEC
Not supported.
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.ru (Russian Federation)
Domain transfer
If you're transferring a .ru domain to Amazon Route 53, you don't need to specify an authorization
code. Instead, use the method provided by RU-Center, the registry for .ru domains, to update
the Partner Handle for the domain to 5427/NIC-REG. For more information, see the Registrar's
or Registrant's Transfer page on the RU-Center website.
Registration and renewal period
One year.
Restrictions
Open to the public, with some restrictions:
• Individuals might need to provide a passport number or government-issued ID number.
• Foreign companies might need to provide a company ID or company registration.
Privacy protection
Determined by the registry
Internationalized domain names
Not supported.
DNSSEC
Not supported.
Registrar
The registrar for this TLD is our registrar associate, Gandi.
Deletion of domain registration
The registry for .ru domains doesn't allow you to delete domain registrations. Instead, you must
disable automatic renewal and wait for the domain to expire. For more information, see Deleting
a Domain Name Registration (p. 40).
.sg (Republic of Singapore)
Registration and renewal period
One year.
Restrictions
Amazon Route 53 supports the .sg extension plus a second-level domain, .com.sg. These
domains are open to the public, with some restrictions:
• The administrative contact must have a valid postal address in Singapore.
API Version 2013-04-01
130

Amazon Route 53 Developer Guide
Geographic Domains

Privacy protection
Determined by the registry
Internationalized domain names
Supported for two to 18 Chinese characters.
DNSSEC
Not supported.
Registrar
The registrar for this TLD is our registrar associate, Gandi.
Deletion of domain registration
The registry for .sg domains doesn't allow you to delete domain registrations. Instead, you must
disable automatic renewal and wait for the domain to expire. For more information, see Deleting
a Domain Name Registration (p. 40).

Europe
.be, .berlin, .ch, .co.uk, .de, .es, .eu, .fi, .fr, .it, .me, .me.uk, .nl, .org.uk, .ruhr, .se, .uk, .wien
.be (Belgium)
Registration and renewal period
One year.
Restrictions
Open to the public, with no restrictions.
Privacy protection
Determined by the registry
Internationalized domain names
Supported.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.berlin (city of Berlin in Germany)
Registration and renewal period
One to ten years.
Restrictions
Open to the public, with some restrictions:
• The owner, administrative, or technical contact must provide an address in Berlin, and the
administrative contact must be an individual.
• You must activate and use your .berlin domain within 12 months following its registration
(applies to a website, redirection, or email address).
• If you publish a website under your .berlin domain, or if your .berlin domain redirects to another
website, the content of the website must be related to Berlin.
Privacy protection
Not supported.
Internationalized domain names
Supported for Latin and Cyrillic.
DNSSEC
Not supported.
Registrar
The registrar for this TLD is our registrar associate, Gandi.

API Version 2013-04-01
131

Amazon Route 53 Developer Guide
Geographic Domains

.ch (Switzerland)
Registration and renewal period
One year.
Restrictions
Open to the public, with no restrictions.
Privacy protection
Determined by the registry
Internationalized domain names
Supported.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.co.uk (United Kingdom)
Domain transfer
To transfer a .co.uk domain to Amazon Route 53, use the method provided by your current
domain registrar to update the value of the Internet Provider Security (IPS) tag for the domain
to GANDI, all uppercase. (An IPS tag, also known as a registrar tag, is required by Nominet, the
registry for .co.uk domain names.) When you register a .co.uk domain, Amazon Route 53
automatically sets the IPS tag for the domain to GANDI.
Registration and renewal period
One to ten years.
Restrictions
Open to the public, with no restrictions.
Registration priority
If you registered a .co.uk domain before June 10, 2014 or a .me.uk or .org.uk domain before
October 29, 2013, you have priority for registering the corresponding .uk domain for five years.

Note
You cannot register a .uk domain (such as example.uk) for which someone else has
already registered a .co.uk, .me.uk, or .org.uk domain (such as example.co.uk) until
the priority period has expired.
If different registrants have registered the same name with .co.uk, .me.uk, and .org.uk TLDs
(such as example.co.uk, example.me.uk, and example.org.uk), priority for registering the .uk
domain name is in the following order:
• The registrant of the .co.uk domain
• The registrant of the .org.uk domain
• The registrant of the .me.uk domain
If you want the .uk domain for a .co.uk, .me.uk, or .org.uk that you already own, use the Amazon
Route 53 console or API, the AWS CLI, or the SDKs to register the .uk domain as you would
any other domain. If someone else has a higher priority on an existing .co.uk, .me.uk, or .org.uk
domain, we'll notify you by email. The email will contain the following text:
ErrorState at registrar: 2201 : Authorization error (V334 Your request
for domain 'domain name' has failed because the 'account name' for the
registrant does not fully match any registrant which has rights for this
domain)

Privacy protection
Determined by the registry
Internationalized domain names
Not supported.

API Version 2013-04-01
132

Amazon Route 53 Developer Guide
Geographic Domains

DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
Deletion of domain registration
The registry for .co.uk domains doesn't allow you to delete domain registrations. Instead, you
must disable automatic renewal and wait for the domain to expire. For more information, see
Deleting a Domain Name Registration (p. 40).
.de (Germany)
Registration and renewal period
One year.
Restrictions
Open to the public, with some restrictions:
• You must reside in Germany or have an administrative contact (physical person) who resides
in Germany and has an address other than a P.O. box.
• During registration, the DNS (A, MX, and CNAME) of the domain name must be correctly
configured so that it can pass the registry's zone check. Three servers of two different C
classes are required.
Privacy protection
Determined by the registry
Internationalized domain names
Supported.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.es (Spain)
Domain purchase or transfer

Important
You currently can purchase new .es domain names or transfer .es domains to Amazon
Route 53 if the contact type for the registrant contact is Person. You can't purchase or
transfer .es domains if the contact type for the registrant contact is Company,
Association, or Public Body.
Registration and renewal period
One to five years.
Restrictions
Open to the public, for those who have an interest in or connection with Spain.
Privacy protection
Determined by the registry
Internationalized domain names
Supported.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.eu (European Union)
Registration and renewal period
One to ten years.

API Version 2013-04-01
133

Amazon Route 53 Developer Guide
Geographic Domains

Restrictions
Open to the public, with one restriction:
• You must provide a valid postal address in one of the 27 member-states of the European
Union. A local presence is required.
Privacy protection
Determined by the registry
Internationalized domain names
Supported.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.fi (Finland)
Registration and renewal period
One year.
Restrictions
Open to the public, with some restrictions:
• The .fi extension is available to individuals who have a domicile in Finland and have a Finnish
identity number, and legal persons or private entrepreneurs registered in Finland.
• You must provide the following information during registration:
• Whether or not the contact is based on a physical or moral person in Finland.
• The identifier of the register where the name is recorded, if based on a moral person's name.
• The number of the record in the register where the name is recorded, if based on a moral
person's name.
• The identification number for a moral person in Finland.
• The identification number for a physical person in Finland.
Privacy protection
Determined by the registry
Internationalized domain names
Supported.
DNSSEC
Not supported.
Registrar
The registrar for this TLD is our registrar associate, Gandi.
Deletion of domain registration
The registry for .fi domains doesn't allow you to delete domain registrations. Instead, you must
disable automatic renewal and wait for the domain to expire. For more information, see Deleting
a Domain Name Registration (p. 40).
.fr (France)
Registration and renewal period
One year.
Restrictions
Open to the public, with some restrictions:
• Individuals must be at least 18 and must provide their date-of-birth.
• Organizations must be located in the European Economic Area or in Switzerland.
• Organizations should fill out all company identification fields (VAT number, SIREN, WALDEC,
DUNS, and so on), as this will facilitate any verification that AFNIC might perform at a later
date.
• The same eligibility conditions apply to the administrative contact.

API Version 2013-04-01
134

Amazon Route 53 Developer Guide
Geographic Domains

• Names and terms are subject to an AFNIC prior review (Naming Charter Article 2.4) and to
the following additional conditions:
• Domain names previously reserved or prohibited are open to applicants that justify a
legitimate right and act in good faith.
• Names beginning with ville, mairie, agglo, cc, cg, and cr are subject to AFNIC naming
conventions.
Privacy protection
Determined by the registry
Internationalized domain names
Supported.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.it (Italy)
Registration and renewal period
One year.
Restrictions
Open to the public, with some restrictions:
• Individuals or organizations must have a registered address in the European Union.
• If your country of origin is Italy, you must enter a fiscal code. If your country of origin is within
the European Union, you must enter an identity document number (ID number).
• If you specify Company, Association, or Public body for the contact type, a VAT number
(a value-added tax identification number) is required.
• Name servers for your domain must pass a DNS check. If your domain name does not comply
with the technical requirements, and you do not correct it within 30 days, your domain name
will be deleted by the registry. We don't issue refunds for domains that are deleted because
they don't meet technical requirements.
Privacy protection
Determined by the registry
Internationalized domain names
Supported.
DNSSEC
Not supported.
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.me (Montenegro)
Registration and renewal period
One to ten years.
Restrictions
Open to the public, with no restrictions.
Privacy protection (applies to all contact types: person, company, association, and public
body)
• Hidden – address, phone number, fax number, and email address
• Not hidden – contact name and organization name
Internationalized domain names
Not supported.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).

API Version 2013-04-01
135

Amazon Route 53 Developer Guide
Geographic Domains

Registrar
The registrar for this TLD is our registrar associate, Gandi.
.me.uk (United Kingdom)
Domain transfer
To transfer a .me.uk domain to Amazon Route 53, use the method provided by your current
domain registrar to update the value of the Internet Provider Security (IPS) tag for the domain
to GANDI, all uppercase. (An IPS tag, also known as a registrar tag, is required by Nominet, the
registry for .me.uk domain names.) When you register a .me.uk domain, Amazon Route 53
automatically sets the IPS tag for the domain to GANDI.
Registration and renewal period
One to ten years.
Restrictions
Open to the public, with no restrictions.
Registration priority
If you registered a .co.uk domain before June 10, 2014 or a .me.uk or .org.uk domain before
October 29, 2013, you have priority for registering the corresponding .uk domain for five years.

Note
You cannot register a .uk domain (such as example.uk) for which someone else has
already registered a .co.uk, .me.uk, or .org.uk domain (such as example.co.uk) until
the priority period has expired.
If different registrants have registered the same name with .co.uk, .me.uk, and .org.uk TLDs
(such as example.co.uk, example.me.uk, and example.org.uk), priority for registering the .uk
domain name is in the following order:
• The registrant of the .co.uk domain
• The registrant of the .org.uk domain
• The registrant of the .me.uk domain
If you want the .uk domain for a .co.uk, .me.uk, or .org.uk that you already own, use the Amazon
Route 53 console or API, the AWS CLI, or the SDKs to register the .uk domain as you would
any other domain. If someone else has a higher priority on an existing .co.uk, .me.uk, or .org.uk
domain, we'll notify you by email. The email will contain the following text:
ErrorState at registrar: 2201 : Authorization error (V334 Your request
for domain 'domain name' has failed because the 'account name' for the
registrant does not fully match any registrant which has rights for this
domain)

Privacy protection
Determined by the registry
Internationalized domain names
Not supported.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
Deletion of domain registration
The registry for .me.uk domains doesn't allow you to delete domain registrations. Instead, you
must disable automatic renewal and wait for the domain to expire. For more information, see
Deleting a Domain Name Registration (p. 40).
.nl (the Netherlands)
Registration and renewal period
One year.

API Version 2013-04-01
136

Amazon Route 53 Developer Guide
Geographic Domains

Restrictions
Open to the public, with some restrictions:
• The owner or the administrative contact must provide a valid address in the Netherlands. A
local presence is required.
• If you do not have a valid address in the Netherlands, the Registry SIDN will provide you with
a domicile address, as per the Domicile Address Procedure.
Privacy protection
Determined by the registry
Internationalized domain names
Not supported.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.org.uk (United Kingdom)
Domain transfer
To transfer a .org.uk domain to Amazon Route 53, use the method provided by your current
domain registrar to update the value of the Internet Provider Security (IPS) tag for the domain
to GANDI, all uppercase. (An IPS tag, also known as a registrar tag, is required by Nominet, the
registry for .org.uk domain names.) When you register a .org.uk domain, Amazon Route 53
automatically sets the IPS tag for the domain to GANDI.
Registration and renewal period
One to ten years.
Restrictions
Open to the public, with no restrictions.
Registration priority
If you registered a .co.uk domain before June 10, 2014 or a .me.uk or .org.uk domain before
October 29, 2013, you have priority for registering the corresponding .uk domain for five years.

Note
You cannot register a .uk domain (such as example.uk) for which someone else has
already registered a .co.uk, .me.uk, or .org.uk domain (such as example.co.uk) until
the priority period has expired.
If different registrants have registered the same name with .co.uk, .me.uk, and .org.uk TLDs
(such as example.co.uk, example.me.uk, and example.org.uk), priority for registering the .uk
domain name is in the following order:
• The registrant of the .co.uk domain
• The registrant of the .org.uk domain
• The registrant of the .me.uk domain
If you want the .uk domain for a .co.uk, .me.uk, or .org.uk that you already own, use the Amazon
Route 53 console or API, the AWS CLI, or the SDKs to register the .uk domain as you would
any other domain. If someone else has a higher priority on an existing .co.uk, .me.uk, or .org.uk
domain, we'll notify you by email. The email will contain the following text:
ErrorState at registrar: 2201 : Authorization error (V334 Your request
for domain 'domain name' has failed because the 'account name' for the
registrant does not fully match any registrant which has rights for this
domain)

Privacy protection
Determined by the registry
Internationalized domain names
Not supported.
API Version 2013-04-01
137

Amazon Route 53 Developer Guide
Geographic Domains

DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
Deletion of domain registration
The registry for .org.uk domains doesn't allow you to delete domain registrations. Instead, you
must disable automatic renewal and wait for the domain to expire. For more information, see
Deleting a Domain Name Registration (p. 40).
.ruhr (Ruhr region, western part of Germany)
The .ruhr extension is for the Ruhr region (western part of Germany).
Registration and renewal period
One to ten years.
Restrictions
Open to the public, with one restriction:
• The administrative contact must be an individual who has an address in Germany.
Privacy protection
Not supported.
Internationalized domain names
Supported (ä, ö, ü, ß).
DNSSEC
Not supported.
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.se (Sweden)
Registration and renewal period
One to ten years.
Restrictions
Open to the public, with some restrictions:
• If you are located in Sweden, you must provide a valid Swedish ID number.
• If you are located outside of Sweden, you must enter a valid ID number such as a tax ID
number.
Privacy protection
Determined by the registry
Internationalized domain names
Not supported.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
.uk (United Kingdom)
Domain transfer
To transfer a .uk domain to Amazon Route 53, use the method provided by your current domain
registrar to update the value of the Internet Provider Security (IPS) tag for the domain to GANDI,
all uppercase. (An IPS tag, also known as a registrar tag, is required by Nominet, the registry
for .uk domain names.) When you register a .uk domain, Amazon Route 53 automatically sets
the IPS tag for the domain to GANDI.
Registration and renewal period
One to ten years.

API Version 2013-04-01
138

Amazon Route 53 Developer Guide
Geographic Domains

Restrictions
Open to the public, with no restrictions.
Registration priority
If you registered a .co.uk domain before June 10, 2014 or a .me.uk or .org.uk domain before
October 29, 2013, you have priority for registering the corresponding .uk domain for five years.

Note
You cannot register a .uk domain (such as example.uk) for which someone else has
already registered a .co.uk, .me.uk, or .org.uk domain (such as example.co.uk) until
the priority period has expired.
If different registrants have registered the same name with .co.uk, .me.uk, and .org.uk TLDs
(such as example.co.uk, example.me.uk, and example.org.uk), priority for registering the .uk
domain name is in the following order:
• The registrant of the .co.uk domain
• The registrant of the .org.uk domain
• The registrant of the .me.uk domain
If you want the .uk domain for a .co.uk, .me.uk, or .org.uk that you already own, use the Amazon
Route 53 console or API, the AWS CLI, or the SDKs to register the .uk domain as you would
any other domain. If someone else has a higher priority on an existing .co.uk, .me.uk, or .org.uk
domain, we'll notify you by email. The email will contain the following text:
ErrorState at registrar: 2201 : Authorization error (V334 Your request
for domain 'domain name' has failed because the 'account name' for the
registrant does not fully match any registrant which has rights for this
domain)

Privacy protection
Determined by the registry
Internationalized domain names
Not supported.
DNSSEC
Supported for domain registration. For more information, see Configuring DNSSEC for a
Domain (p. 35).
Registrar
The registrar for this TLD is our registrar associate, Gandi.
Deletion of domain registration
The registry for .uk domains doesn't allow you to delete domain registrations. Instead, you must
disable automatic renewal and wait for the domain to expire. For more information, see Deleting
a Domain Name Registration (p. 40).
.wien (city of Vienna in Austria)
Registration and renewal period
One to ten years.
Restrictions
Open to the public, with some restrictions:
• You must show an economic, cultural, tourist, historical, social, or other affinity with the city
of Vienna in Austria.
• The .wien domain names must be used in connection with the above conditions, throughout
the term of registration.
Privacy protection
Not supported.
Internationalized domain names
Supported for Latin.

API Version 2013-04-01
139

Amazon Route 53 Developer Guide
Geographic Domains

DNSSEC
Not supported.
Registrar
The registrar for this TLD is our registrar associate, Gandi.

API Version 2013-04-01
140

Amazon Route 53 Developer Guide
Migrating DNS Service for an Existing Domain to Amazon
Route 53

Configuring Amazon Route 53 as
Your DNS Service
You can use Amazon Route 53 as the DNS service for any registered domain name. When you register
a domain with Amazon Route 53, Amazon Route 53 is automatically configured as the DNS service for
the domain. You can also migrate DNS service for existing domains or subdomains to Amazon Route 53.
For more information, see the applicable topic:
Topics
• Migrating DNS Service for an Existing Domain to Amazon Route 53 (p. 141)
• Creating a Subdomain That Uses Amazon Route 53 as the DNS Service without Migrating the Parent
Domain (p. 145)
• Migrating DNS Service for a Subdomain to Amazon Route 53 without Migrating the Parent
Domain (p. 147)

Migrating DNS Service for an Existing Domain
to Amazon Route 53
You can migrate an existing domain from another DNS service to Amazon Route 53 as the DNS service.
This process has six basic steps:
1. Create a Amazon Route 53 hosted zone (p. 142) for your domain.
2. Get the current DNS configuration from your current DNS service provider (p. 142).
3. Add resource record sets (p. 143) to your Amazon Route 53 hosted zone.
4. API only: Confirm that your changes have propagated (p. 143) to all Amazon Route 53 DNS servers.

Note
Currently, the only way to verify that changes have propagated is to use the GetChange API
action. Changes generally propagate to all Amazon Route 53 name servers in a couple of
minutes. In rare circumstances, propagation can take up to 30 minutes.
5. Update your registrar's name server records (p. 143).
6. Wait for your changes to take effect (p. 144).

API Version 2013-04-01
141

Amazon Route 53 Developer Guide
Creating a Hosted Zone

Important
You can create a hosted zone only for a domain that you have permission to administer. Typically,
this means that you own the domain, but you may also be developing an application for the
domain registrant.

Creating a Hosted Zone
To migrate a domain from your existing DNS service, start by creating an Amazon Route 53 hosted zone.
Amazon Route 53 stores information about your domain in the hosted zone.

Note
When you create a hosted zone, Amazon Route 53 automatically creates four name server (NS)
records and a start of authority (SOA) record for the zone. The NS records identify the name
servers that you give to your registrar or your DNS service so that queries are routed to Amazon
Route 53 name servers. For more information about NS and SOA records, see NS and SOA
Resource Record Sets that Amazon Route 53 Creates for a Public Hosted Zone (p. 169).
To create a hosted zone using the Amazon Route 53 console, perform the following procedure. To create
a hosted zone using the Amazon Route 53 API, use the CreateHostedZone action. For more information,
see POST CreateHostedZone in the Amazon Route 53 API Reference.

To create a hosted zone using the Amazon Route 53 console
1.
2.

3.
4.

5.

Sign in to the AWS Management Console and open the Amazon Route 53 console at https://
console.aws.amazon.com/route53/.
If you're new to Amazon Route 53, choose Get Started Now under DNS Management.
If you're already using Amazon Route 53, choose Hosted Zones in the navigation pane.
Choose Create Hosted Zone.
In the Create Hosted Zone pane, enter a domain name and, optionally, a comment. For more
information about a setting, pause the mouse pointer over its label to see a tool tip.
For information about how to specify characters other than a-z, 0-9, and - (hyphen) and how to specify
internationalized domain names, see DNS Domain Name Format (p. 2).
Choose Create.

Getting Your Current DNS Configuration from Your
DNS Service Provider
To simplify the process of migrating an existing domain to Amazon Route 53, get the current DNS
configuration for the domain from the DNS service provider that is currently servicing the domain. You
can use this information as a basis for configuring Amazon Route 53 as your DNS service.
What you ask for and the format that it comes in depends on which company you're currently using as
your DNS service provider. Ideally, they'll give you a zone file, which contains information about all of the
resource record sets in your current configuration. (Resource record sets tell DNS how you want traffic
to be routed for your domains and subdomains. For example, when someone enters your domain name
in a web browser, do you want traffic to be routed to a web server in your data center, to an Amazon EC2
instance, to a CloudFront distribution, or to some other location?) If you can get a zone file from your
current DNS service provider, you can import your existing DNS configuration into your Amazon Route 53
hosted zone, which greatly simplifies the process of creating resource record sets. Try asking customer
support for your current DNS service provider how to get a zone file or a records list.
Records that you are likely to migrate include:

API Version 2013-04-01
142

Amazon Route 53 Developer Guide
Creating Resource Record Sets

• A (Address) records, which associate a domain name (example.com) with the IP address of the home
page for the domain (192.0.2.3)
• Mail server (MX) records
• CNAME records, which reroute queries for one domain name (www.example.com) to another domain
name (example.com)
• Other A records, CNAME records, or other supported DNS record types. For a list of supported record
types, see Supported DNS Resource Record Types (p. 4).

Creating Resource Record Sets
Using the resource record sets that you got from your current DNS service provider as a starting point,
create corresponding resource record sets in the Amazon Route 53 hosted zone. The resource record
sets that you create in Amazon Route 53 will become the resource record sets that DNS uses after you
update your current DNS service's name server records, as explained in Updating Your Registrar's Name
Servers (p. 143), later in the process.

Caution
Do not create additional name server (NS) or start of authority (SOA) records in the Amazon
Route 53 hosted zone, and do not delete the existing NS and SOA records.
To create resource record sets using the Amazon Route 53 console, see Working with Resource Record
Sets (p. 178). To create resource record sets using the Amazon Route 53 API, use
ChangeResourceRecordSets. For more information, see POST ChangeResourceRecordSets in the
Amazon Route 53 API Reference.

Checking the Status of Your Changes (API Only)
Creating a new hosted zone and changing resource record sets take time to propagate to the Amazon
Route 53 DNS servers. If you used POST ChangeResourceRecordSets to create your resource record
sets, you can use the GetChange action to determine whether your changes have propagated.
(ChangeResourceRecordSets returns a value for ChangeId, which you can include in a subsequent
GetChange request. ChangeId is not available if you created the resource record sets by using the
console.) For more information, see GET GetChange in the Amazon Route 53 API Reference.

Note
Changes generally propagate to all Amazon Route 53 name servers in a couple of minutes. In
rare circumstances, propagation can take up to 30 minutes.

Updating Your Registrar's Name Servers
After your changes to Amazon Route 53 resource record sets have propagated to the Amazon Route 53
DNS servers (see Checking the Status of Your Changes (API Only) (p. 143)), update your registrar's name
server (NS) records to refer to the Amazon Route 53 name servers. Perform the following procedure.
1.

2.

If the registrar has a method to change the TTL settings for their name servers, we recommend that
you reset the settings to 900 seconds. This limits the time during which client requests will try to
resolve domain names using obsolete name servers. You will need to wait for the duration of the
previous TTL for resolvers and clients to stop caching the DNS records with their previous values.
A common default setting is 172800 seconds (two days). After the TTL settings expire, you can safely
delete the records that are stored at the previous provider and make changes only to Amazon
Route 53.
In the Amazon Route 53 console, get the name servers for your Amazon Route 53 hosted zone:
a.

Sign in to the AWS Management Console and open the Amazon Route 53 console at https://
console.aws.amazon.com/route53/.

API Version 2013-04-01
143

Amazon Route 53 Developer Guide
Waiting for Your Changes to Take Effect

b.
c.

In the navigation pane, click Hosted Zones.
On the Hosted Zones page, choose the radio button (not the name) for the hosted zone.

d.

In the right pane, make note of the four servers listed for Name Servers.

Alternatively, you can use the GetHostedZone action. For more information, see GetHostedZone
in the Amazon Route 53 API Reference.
3.

Using the method provided by the registrar for the domain, replace the name servers in the registrar's
NS records with the four Amazon Route 53 name servers that were returned when you submitted
the GetHostedZone request in the previous step.

Note
Some registrars only allow you to specify name servers using IP addresses; they don't allow
you to specify fully qualified domain names. If your registrar requires using IP addresses,
you can get the IP addresses for your name servers using the dig utility (for Mac, Unix, or
Linux) or the nslookup utility (for Windows). We rarely change the IP addresses of name
servers; if we need to change IP addresses, we'll notify you in advance.
Depending on the TTL settings for the name servers for the parent domain, the propagation of your
changes to DNS resolvers can take 48 hours or more. During this period, DNS resolvers may still
answer requests with the name servers for the registrar. In addition, client computers may continue
to have the previous name servers for the domain in their cache.
To learn more about working with your hosted zone, see the following related topics.

Related Topics
•
•
•
•

Getting the Name Servers for a Public Hosted Zone (p. 163)
Listing Public Hosted Zones (p. 164)
Deleting a Public Hosted Zone (p. 164)
Listing Resource Record Sets (p. 233)

Waiting for Your Changes to Take Effect
You might have to wait a day or two before Amazon Route 53 becomes the DNS service for your domain
name. If you've been using the domain name, DNS resolvers have cached the registrar's NS records for
your domain. NS records are cached for the period specified by the TTL (time to live) in the records, which
commonly is 86400 to 172800 seconds (one to two days). Until the TTL expires, DNS resolvers that have
cached the registrar's NS records will continue to respond to queries for your domain with the name
servers in those NS records. After the TTL expires for a resolver, the resolver submits another query for
the NS records for your domain, and your registrar responds with your Amazon Route 53 NS records.

Note
If you don't remember the TTL for your registrar's NS records, you can still find it until the TTL
expires. Use a tool like dig or nslookup to query DNS for the NS records of your domain.

API Version 2013-04-01
144

Amazon Route 53 Developer Guide
Creating a Subdomain That Uses Amazon Route 53 as
the DNS Service without Migrating the Parent Domain

Creating a Subdomain That Uses Amazon
Route 53 as the DNS Service without Migrating
the Parent Domain
You can create a subdomain that uses Amazon Route 53 as the DNS service without migrating the parent
domain from another DNS service.
The process has four basic steps:
1. Create an Amazon Route 53 hosted zone for the subdomain (p. 145).
2. Add resource record sets (p. 146) for the new subdomain to your Amazon Route 53 hosted zone.
3. API only: Confirm that your changes have propagated (p. 146) to all Amazon Route 53 DNS servers.

Note
Currently, the only way to verify that changes have propagated is to use the GetChange API
action. Changes generally propagate to all Amazon Route 53 name servers in a couple of
minutes. In rare circumstances, propagation can take up to 30 minutes.
4. Update the DNS service for the parent domain by adding name server records for the subdomain (p. 146).

Creating a Hosted Zone for the New Subdomain
When you want to use Amazon Route 53 as the DNS service for a new subdomain without migrating the
parent domain, you start by creating a hosted zone for the subdomain. Amazon Route 53 stores information
about your subdomain in the hosted zone.

Note
When you create a hosted zone, Amazon Route 53 automatically creates four name server (NS)
records and a start of authority (SOA) record for the zone. The NS records identify the name
servers that you give to your registrar or your DNS service so that queries are routed to Amazon
Route 53 name servers. For more information about NS and SOA records, see NS and SOA
Resource Record Sets that Amazon Route 53 Creates for a Public Hosted Zone (p. 169).
To create a hosted zone using the Amazon Route 53 console, perform the following procedure. To create
a hosted zone using the Amazon Route 53 API, use the CreateHostedZone action. For more information,
see POST CreateHostedZone in the Amazon Route 53 API Reference.

To create a hosted zone using the Amazon Route 53 console
1.
2.

Sign in to the AWS Management Console and open the Amazon Route 53 console at https://
console.aws.amazon.com/route53/.
If you're new to Amazon Route 53, choose Get Started Now under DNS Management.
If you're already using Amazon Route 53, choose Hosted Zones in the navigation pane.

3.

4.

In the right pane, enter the name of the subdomain, such as apex.example.com.You can also enter
an optional comment. For more information about a field, see the tool tip for the field.
For information about how to specify characters other than a-z, 0-9, and - (hyphen) and how to specify
internationalized domain names, see DNS Domain Name Format (p. 2).
Below the right pane, choose Create Hosted Zone.

API Version 2013-04-01
145

Amazon Route 53 Developer Guide
Creating Resource Record Sets

Creating Resource Record Sets
You can create resource record sets using either the Amazon Route 53 console or the Amazon Route 53
API. The resource record sets that you create in Amazon Route 53 will become the resource record sets
that DNS uses after you delegate responsibility for the subdomain to Amazon Route 53, as explained in
Updating Your DNS Service with Name Server Records for the Subdomain (p. 146), later in the process.

Caution
Do not create additional name server (NS) or start of authority (SOA) records in the Amazon
Route 53 hosted zone, and do not delete the existing NS and SOA records.
To create resource record sets using the Amazon Route 53 console, see Working with Resource Record
Sets (p. 178). To create resource record sets using the Amazon Route 53 API, use
ChangeResourceRecordSets. For more information, see POST ChangeResourceRecordSets in the
Amazon Route 53 API Reference.

Checking the Status of Your Changes (API Only)
Creating a new hosted zone and changing resource record sets take time to propagate to the Amazon
Route 53 DNS servers. If you used POST ChangeResourceRecordSets to create your resource record
sets, you can use the GetChange action to determine whether your changes have propagated.
(ChangeResourceRecordSets returns a value for ChangeId, which you can include in a subsequent
GetChange request. ChangeId is not available if you created the resource record sets by using the
console.) For more information, see GET GetChange in the Amazon Route 53 API Reference.

Note
Changes generally propagate to all Amazon Route 53 name servers in a couple of minutes. In
rare circumstances, propagation can take up to 30 minutes.

Updating Your DNS Service with Name Server
Records for the Subdomain
After your changes to Amazon Route 53 resource record sets have propagated (see Checking the Status
of Your Changes (API Only) (p. 146)), update the DNS service for the parent domain by adding NS records
for the subdomain. This is known as delegating responsibility for the subdomain to Amazon Route 53.
For example, if the parent domain example.com is hosted with another DNS service and you created the
subdomain test.example.com in Amazon Route 53, you must update the DNS service for example.com
with new NS records for test.example.com.
Perform the following procedure.
1.

Using the method provided by your DNS service, back up the zone file for the parent domain.

2.

In the Amazon Route 53 console, get the name servers for your Amazon Route 53 hosted zone:
a.
b.

Sign in to the AWS Management Console and open the Amazon Route 53 console at https://
console.aws.amazon.com/route53/.
In the navigation pane, click Hosted Zones.

c.
d.

On the Hosted Zones page, choose the radio button (not the name) for the hosted zone.
In the right pane, make note of the four servers listed for Name Servers.

Alternatively, you can use the GetHostedZone action. For more information, see GetHostedZone
in the Amazon Route 53 API Reference.

API Version 2013-04-01
146

Amazon Route 53 Developer Guide
Migrating DNS Service for a Subdomain to Amazon
Route 53 without Migrating the Parent Domain

3.

Using the method provided by the DNS service of the parent domain, add NS records for the
subdomain to the zone file for the parent domain. In these NS records, specify the four Amazon
Route 53 name servers that are associated with the hosted zone that you created in Step 1.

Caution
Do not add a start of authority (SOA) record to the zone file for the parent domain. Because the
subdomain will use Amazon Route 53, the DNS service for the parent domain is not the authority
for the subdomain.
If your DNS service automatically added an SOA record for the subdomain, delete the record
for the subdomain. However, do not delete the SOA record for the parent domain.

Migrating DNS Service for a Subdomain to
Amazon Route 53 without Migrating the Parent
Domain
You can migrate a subdomain to use Amazon Route 53 as the DNS service without migrating the parent
domain from another DNS service.
The process has four basic steps:
1.
2.
3.
4.

Create an Amazon Route 53 hosted zone for the subdomain (p. 147).
Get the current DNS configuration from the current DNS service provider for the parent domain (p. 148).
Add resource record sets (p. 148) for the subdomain to your Amazon Route 53 hosted zone.
API only: Confirm that your changes have propagated (p. 148) to all Amazon Route 53 DNS servers.

Note
Currently, the only way to verify that changes have propagated is to use the GetChange API
action. Changes generally propagate to all Amazon Route 53 name servers in a couple of
minutes. In rare circumstances, propagation can take up to 30 minutes.
5. Update the DNS configuration with the DNS service provider for the parent domain by adding name
server records for the subdomain (p. 149).

Creating a Hosted Zone for the Subdomain
If you want to migrate a subdomain from another DNS service to Amazon Route 53 but you don't want
to migrate the parent domain, start by creating a hosted zone for the subdomain. Amazon Route 53 stores
information about your subdomain in the hosted zone.

Note
When you create a hosted zone, Amazon Route 53 automatically creates four name server (NS)
records and a start of authority (SOA) record for the zone. The NS records identify the name
servers that you give to your registrar or your DNS service so that queries are routed to Amazon
Route 53 name servers. For more information about NS and SOA records, see NS and SOA
Resource Record Sets that Amazon Route 53 Creates for a Public Hosted Zone (p. 169).
To create a hosted zone using the Amazon Route 53 console, perform the following procedure. To create
a hosted zone using the Amazon Route 53 API, use the CreateHostedZone action. For more information,
see POST CreateHostedZone in the Amazon Route 53 API Reference.

API Version 2013-04-01
147

Amazon Route 53 Developer Guide
Getting Your Current DNS Configuration from Your DNS
Service Provider

To create a hosted zone using the Amazon Route 53 console
1.

Sign in to the AWS Management Console and open the Amazon Route 53 console at https://
console.aws.amazon.com/route53/.

2.

If you're new to Amazon Route 53, choose Get Started Now under DNS Management.
If you're already using Amazon Route 53, choose Hosted Zones in the navigation pane.

3.

4.

In the right pane, enter the name of the subdomain, such as apex.example.com.You can also enter
an optional comment. For more information about a field, see the tool tip for the field.
For information about how to specify characters other than a-z, 0-9, and - (hyphen) and how to specify
internationalized domain names, see DNS Domain Name Format (p. 2).
Below the right pane, choose Create Hosted Zone.

Getting Your Current DNS Configuration from Your
DNS Service Provider
To simplify the process of migrating an existing subdomain to Amazon Route 53, get the current DNS
configuration for the domain from the DNS service provider that is currently servicing the domain. You
can use this information as a basis for configuring Amazon Route 53 as the DNS service for the subdomain.
What you ask for and the format that it comes in depends on which company you're currently using as
your DNS service provider. Ideally, they'll give you a zone file, which contains information about all of the
resource record sets in your current configuration. (Resource record sets tell DNS how you want traffic
to be routed for your domains and subdomains. For example, when someone enters your domain name
in a web browser, do you want traffic to be routed to a web server in your data center, to an Amazon EC2
instance, to a CloudFront distribution, or to some other location?) If you can get a zone file from your
current DNS service provider, you can edit the zone file to remove the resource record sets that you don't
want to migrate to Amazon Route 53. Then you can import the remaining resource record sets into your
Amazon Route 53 hosted zone, which greatly simplifies the process. Try asking customer support for
your current DNS service provider how to get a zone file or a records list.

Creating Resource Record Sets
Using the resource record sets that you got from your current DNS service provider as a starting point,
create corresponding resource record sets in the Amazon Route 53 hosted zone that you created for the
subdomain. The resource record sets that you create in Amazon Route 53 will become the resource
record sets that DNS uses after you delegate responsibility for the subdomain to Amazon Route 53, as
explained in Updating Your DNS Service with Name Server Records for the Subdomain (p. 149), later in
the process.

Caution
Do not create additional name server (NS) or start of authority (SOA) records in the Amazon
Route 53 hosted zone, and do not delete the existing NS and SOA records.
To create resource record sets using the Amazon Route 53 console, see Working with Resource Record
Sets (p. 178). To create resource record sets using the Amazon Route 53 API, use
ChangeResourceRecordSets. For more information, see POST ChangeResourceRecordSets in the
Amazon Route 53 API Reference.

Checking the Status of Your Changes (API Only)
Creating a new hosted zone and changing resource record sets take time to propagate to the Amazon
Route 53 DNS servers. If you used POST ChangeResourceRecordSets to create your resource record

API Version 2013-04-01
148

Amazon Route 53 Developer Guide
Updating Your DNS Service with Name Server Records
for the Subdomain

sets, you can use the GetChange action to determine whether your changes have propagated.
(ChangeResourceRecordSets returns a value for ChangeId, which you can include in a subsequent
GetChange request. ChangeId is not available if you created the resource record sets by using the
console.) For more information, see GET GetChange in the Amazon Route 53 API Reference.

Note
Changes generally propagate to all Amazon Route 53 name servers in a couple of minutes. In
rare circumstances, propagation can take up to 30 minutes.

Updating Your DNS Service with Name Server
Records for the Subdomain
After your changes to Amazon Route 53 resource record sets have propagated (see Checking the Status
of Your Changes (API Only) (p. 148)), update the DNS service for the parent domain by adding NS records
for the subdomain. This is known as delegating responsibility for the subdomain to Amazon Route 53.
For example, suppose the parent domain example.com is hosted with another DNS service and you're
migrating the subdomain test.example.com to Amazon Route 53. You must create a hosted zone for
test.example.com and update the DNS service for example.com with the NS records that Amazon Route 53
assigned to the new hosted zone for test.example.com.
Perform the following procedure.
1.
2.

3.

Using the method provided by your DNS service, back up the zone file for the parent domain.
If the previous DNS service provider for the domain has a method to change the TTL settings for
their name servers, we recommend that you change the settings to 900 seconds. This limits the time
during which client requests will try to resolve domain names using obsolete name servers. If the
current TTL is 172800 seconds (two days), which is a common default setting, you still need to wait
two days for resolvers and clients to stop caching DNS records using the previous TTL. After the
TTL settings expire, you can safely delete the records that are stored at the previous provider and
make changes only to Amazon Route 53.
In the Amazon Route 53 console, get the name servers for your Amazon Route 53 hosted zone:
a.
b.
c.
d.

Sign in to the AWS Management Console and open the Amazon Route 53 console at https://
console.aws.amazon.com/route53/.
In the navigation pane, click Hosted Zones.
On the Hosted Zones page, choose the radio button (not the name) for the hosted zone.
In the right pane, make note of the four servers listed for Name Servers.

Alternatively, you can use the GetHostedZone action. For more information, see GetHostedZone
in the Amazon Route 53 API Reference.
4.

Using the method provided by the DNS service of the parent domain, add NS records for the
subdomain to the zone file for the parent domain. Give the NS records the same name as the
subdomain. For the values in the NS records, specify the four Amazon Route 53 name servers that
are associated with the hosted zone that you created in Step 2. Note that different DNS services use
different terminology. You might need to contact technical support for your DNS service to learn how
to perform this step.

Caution
Do not add a start of authority (SOA) record to the zone file for the parent domain. Because
the subdomain will use Amazon Route 53, the DNS service for the parent domain is not the
authority for the subdomain.
If your DNS service automatically added an SOA record for the subdomain, delete the record
for the subdomain. However, do not delete the SOA record for the parent domain.

API Version 2013-04-01
149

Amazon Route 53 Developer Guide
Updating Your DNS Service with Name Server Records
for the Subdomain

5.

Depending on the TTL settings for the name servers for the parent domain, the propagation of your
changes to DNS resolvers can take 48 hours or more. During this period, DNS resolvers may still
answer requests with the name servers for the DNS service of the parent domain. In addition, client
computers may continue to have the previous name servers for the subdomain in their cache.
After the registrar's TTL settings for the domain expire (see Step 2), delete the following resource
record sets from the zone file for the parent domain:
• The resource record sets that you added to Amazon Route 53 as described in Creating Resource
Record Sets (p. 148).
• Your DNS service's NS records. When you are finished deleting NS records, the only NS records
in the zone file will be the ones that you created in Step 4.

API Version 2013-04-01
150

Amazon Route 53 Developer Guide
Routing Traffic to an Amazon CloudFront Distribution
(Public Hosted Zones Only)

Routing Traffic to AWS Resources
You can use Amazon Route 53 to route traffic to a variety of AWS resources.
•
•
•
•
•
•
•

Routing Traffic to an Amazon CloudFront Distribution (Public Hosted Zones Only) (p. 151)
Routing Traffic to an AWS Elastic Beanstalk Environment (p. 152)
Routing Traffic to an Elastic Load Balancing Load Balancer (p. 155)
Routing Traffic to an Amazon EC2 Instance (p. 156)
Routing Traffic to a Website That Is Hosted in an Amazon S3 Bucket (p. 156)
Opening Connections to an Amazon RDS Database Instance Using Your Domain Name (p. 157)
Routing Traffic to Amazon WorkMail (Public Hosted Zones Only) (p. 159)

Routing Traffic to an Amazon CloudFront
Distribution (Public Hosted Zones Only)
If you're using CloudFront to distribute your content, you can use Amazon Route 53 to route traffic to your
CloudFront distribution. The name of your Amazon Route 53 hosted zone (such as example.com) must
match an alternate domain name in the CloudFront distribution.You cannot route traffic to the CloudFront
domain name for your distribution (such as d111111abcdef8.cloudfront.net). The following procedure
assumes that you have already registered the applicable domain names.

Note
You can route traffic to a CloudFront distribution only for public hosted zones.

To route traffic to an Amazon CloudFront distribution
1.

Create your CloudFront distribution, and add one or more alternate domain names (example.com,
www.example.com) to the distribution. For more information, see the following topics in the Amazon
CloudFront Developer Guide:
• Creating Web Distributions
• Creating RTMP Distributions
• Using Alternate Domain Names

API Version 2013-04-01
151

Amazon Route 53 Developer Guide
Routing Traffic to an AWS Elastic Beanstalk Environment

2.

If Amazon Route 53 is not the DNS service for one or more of the alternate domain names that you
added to your distribution, migrate DNS service for those domains to Amazon Route 53. For more
information, see the applicable topic:
• Creating a Subdomain That Uses Amazon Route 53 as the DNS Service without Migrating the
Parent Domain (p. 145)
• Migrating DNS Service for an Existing Domain to Amazon Route 53 (p. 141)
• Migrating DNS Service for a Subdomain to Amazon Route 53 without Migrating the Parent
Domain (p. 147)
If you want to route traffic both for an alternate domain name that is the root domain (example.com)
and for one or more subdomains (www.example.com, product-name.example.com) to your CloudFront
distribution, you only need to create a hosted zone for the root domain.

3.

If you want to route traffic for more than one alternate domain name that is the root domain, for
example, the domain name and various misspellings of your domain name (example.com,
ex-ample.com), create one hosted zone for each root domain name. You must register each domain
name that you want to use.
Create one or more alias resource record sets that route traffic to your CloudFront distribution:
• To route traffic for the root domain (such as example.com), create an alias resource record set for
the root domain name.
To route traffic for more than one root domain (example.com, ex-ample.com), in each hosted zone
that you created in step 2, create an alias resource record set that has the same name as the
hosted zone.
• To route traffic for subdomains (such as acme.example.com), create one alias resource record
set for each subdomain.

Note
The name of each alias resource record set must match an alternate domain name in the
distribution that you want Amazon Route 53 to route traffic to.
For more information about alias resource record sets in Amazon Route 53, see Choosing Between
Alias and Non-Alias Resource Record Sets (p. 182). For information about creating resource record
sets, see Creating Resource Record Sets by Using the Amazon Route 53 Console (p. 184).

Routing Traffic to an AWS Elastic Beanstalk
Environment
If you're using AWS Elastic Beanstalk to deploy and manage applications in the AWS Cloud, you can
use Amazon Route 53 to route DNS traffic for your domain, such as example.com, to a new or an existing
Elastic Beanstalk environment.
To route DNS traffic to an Elastic Beanstalk environment, see the procedures in the following topics.

Note
These procedures assume that you're already using Amazon Route 53 as the DNS service for
your domain. If you're using another DNS service, see Configuring Amazon Route 53 as Your
DNS Service (p. 141) for information about migrating your DNS service to Amazon Route 53.
Topics
• Deploying an Application into an Elastic Beanstalk Environment (p. 153)

API Version 2013-04-01
152

Amazon Route 53 Developer Guide
Deploying an Application into an Elastic Beanstalk
Environment

• Getting the Domain Name for Your Elastic Beanstalk Environment (p. 153)
• Creating an Amazon Route 53 Resource Record Set that Routes Traffic to Your Elastic Beanstalk
Environment (p. 153)

Deploying an Application into an Elastic Beanstalk
Environment
If you already have an Elastic Beanstalk environment that you want to route traffic to, skip to Getting the
Domain Name for Your Elastic Beanstalk Environment (p. 153).
To create an application and deploy it into an Elastic Beanstalk environment
• For information about creating an application and deploying it to an Elastic Beanstalk environment, see
Getting Started Using Elastic Beanstalk in the AWS Elastic Beanstalk Developer Guide.

Getting the Domain Name for Your Elastic
Beanstalk Environment
If you already know the domain name for your Elastic Beanstalk environment, skip to Creating an Amazon
Route 53 Resource Record Set that Routes Traffic to Your Elastic Beanstalk Environment (p. 153).

To get the domain name for your Elastic Beanstalk environment
1.
2.

Sign in to the AWS Management Console and open the Elastic Beanstalk console at https://
console.aws.amazon.com/elasticbeanstalk/.
In the list of applications, find the application that you want to route traffic to, and get the value of
URL.

Creating an Amazon Route 53 Resource Record
Set that Routes Traffic to Your Elastic Beanstalk
Environment
An Amazon Route 53 resource record set contains the settings that control how traffic is routed to your
Elastic Beanstalk environment. You create either a CNAME resource record set or an alias resource
record set, depending on whether the domain name for the environment includes the region, such as
us-east-1, in which you deployed the environment. New environments include the region in the domain
name; environments that were created before early 2016 do not. For a comparison of CNAME and alias
resource record sets, see Choosing Between Alias and Non-Alias Resource Record Sets (p. 182).
If the domain name does not include the region
You must create a CNAME resource record set. You can't create a CNAME resource record set for
the root domain name. For example, if your domain name is example.com, you can create a resource
record set that routes traffic for acme.example.com to your Elastic Beanstalk environment, but you
can't create a resource record set that routs traffic for example.com to your Elastic Beanstalk
environment.
See the procedure To create a CNAME resource record set to route traffic to an Elastic Beanstalk
environment (p. 154).

API Version 2013-04-01
153

Amazon Route 53 Developer Guide
Creating an Amazon Route 53 Resource Record Set

If the domain name includes the region
You can create an alias resource record set. An alias resource record set is specific to Amazon
Route 53 and has two significant advantages over CNAME resource record sets:
• You can create alias resource record sets for the root domain name or for subdomains. For example,
if your domain name is example.com, you can create a resource record set that routes requests
for example.com or for acme.example.com to your Elastic Beanstalk environment.
• Amazon Route 53 doesn't charge for requests that use an alias resource record set to route traffic.
See the procedure To create an Amazon Route 53 alias resource record set to route traffic to an
Elastic Beanstalk environment (p. 154).

To create a CNAME resource record set to route traffic to an Elastic Beanstalk environment
1.

Sign in to the AWS Management Console and open the Amazon Route 53 console at https://
console.aws.amazon.com/route53/.

2.
3.

In the navigation pane, choose Hosted Zones.
Choose the hosted zone that has the domain name for which you want to route traffic to your Elastic
Beanstalk environment.
Choose Create Record Set.
Specify the following values:

4.
5.

Name
Type the domain name for which you want to route traffic to your Elastic Beanstalk environment.
The default value is the name of the hosted zone.
For example, if the name of the hosted zone is example.com and you want to route traffic to
acme.example.com, type acme.

Important
You can't create a CNAME record that has the same name as the hosted zone.
Type
Choose CNAME – Canonical name.
Alias
Choose No.
TTL (Seconds)
Accept the default value of 300.
Value
Type the domain name of the environment that you want to route traffic to. This is the value that
you get when you perform the procedure in the topic Getting the Domain Name for Your Elastic
Beanstalk Environment (p. 153).
Routing Policy
Accept the default value, Simple.

6.

Choose Create.
Changes generally propagate to all Amazon Route 53 servers in a couple of minutes. In rare
circumstances, propagation can take up to 30 minutes.

To create an Amazon Route 53 alias resource record set to route traffic to an Elastic
Beanstalk environment
1.
2.

Sign in to the AWS Management Console and open the Amazon Route 53 console at https://
console.aws.amazon.com/route53/.
In the navigation pane, choose Hosted Zones.
API Version 2013-04-01
154

Amazon Route 53 Developer Guide
Routing Traffic to an Elastic Load Balancing Load
Balancer

3.
4.
5.

Choose the hosted zone that has the domain name for which you want to route traffic to your Elastic
Beanstalk environment.
Choose Create Record Set.
Specify the following values:
Name
Type the domain name for which you want to route traffic to your Elastic Beanstalk environment.
The default value is the name of the hosted zone.
For example, if the name of the hosted zone is example.com and you want to route traffic to
acme.example.com, type acme.
Type
Accept the default, A – Ipv4 address.
Alias
Choose Yes.
Alias Target
Click in the field, and choose the domain name of the environment that you want to route traffic
to. This is the value that you get when you perform the procedure in the topic Getting the Domain
Name for Your Elastic Beanstalk Environment (p. 153).
Alias Hosted Zone ID
This value appears automatically based on the environment that you choose for Alias Target.
Routing Policy
Accept the default value, Simple.
Evaluate Target Health
Accept the default value, No.

6.

Choose Create.
Changes generally propagate to all Amazon Route 53 servers in a couple of minutes. In rare
circumstances, propagation can take up to 30 minutes.

Routing Traffic to an Elastic Load Balancing
Load Balancer
If you're hosting a website on Amazon EC2 instances that are registered with a load balancer and you
want to use Amazon Route 53 as the DNS service for your domain, follow the steps below.

To route traffic to an Elastic Load Balancing load balancer
1.

Use Elastic Load Balancing to set up a load balancer. If you're creating multiple alias resource record
sets that have the same name and type (for example, weighted or latency alias resource record sets),
create one load balancer for each resource record set. For more information about creating a load
balancer, go to Getting Started with Elastic Load Balancing in the Elastic Load Balancing Developer
Guide.

Tip
Give the load balancer a name that will help you remember what it's for later. The name
you specify when you create a load balancer is the name you'll choose when you create an
alias resource record sets in Amazon Route 53.
2.

Create an Amazon Route 53 hosted zone. For more information, see Creating a Public Hosted
Zone (p. 162).

API Version 2013-04-01
155

Amazon Route 53 Developer Guide
Routing Traffic to an Amazon EC2 Instance

3.

Create alias resource record sets in your hosted zone. For more information, see Working with
Resource Record Sets (p. 178).

Routing Traffic to an Amazon EC2 Instance
If you're hosting a website on an Amazon EC2 server and you want to use Amazon Route 53 as the DNS
service for your domain, follow the steps below.

To route traffic to an Amazon EC2 instance
1.

Launch an Amazon EC2 instance. For more information, see the Amazon EC2 Getting Started Guide.

Note
We recommend that you also create an Elastic IP address and associate it with your Amazon
EC2 instance. An Elastic IP address ensures that the IP address of your Amazon EC2
instance will never change.
2.
3.

Create an Amazon Route 53 hosted zone. For more information, see Creating a Public Hosted
Zone (p. 162).
Create a resource record set in your hosted zone. For Type, choose A – Ipv4 address. For Value,
specify the Elastic IP address for your Amazon EC2 instance. For more information about creating
a resource record set, see Working with Resource Record Sets (p. 178).

Routing Traffic to a Website That Is Hosted in
an Amazon S3 Bucket
If you're hosting a website in an Amazon S3 bucket and you want to use Amazon Route 53 as the DNS
service for your domain, follow the steps below.

To route traffic to a website that is hosted in an Amazon S3 bucket
1.
2.

Create an Amazon S3 bucket that is configured as a website. For more information, see Hosting
Websites on Amazon S3 in the Amazon Simple Storage Service Developer Guide.
Create a subdomain that uses Amazon Route 53 as the DNS service, or migrate an existing domain
or subdomain to Amazon Route 53. For more information, see the applicable topic:
• Creating a Subdomain That Uses Amazon Route 53 as the DNS Service without Migrating the
Parent Domain (p. 145)
• Migrating DNS Service for an Existing Domain to Amazon Route 53 (p. 141)
• Migrating DNS Service for a Subdomain to Amazon Route 53 without Migrating the Parent
Domain (p. 147)

3.

Create an alias resource record set that routes traffic for your domain name to the Amazon S3 domain
name for your bucket. For more information about alias resource record sets, see Choosing Between
Alias and Non-Alias Resource Record Sets (p. 182).

API Version 2013-04-01
156

Amazon Route 53 Developer Guide
Opening Connections to an Amazon RDS Database
Instance Using Your Domain Name

Opening Connections to an Amazon RDS
Database Instance Using Your Domain Name
If you use an Amazon RDS database instance for data storage for your web application, the domain name
that is assigned to your DB instance is a long, partially random, alphanumeric string, for example:
myexampledb.a1b2c3d4wxyz.us-west-2.rds.amazonaws.com

Whenever you open a connection to your Amazon RDS DB instance, you must specify the domain name
in your application code.
If you want to use a domain name that's easier to remember, you can use your own domain name instead.
To do this, you can use Amazon Route 53 to create a CNAME resource record set that associates your
domain name with the domain name of your DB instance.
For example, you could create a CNAME resource record set to map productdata.example.com to
the domain name myexampledb.a1b2c3d4wxyz.us-west-2.rds.amazonaws.com. After you create
the CNAME record, you can use productdata.example.com in your application code whenever you
open a connection to your Amazon RDS DB instance.
In addition to letting you use a name that's easier to remember, the CNAME resource record set makes
it easier for you to replace one DB instance with another. Instead of updating all of your code with the
domain name of a new DB instance, you can just change the domain name of the DB instance in the
CNAME resource record set.

Note
You must use a CNAME resource record set to associate a domain name with an Amazon RDS
DB instance. Amazon Route 53 doesn't support using other types of resource record sets for
this purpose. For more information, see Working with Resource Record Sets (p. 178).

Prerequisites
Before you get started, you need the following:
• An Amazon RDS DB instance.
• A registered domain name. (You don't need to use Amazon Route 53 as the domain registrar.)
• Amazon Route 53 as the DNS service for the domain. To use the procedures in this topic, Amazon
Route 53 must be your DNS service provider, but you can also create a CNAME resource record set
with another DNS service provider.
For more information, see Configuring Amazon Route 53 as Your DNS Service (p. 141).

Configuring Amazon Route 53 So You Can Use
Your Domain Name to Open Connections
To configure Amazon Route 53 so you can use your domain name to open connections to an Amazon
RDS database instance, perform the following procedures. First you get the domain name that is associated
with your DB instance, and then you create a CNAME resource record set that maps your domain name
to the domain name of your DB instance.

API Version 2013-04-01
157

Amazon Route 53 Developer Guide
Configuring Amazon Route 53 So You Can Use Your
Domain Name to Open Connections

Getting the domain name for your Amazon RDS DB instance
1.

Sign in to the AWS Management Console and open the Amazon RDS console at https://
console.aws.amazon.com/rds/.

2.
3.
4.

In the regions list in the upper-right corner of the console, change to the region where you created
the DB instance that you want to open connections to.
In the navigation pane, choose Instances.
In the table, expand the DB instance that you want to open connections to.

5.

Get the value of Endpoint.

Creating a CNAME resource record set
1.
2.
3.
4.
5.

Open the Amazon Route 53 console at https://console.aws.amazon.com/route53/.
In the navigation pane, choose Hosted Zones.
Choose the hosted zone that has the domain name that you want to use to open connections to your
DB instance.
Choose Create Record Set.
Specify the following values:
Name
Type the domain name that you want to use to open connections to your DB instance. The
default value is the name of the hosted zone.
For example, if the name of the hosted zone is example.com and you want to use the domain
name acme.example.com to open connections to your DB instance, type acme.

Important
You can't create a CNAME record that has the same name as the hosted zone.
Type
Choose CNAME – Canonical name.
Alias
Choose No.
TTL (Seconds)
Accept the default value of 300.
Value
Type the domain name of the DB instance that you want to open connections to. This is the
value that you got when you performed the procedure Getting the domain name for your Amazon
RDS DB instance (p. 158).
Routing Policy
Accept the default value of Simple.

6.

Choose Create.
Changes generally propagate to all Amazon Route 53 servers in a couple of minutes. In rare
circumstances, propagation can take up to 30 minutes. When propagation is complete, you'll be able
to open connections to your DB instance by using the name of the CNAME resource record set that
you created in this procedure.

API Version 2013-04-01
158

Amazon Route 53 Developer Guide
Routing Traffic to Amazon WorkMail (Public Hosted
Zones Only)

Routing Traffic to Amazon WorkMail (Public
Hosted Zones Only)
If you're using Amazon WorkMail for your business email and you're using Amazon Route 53 as your
DNS service, you can use Amazon Route 53 to route traffic to your Amazon WorkMail email domain. The
name of your Amazon Route 53 hosted zone (such as example.com) must match the name of an Amazon
WorkMail domain.

Note
You can route traffic to an Amazon WorkMail domain only for public hosted zones.
To route traffic to Amazon WorkMail, perform the following four procedures.

To configure Amazon Route 53 as your DNS service and add an Amazon WorkMail
organization and email domain
1.

If you haven't registered the domain name that you want to use in your email addresses (such as
john@example.com), register the domain now so you know that the domain is available. For more
information, see Registering a New Domain (p. 14).
If Amazon Route 53 is not the DNS service for the email domain that you added to Amazon WorkMail,
migrate DNS service for the domain to Amazon Route 53. For more information, see the applicable
topic:
• Creating a Subdomain That Uses Amazon Route 53 as the DNS Service without Migrating the
Parent Domain (p. 145)
• Migrating DNS Service for an Existing Domain to Amazon Route 53 (p. 141)
• Migrating DNS Service for a Subdomain to Amazon Route 53 without Migrating the Parent
Domain (p. 147)

2.

Add an Amazon WorkMail organization and email domain. For more information, see Getting Started
for New Users in the Amazon WorkMail Administrator Guide.

To create a Amazon Route 53 TXT resource record set for Amazon WorkMail
1.

In the navigation pane of the Amazon WorkMail console, choose Domains.

2.

Choose the name of the email domain, such as example.com, for which you want to route traffic to
Amazon WorkMail.
Open another browser tab, and open the Amazon Route 53 console.
In the Amazon Route 53 console, do the following:

3.
4.

a.
b.

5.

6.

In the navigation pane, choose Hosted Zones.
Choose the name of the hosted zone that you want to use for your Amazon WorkMail email
domain.

In the Amazon WorkMail console, in the section Step 1: Verify domain ownership, go to the
Hostname column, and copy the part of the value that precedes your email domain name.
For example, if your Amazon WorkMail email domain is example.com and the value of Hostname
is _amazonses.example.com, copy _amazonses.
In the Amazon Route 53 console, do the following:
a.

Choose Create Record Set.
API Version 2013-04-01
159

Amazon Route 53 Developer Guide
Routing Traffic to Amazon WorkMail (Public Hosted
Zones Only)

b.
c.

7.
8.

For Name, paste the value that you copied in step 5.
For Type, choose TXT – Text.

In the Amazon WorkMail console, for the TXT record, copy the value of the Value column, including
the quotation marks.
In the Amazon Route 53 console, do the following:
a.

For Value, paste the value that you copied in step 7.
Don't change any other settings.

b.

Choose Create.

To create a Amazon Route 53 MX resource record set for Amazon WorkMail
1.
2.

In the Amazon WorkMail console, in the section Step 2: Finalize domain setup, go to the row for
which the value of Record type is MX, and copy the value of the Value column.
In the Amazon Route 53 console, do the following:
a.
b.
c.

Choose Create Record Set.
For Value, paste the value that you copied in step 1.
For Type, choose MX – Mail Exchange.

d.

Don't change any other settings.
Choose Create.

To create four Amazon Route 53 CNAME resource record sets for Amazon WorkMail
1.

2.

In the Amazon WorkMail console, in the section Step 2: Finalize domain setup, go to the first row
for which the value of Record type is CNAME. In the Hostname column, copy the part of the value
that precedes your email domain name.
For example, if your Amazon WorkMail email domain is example.com and the value of Hostname
is autodiscover.example.com, copy autodiscover.
In the Amazon Route 53 console, do the following:
a.
b.
c.

3.
4.

Choose Create Record Set.
For Name, paste the value that you copied in step 1.
For Type, choose CNAME – Canonical Name.

In the Amazon WorkMail console, in the first row for which the value of the Record type column is
CNAME, copy the value of the Value column.
In the Amazon Route 53 console, do the following:
a.

For Value, paste the value that you copied in step 3.
Don't change any other settings.

b.

Choose Create.

API Version 2013-04-01
160

Amazon Route 53 Developer Guide
Routing Traffic to Amazon WorkMail (Public Hosted
Zones Only)

5.

Repeat steps 1 through 4 for the remaining CNAME records that are listed in the Amazon WorkMail
console.

API Version 2013-04-01
161

Amazon Route 53 Developer Guide
Creating a Public Hosted Zone

Working with Public Hosted Zones
A public hosted zone is a container that holds information about how you want to route traffic on the
Internet for a domain, such as example.com, and its subdomains (apex.example.com, acme.example.com).
After you create a public hosted zone, you create resource record sets that determine how the Domain
Name System (DNS) responds to queries for your domain and subdomains. For example, if you have
one or more email addresses associated with your domain (john@example.com), you'll create an MX
record in your hosted zone so that email is sent to the email server for your domain. For more information
about resource record sets, see Working with Resource Record Sets (p. 178).
This topic explains how to use the Amazon Route 53 console to create, list, and delete public hosted
zones. For information about using the Amazon Route 53 API to perform these operations, see Actions
on Public Hosted Zones in the Amazon Route 53 API Reference.
You can also use an Amazon Route 53 private hosted zone to route traffic within one or more Amazon
Virtual Private Clouds. For more information, see Working with Private Hosted Zones (p. 171).
Topics
• Creating a Public Hosted Zone (p. 162)
• Getting the Name Servers for a Public Hosted Zone (p. 163)
• Listing Public Hosted Zones (p. 164)
• Deleting a Public Hosted Zone (p. 164)
• Configuring White Label Name Servers (p. 165)
• NS and SOA Resource Record Sets that Amazon Route 53 Creates for a Public Hosted Zone (p. 169)

Creating a Public Hosted Zone
A hosted zone is a collection of resource record sets for a specified domain. You create a hosted zone
for a domain (such as example.com), and then you create resource record sets to tell the Domain Name
System how you want traffic to be routed for that domain.
When you create a hosted zone, Amazon Route 53 automatically creates a name server (NS) record and
a start of authority (SOA) record for the zone. The NS record identifies the four name servers that you
give to your registrar or your DNS service so that DNS queries are routed to Amazon Route 53 name
servers. For more information about NS and SOA records, see NS and SOA Resource Record Sets that
Amazon Route 53 Creates for a Public Hosted Zone (p. 169).

API Version 2013-04-01
162

Amazon Route 53 Developer Guide
Getting the Name Servers for a Public Hosted Zone

After you update the settings with your domain registrar to include the Amazon Route 53 name servers,
Amazon Route 53 responds to DNS queries for the hosted zone even if you don't have a functioning
website. For example, Amazon Route 53 responds with information about your hosted zone whenever
someone enters your domain name in a web browser.
By default, Amazon Route 53 assigns a unique set of four name servers (known collectively as a delegation
set) to each hosted zone that you create. If you want to create a large number of hosted zones, you can
use the Amazon Route 53 API to create a reusable delegation set. Then when you create hosted zones
by using the Amazon Route 53 API, you can assign the same reusable delegation set—the same four
name servers—to each hosted zone. (You can't specify a reusable delegation set when you created a
hosted zone by using the Amazon Route 53 console.) Reusable delegation sets simplify migrating DNS
service to Amazon Route 53 because you can instruct your domain name registrar to use the same four
name servers for all of the domains for which you want Amazon Route 53 to be the DNS service. For
more information about reusable delegation sets, see Actions on Reusable Delegation Sets in the Amazon
Route 53 API Reference. For information about creating hosted zones by using the Amazon Route 53
API, see POST CreateHostedZone.
You can create more than one hosted zone with the same name and add different resource record sets
to each hosted zone. Amazon Route 53 assigns four name servers to every hosted zone, and the name
servers are different for each of them. When you update your registrar's name server records, be careful
to use the Amazon Route 53 name servers for the correct hosted zone—the one that contains the resource
record sets that you want Amazon Route 53 to use when responding to queries for your domain. Amazon
Route 53 never returns values for resource record sets in other hosted zones that have the same name.

To create a hosted zone using the Amazon Route 53 console
1.
2.

3.
4.

5.

Sign in to the AWS Management Console and open the Amazon Route 53 console at https://
console.aws.amazon.com/route53/.
If you're new to Amazon Route 53, choose Get Started Now under DNS Management.
If you're already using Amazon Route 53, choose Hosted Zones in the navigation pane.
Choose Create Hosted Zone.
In the Create Hosted Zone pane, enter a domain name and, optionally, a comment. For more
information about a setting, pause the mouse pointer over its label to see a tool tip.
For information about how to specify characters other than a-z, 0-9, and - (hyphen) and how to specify
internationalized domain names, see DNS Domain Name Format (p. 2).
Choose Create.

Getting the Name Servers for a Public Hosted
Zone
If you're currently using another DNS service and you want to migrate to Amazon Route 53, you begin
by creating a hosted zone. Amazon Route 53 automatically assigns four name servers to your hosted
zone. To ensure that the Domain Name System routes queries for your domain to the Amazon Route 53
name servers, update your registrar's or your DNS service's NS records for the domain to replace the
current name servers with the names of the four Amazon Route 53 name servers for your hosted zone.
The method that you use to update the NS records depends on which registrar or DNS service you're
using. For more information about migrating your DNS service to Amazon Route 53, see Configuring
Amazon Route 53 as Your DNS Service (p. 141).

Note
Some registrars only allow you to specify name servers using IP addresses; they don't allow you
to specify fully qualified domain names. If your registrar requires using IP addresses, you can
get the IP addresses for your name servers using the dig utility (for Mac, Unix, or Linux) or the
API Version 2013-04-01
163

Amazon Route 53 Developer Guide
Listing Public Hosted Zones

nslookup utility (for Windows). We rarely change the IP addresses of name servers; if we need
to change IP addresses, we'll notify you in advance.
The following procedure explains how to get the name servers for a hosted zone using the Amazon
Route 53 console. For information about how to get name servers using the Amazon Route 53 API, see
GET GetHostedZone in the Amazon Route 53 API Reference.

To get the name servers for a hosted zone using the Amazon Route 53 console
1.

Sign in to the AWS Management Console and open the Amazon Route 53 console at https://
console.aws.amazon.com/route53/.

2.
3.

In the navigation pane, click Hosted Zones.
On the Hosted Zones page, choose the radio button (not the name) for the hosted zone.

4.

In the right pane, make note of the four servers listed for Name Servers.

Listing Public Hosted Zones
You can use the Amazon Route 53 console to list all of the hosted zones that you created with the current
AWS account. For information about how to list hosted zones using the Amazon Route 53 API, see GET
ListHostedZones in the Amazon Route 53 API Reference.

To list the public hosted zones associated with an AWS account using the Amazon Route 53
console
1.
2.

Sign in to the AWS Management Console and open the Amazon Route 53 console at https://
console.aws.amazon.com/route53/.
In the Amazon Route 53 console, the Hosted Zones page automatically displays a list of the hosted
zones that are associated with the AWS account that you are currently signed in with.

Deleting a Public Hosted Zone
The following procedure explains how to delete a hosted zone using the Amazon Route 53 console. For
information about how to delete a hosted zone using the Amazon Route 53 API, see DELETE
DeleteHostedZone in the Amazon Route 53 API Reference.
You can delete a hosted zone only if there are no resource record sets other than the default SOA and
NS records. If your hosted zone contains other resource record sets, you must delete them before you
can delete your hosted zone. This prevents you from accidentally deleting a hosted zone that still contains
resource record sets.

To delete a public hosted zone using the Amazon Route 53 console
1.

Sign in to the AWS Management Console and open the Amazon Route 53 console at https://
console.aws.amazon.com/route53/.

2.

Confirm that the hosted zone that you want to delete contains only an NS and an SOA resource
record set. If it contains additional resource record sets, delete them:
a.
b.

Choose the name of the hosted zone that you want to delete.
On the Record Sets page, if the list of resource record sets includes any resource record sets
for which the value of the Type column is something other than NS or SOA, choose the row,
and choose Delete Record Set.

API Version 2013-04-01
164

Amazon Route 53 Developer Guide
Configuring White Label Name Servers

To select multiple, consecutive resource record sets, choose the first row, press and hold the
Shift key, and choose the last row. To select multiple, non-consecutive resource record sets,
choose the first row, press and hold the Ctrl key, and choose the remaining rows.

Note
If you created any NS records for subdomains in the hosted zone, delete those records,
too.
c.

3.
4.
5.

Choose Back to Hosted Zones.

On the Hosted Zones page, choose the row for the hosted zone that you want to delete.
Choose Delete Hosted Zone.
Choose OK to confirm.

Configuring White Label Name Servers
Each Amazon Route 53 hosted zone is associated with four name servers, known collectively as a
delegation set. By default, the name servers have names like ns-2048.awsdns-64.com. If you want the
domain name of your name servers to be the same as the domain name of your hosted zone, for example,
ns1.example.com, you can configure white label name servers, also known as vanity name servers or
private name servers.
The following procedure explains how to configure one set of four white label name servers that you can
reuse for multiple domains. For example, suppose you own the domains example.com, example.org, and
example.net. With this procedure, you can configure white label name servers for example.com and reuse
them for example.org and example.net.

To configure white label name servers for your Amazon Route 53 hosted zones
1.

Create an Amazon Route 53 reusable delegation set by using the Amazon Route 53 API, the AWS
CLI, or one of the AWS SDKs. For more information, see the following documentation:
• Amazon Route 53 API – See POST CreateReusableDelegationSet in the Amazon Route 53 API
Reference
• AWS CLI – See create-reusable-delegation-set in the AWS Command Line Interface Reference
• AWS SDKs See the applicable SDK documentation on the AWS Documentation page

2.

Create or recreate Amazon Route 53 hosted zones:
• If you aren't currently using Amazon Route 53 as the DNS service for the domains for which
you want to use white label name servers – Create the hosted zones and specify the reusable
delegation set that you created in the previous step with each hosted zone. For more information,
see POST CreateHostedZone (Public) in the Amazon Route 53 API Reference.
• If you are using Amazon Route 53 as the DNS service for the domains for which you want
to use white label name servers – You must recreate the hosted zones for which you want to
use white label name servers, and specify the reusable delegation set that you created in the
previous step for each hosted zone.
For more information about creating hosted zones and specifying a reusable delegation set for the
name servers for the hosted zones, see POST CreateHostedZone (Public) in the Amazon Route 53
API Reference.

API Version 2013-04-01
165

Amazon Route 53 Developer Guide
Configuring White Label Name Servers

Important
You cannot change the name servers that are associated with an existing hosted zone. You
can associate a reusable delegation set with a hosted zone only when you create the hosted
zone.
When you create the hosted zones and before you try to access the resources for the corresponding
domains, change the following TTL values for each hosted zone:
• Change the TTL for the NS record for the hosted zone to 60 seconds or less.
• Change the minimum TTL for the SOA record for the hosted zone to 60 seconds or less. This is
the last value in the SOA record.

3.

Changing the minimum TTL to 60 seconds or less will temporarily increase your bill because DNS
resolvers will send more queries to Amazon Route 53. (This procedure tells you when you can change
the TTL to a higher value.) However, if you accidentally give your registrar the wrong IP addresses
for your white label name servers, your website will become unavailable and remain unavailable for
the duration of the TTL after you correct the problem. By setting a low TTL, you reduce the amount
of time that your website is unavailable.
Create resource record sets in the new hosted zones:
• If you're migrating DNS service for your domains to Amazon Route 53 – You might be able
to create resource record sets by importing information about your existing resource record sets.
For more information, see Creating Resource Record Sets By Importing a Zone File (p. 230).
• If you're replacing existing hosted zones so that you can use white label name servers – In
the new hosted zones, recreate the resource record sets that appear in your current hosted zones.
Amazon Route 53 doesn't provide a method of exporting resource record sets from a hosted zone,
but some third-party vendors do. You can then use the Amazon Route 53 import feature to import
non-alias resource record sets for which the routing policy is simple. There is no way to export and
re-import alias resource record sets or resource record sets for which the routing policy is anything
other than simple.
For information about creating resource record sets by using the Amazon Route 53 API, see POST
CreateHostedZone (Public) in the Amazon Route 53 API Reference. For information about creating
resource record sets by using the Amazon Route 53 console, see Working with Resource Record
Sets (p. 178).

4.

Get the IP addresses of the name servers in the reusable delegation set, and fill in the following
table.
Name of a name server in your reusable delegation IP address
set (example: ns-2048.awsdns-64.com)

Name that you want
to assign to the
white label name
server (example:
ns1.example.com)

For example, suppose the four name servers for your reusable delegation set are:
• ns-2048.awsdns-64.com
API Version 2013-04-01
166

Amazon Route 53 Developer Guide
Configuring White Label Name Servers

• ns-2049.awsdns-65.net
• ns-2050.awsdns-66.org
• ns-2051.awsdns-67.co.uk
Run the applicable command for each name server to get the corresponding IP addresses.
dig command for Linux
% dig ns-2048.awsdns-64.com +short
192.0.2.117

nslookup command for Windows
c:\> nslookup ns-2048.awsdns-64.com
Server: ns-2048.awsdns-64.com
Address: 192.0.2.117

5.

In the hosted zone that has the same name (such as example.com) as the domain name of the white
label name servers (such as ns1.example.com), create four resource record sets, one for each white
label name server.

Important
If you're using the same white label name servers for two or more hosted zones, do not
perform this step for the other hosted zones.
For each resource record set, specify the following values. Refer to the table that you filled in for the
previous step:
Name
The name that you want to assign to one of your white label name servers, for example,
ns1.example.com. For the prefix (ns1 in this example), you can use any value that is valid in a
domain name.
Type
Specify A.
Alias
Specify No.
TTL
This value is the amount of time that DNS resolvers cache the information in this resource record
set before forwarding another DNS query to Amazon Route 53. We recommend that you specify
an initial value of 60 seconds or less, so that you can recover quickly if you accidentally specify
incorrect values in these resource record sets.
Value
The IP address of one of the Amazon Route 53 name servers in your reusable delegation set.

Caution
If you specify the wrong IP addresses when you created resource record sets for your
white label name servers, when you perform subsequent steps your website or web
application will become unavailable on the Internet. Even if you correct the IP addresses
immediately, your website or web application will remain unavailable for the duration
of the TTL.
Routing Policy
Specify Simple.

API Version 2013-04-01
167

Amazon Route 53 Developer Guide
Configuring White Label Name Servers

6.

Update SOA and NS records in the hosted zones for which you want to use white label name servers.
Perform steps 6 through 8 for one hosted zone and the corresponding domain at a time, then repeat
for another hosted zone and domain.

Important
Start with the Amazon Route 53 hosted zone that has the same domain name (such as
example.com) as the white label name servers (such as ns1.example.com).
a.

Update the SOA record. Replace the name of the Amazon Route 53 name server
(ns-2048.awsdns-64.net. in the following example) with the name of one of your white label
name servers:
ns-2048.awsdns-64.net. hostmaster.example.com. 1 7200 900 1209600 60

For information about updating resource record sets by using the Amazon Route 53 console,
see Editing Resource Record Sets (p. 232).

7.

b.

In the NS record, make note of the names of the current name servers for the domain, so you
can revert to these name servers if necessary.

c.

Update the NS record. Replace the name of the Amazon Route 53 name servers with the names
of your four white label name servers, for example, ns1.example.com, ns2.example.com,
ns3.example.com, and ns4.example.com.

Use the method provided by the registrar to create glue records and change the registrar's name
servers:
a.

Add glue records:
• If you're updating the domain that has the same domain name as the white label name
servers – Create four glue records for which the name and IP address match the values that
you got in step 4, for example:
ns1.example.com – IP address = 192.0.2.117
Registrars use a variety of terminology for glue records. You might also see this referred as
registering new name servers or something similar.
• If you're updating another domain – Skip to step 7b.

b.

Change the name servers for the domain to the names of your white label name servers.

If you're using Amazon Route 53 as your DNS service, see Adding or Changing Name Servers and
Adding or Changing Glue Records (p. 22).
8.

Monitor the traffic for the website or application for which you created glue records and changed
name servers in the previous step:
• If the traffic stops – Use the method provided by the registrar to change the name servers for
the domain back to the previous Amazon Route 53 name servers. These are the name servers
that you made note of in step 6b. Then determine what went wrong.
• If the traffic is unaffected – Repeat steps 6 through 8 for the rest of the hosted zones for which
you want to use the same white label name servers.

9.

For all of the hosted zones that are now using white label name servers, change the following values:
• Change the TTL for the NS record for the hosted zone to a more typical value for NS records, for
example, 172800 seconds (two days). This will reduce the number of DNS queries that DNS
resolvers forward to Amazon Route 53, which will reduce your Amazon Route 53 bill.
API Version 2013-04-01
168

Amazon Route 53 Developer Guide
NS and SOA Resource Record Sets that Amazon
Route 53 Creates for a Public Hosted Zone

• Change the minimum TTL for the SOA record for the hosted zone to a more typical value for SOA
records, for example, 86400 seconds (one day). This is the last value in the SOA record.

10. Optional If you're using Amazon Route 53 geolocation routing, contact the recursive DNS services
that support the edns-client-subnet extension of EDNS0, and give them the names of your white
label name servers. This ensures that these DNS services will continue to route DNS queries to the
optimal Amazon Route 53 location based on the approximate geographical location that the request
came from.
For a list of the recursive DNS services that support edns-client-subnet, see A Faster Internet:
Participants. For more information about how edns-client-subnet works, see A Faster Internet: How
It Works.

NS and SOA Resource Record Sets that Amazon
Route 53 Creates for a Public Hosted Zone
For each public hosted zone that you create, Amazon Route 53 automatically creates a name server
(NS) resource record set and a start of authority (SOA) resource record set. Don't change these records.
Topics
• The Name Server (NS) Resource Record Set (p. 169)
• The Start of Authority (SOA) Resource Record Set (p. 170)

The Name Server (NS) Resource Record Set
Amazon Route 53 automatically creates a name server (NS) resource record set that has the same name
as your hosted zone. It lists the four name servers that are the authoritative name servers for your hosted
zone. Do not add, change, or delete name servers in this resource record set.
The following examples show the format for the names of Amazon Route 53 name servers (these are
examples only; don't use them when you're updating your registrar's name server records):
• ns-2048.awsdns-64.com
• ns-2049.awsdns-65.net
• ns-2050.awsdns-66.org
• ns-2051.awsdns-67.co.uk
To get the list of name servers for your hosted zone:
1.
2.

Sign in to the AWS Management Console and open the Amazon Route 53 console at https://
console.aws.amazon.com/route53/.
In the navigation pane, click Hosted Zones.

3.
4.

On the Hosted Zones page, choose the radio button (not the name) for the hosted zone.
In the right pane, make note of the four servers listed for Name Servers.

Alternatively, you can use the GetHostedZone action. For more information, see GetHostedZone in the
Amazon Route 53 API Reference.
After you create a hosted zone, update your registrar's or your DNS service's name server records, as
applicable, to refer to the Amazon Route 53 name servers:
API Version 2013-04-01
169

Amazon Route 53 Developer Guide
The Start of Authority (SOA) Resource Record Set

• If you migrated an existing domain to Amazon Route 53, see Updating Your Registrar's Name
Servers (p. 143).
• If you created a subdomain that uses Amazon Route 53 without migrating the parent domain, see
Updating Your DNS Service with Name Server Records for the Subdomain (p. 146).
• If you migrated a subdomain to Amazon Route 53 without migrating the parent domain, see Updating
Your DNS Service with Name Server Records for the Subdomain (p. 149).

Note
Some registrars only allow you to specify name servers using IP addresses; they don't allow you
to specify fully qualified domain names. If your registrar requires that you use IP addresses, you
can get the IP addresses for your name servers using the dig utility (for Mac, Unix, or Linux) or
the nslookup utility (for Windows). We rarely change the IP addresses of name servers; if we
need to change IP addresses, we'll notify you in advance.

The Start of Authority (SOA) Resource Record Set
The start of authority (SOA) resource record set identifies the base DNS information about the domain,
for example:
ns-2048.awsdns-64.net. hostmaster.example.com. 1 7200 900 1209600 86400

The elements of the SOA record include:
• The host that created the SOA record, for example, ns-2048.awsdns-64.net.
• The email address of the administrator in a format with the @ symbol replaced by a period, for example,
hostmaster.example.com.The default value is an amazon.com email address that is not monitored.
• A revision number to increment when you change the zone file and distribute changes to secondary
DNS servers, for example 1.
• A refresh time in seconds that secondary DNS servers wait before querying the primary DNS server's
SOA record to check for changes, for example 7200.
• The retry interval in seconds that a secondary server waits before retrying a failed zone transfer, for
example 900 (15 minutes). Normally, the retry time is less than the refresh time.
• The expire time in seconds that a secondary server will keep trying to complete a zone transfer, for
example 1209600 (two weeks). If this time expires prior to a successful zone transfer, the secondary
server will expire its zone file. This means that the secondary server will stop answering queries because
it considers its data too old to be reliable.
• The minimum time to live (TTL). This value helps define the length of time that an NXDOMAIN result,
which indicates that a domain does not exist, should be cached by a DNS resolver. Caching this negative
result is referred to as negative caching. The duration of negative caching is the lesser of the SOA
record's TTL or the value of the minimum TTL field. The default minimum TTL on Amazon Route 53
SOA records is 900 seconds. To change the TTL for resource record sets, including SOA resource
record sets, you can use the Amazon Route 53 console. For more information, see Editing Resource
Record Sets (p. 232). You can also use the ChangeResourceRecordSets API. For more information,
see ChangeResourceRecordSets in the Amazon Route 53 API Reference.

API Version 2013-04-01
170

Amazon Route 53 Developer Guide

Working with Private Hosted Zones
A private hosted zone is a container that holds information about how you want to route traffic for a domain
and its subdomains within one or more Amazon Virtual Private Clouds (Amazon VPCs). To begin, you
create a private hosted zone and specify the Amazon VPCs that you want to associate with the hosted
zone. You then create resource record sets that determine how Amazon Route 53 responds to queries
for your domain and subdomains within and among your Amazon VPCs. For example, if you have a web
server associated with your domain, you'll create an A record in your hosted zone so browser queries for
example.com are routed to your web server. For more information about resource record sets, see Working
with Resource Record Sets (p. 178). For information about the Amazon VPC requirements for using private
hosted zones, see Using Private Hosted Zones in the Amazon VPC User Guide.
Note the following about using private hosted zones:
Amazon VPC Settings
To use private hosted zones, you must set the following Amazon VPC settings to true:
• enableDnsHostnames
• enableDnsSupport
For more information, see Updating DNS Support for Your VPC in the Amazon VPC User Guide.
Amazon Route 53 Health Checks
In a private hosted zone, you can associate Amazon Route 53 health checks only with failover
resource record sets. For more information, see Configuring Failover in a Private Hosted Zone (p. 270).
Split-View DNS
You can use Amazon Route 53 to configure split-view DNS, also known as split-horizon DNS. If you
want to maintain internal and external versions of the same website or application (for example, for
testing changes before you make them public), you can configure public and private hosted zones
to return different internal and external IP addresses for the same domain name. Just create a public
hosted zone and a private hosted zone that have the same domain name, and create the same
subdomains in both hosted zones.
Associating an Amazon VPC with More than One Private Hosted Zone
You can associate a VPC with more than one private hosted zone, but the namespaces must not
overlap. For example, you cannot associate a VPC with hosted zones for both example.com and
acme.example.com because both namespaces end with example.com.
Public and Private Hosted Zones that Have the Same Name
When you have private and public hosted zones, the private hosted zone takes precedence over the
public hosted zone when you're logged into an Amazon EC2 instance in an Amazon VPC that you
have associated with the private hosted zone. For example, suppose that you have created public
and private hosted zones for example.com, and you have created a www.example.com subdomain
only for the public hosted zone. When you're logged into an Amazon EC2 instance in a VPC that is
API Version 2013-04-01
171

Amazon Route 53 Developer Guide
Creating a Private Hosted Zone

associated with the example.com private hosted zone, you can't browse to www.example.com
because it exists only in the public hosted zone.
Delegating Responsibility for a Subdomain
You cannot create NS records in a private hosted zone to delegate responsibility for a subdomain.
Custom DNS Servers
If you have configured custom DNS servers on Amazon EC2 instances in your VPC, you must
configure those DNS servers to route your private DNS queries to the IP address of the
Amazon-provided DNS servers for your VPC. This IP address is the IP address at the base of the
VPC network range "plus two." For example, if the CIDR range for your VPC is 10.0.0.0/16, the IP
address of the DNS server is 10.0.0.2.
If you're using custom DNS servers that are outside of your VPC and you want to use private DNS,
you must reconfigure to use custom DNS servers on Amazon EC2 instances within your VPC. For
more information, see Amazon DNS Server in the Amazon VPC User Guide.
If you have integrated your on-premises network with one or more Amazon VPC virtual networks
and you want your on-premises network to resolve domain names in private hosted zones, you can
create a Simple AD directory. Simple AD provides IP addresses that you can use to submit DNS
queries from your on-premises network to your private hosted zone. For more information, see Getting
Started with Simple AD in the AWS Directory Service Administration Guide.
This topic explains how to use the Amazon Route 53 console to create, list, and delete private hosted
zones. For information about using the Amazon Route 53 API to perform these operations, see Actions
on Private Hosted Zones in the Amazon Route 53 API Reference.
You can also use an Amazon Route 53 public hosted zone to route traffic for your domain on the Internet.
For more information, see Working with Public Hosted Zones (p. 162).
Topics
• Creating a Private Hosted Zone (p. 172)
• Listing Private Hosted Zones (p. 174)
• Associating More Amazon VPCs with a Private Hosted Zone (p. 174)
• Associating Amazon VPCs and Private Hosted Zones That You Create with Different AWS
Accounts (p. 175)
• Disassociating Amazon VPCs from a Private Hosted Zone (p. 176)
• Deleting a Private Hosted Zone (p. 177)

Creating a Private Hosted Zone
A private hosted zone is a container for resource record sets for a specified domain that you host in one
or more Amazon Virtual Private Clouds (Amazon VPCs). You create a hosted zone for a domain (such
as example.com), and then you create resource record sets to tell Amazon Route 53 how you want traffic
to be routed for that domain within and among your Amazon VPCs.
For information about creating a private hosted zone by using the Amazon Route 53 API, see POST
CreateHostedZone (Private) in the Amazon Route 53 API Reference.

To create a private hosted zone
1.

If you want to use different accounts to create the hosted zone and the associated Amazon VPCs,
we need to update account permissions for you. Perform the procedure in Associating Amazon VPCs
and Private Hosted Zones That You Create with Different AWS Accounts (p. 175).

API Version 2013-04-01
172

Amazon Route 53 Developer Guide
Creating a Private Hosted Zone

2.

When the AWS customer support team contacts you to tell you that permissions for the hosted zone
have been updated, continue with the rest of this procedure.
For each Amazon VPC that you want to associate with the Amazon Route 53 hosted zone, change
the following Amazon VPC settings to true:
• enableDnsHostnames
• enableDnsSupport
For more information, see Updating DNS Support for Your VPC in the Amazon VPC User Guide.

3.

5.

If you're using an account to create the hosted zone that is different from the account that you used
to create the VPCs that you're associating with the hosted zone, get the VPC IDs and the
corresponding regions. For more information, see To get the VPC ID and region for a VPC that is
associated with another AWS account (p. 173).
Sign in to the AWS Management Console and open the Amazon Route 53 console at https://
console.aws.amazon.com/route53/.
If you're new to Amazon Route 53, choose Get Started Now under DNS Management.

6.
7.

If you're already using Amazon Route 53, choose Hosted Zones in the navigation pane.
Choose Create Hosted Zone.
In the Create Private Hosted Zone pane, enter a domain name and, optionally, a comment.

8.
9.

For information about how to specify characters other than a-z, 0-9, and - (hyphen) and how to specify
internationalized domain names, see DNS Domain Name Format (p. 2).
In the Type list, choose Private Hosted Zone for Amazon VPC.
In the VPC ID list, choose the Amazon VPC that you want to associate with the hosted zone.

4.

If you want to associate a VPC that you created by using a different account, the VPC won't appear
in the list. Type the VPC ID and region in the following format:
VPC ID | region-name

In this format, region-name is the applicable value in the Region column in the Amazon VPC table
in AWS Regions and Endpoints.
If you want to associate more than one VPC with the hosted zone, you can add VPCs after you create
the hosted zone. For more information, see Associating More Amazon VPCs with a Private Hosted
Zone (p. 174).
10. Choose Create.

To get the VPC ID and region for a VPC that is associated with another AWS account
1.
2.

Sign in to the AWS Management Console and open the Amazon VPC console at https://
console.aws.amazon.com/vpc/.
In the navigation pane, choose Your VPCs.

3.

In the region selector at the upper right of the console, choose the region that you created the VPC
in.

4.
5.

In the VPC ID column, get the ID of the VPC that you want to associate with the hosted zone.
If you want to associate multiple VPCs with the hosted zone and you created the VPCs by using an
account that is different from the account that you'll use to create the hosted zone, repeat steps 3
and 4 to get the ID and region for each VPC.

API Version 2013-04-01
173

Amazon Route 53 Developer Guide
Listing Private Hosted Zones

Listing Private Hosted Zones
You can use the Amazon Route 53 console to list all of the hosted zones that you created with the current
AWS account. For information about how to list hosted zones using the Amazon Route 53 API, see GET
ListHostedZones (Public and Private) in the Amazon Route 53 API Reference.

To list the hosted zones associated with an AWS account using the Amazon Route 53
console
1.

Sign in to the AWS Management Console and open the Amazon Route 53 console at https://
console.aws.amazon.com/route53/.

2.

In the navigation pane, choose Hosted Zones.
The Hosted Zones page automatically displays a list of all of the hosted zones that were created
using the current AWS account. The Type column indicates whether a hosted zone is private or
public. Choose the column heading to group all private hosted zones and all public hosted zones.

Associating More Amazon VPCs with a Private
Hosted Zone
You can use the Amazon Route 53 console to associate more Amazon VPCs with a private hosted zone.
For information about how to associate more Amazon VPCs with a private hosted zone using the Amazon
Route 53 API, see POST AssociateVPCWithHostedZone in the Amazon Route 53 API Reference.

To associated additional Amazon VPCs with a private hosted zone using the Amazon
Route 53 console
1.

2.

3.
4.
5.
6.

If you used different accounts to create the hosted zone and the Amazon VPCs that you're associating
with the hosted zone, we need to update account permissions for you. Perform the procedure in
Associating Amazon VPCs and Private Hosted Zones That You Create with Different AWS
Accounts (p. 175) if you haven't already.
When the AWS customer support team contacts you to tell you that permissions for the hosted zone
have been updated, continue with the rest of this procedure.
If you used different accounts to create the hosted zone and the Amazon VPCs that you're associating
with the hosted zone, get the VPC IDs and the corresponding regions. For more information, see To
get the VPC ID and region for a VPC that is associated with another AWS account (p. 175).
Sign in to the AWS Management Console and open the Amazon Route 53 console at https://
console.aws.amazon.com/route53/.
In the navigation pane, choose Hosted Zones.
Select the radio button for the private hosted zone that you want to associate additional Amazon
VPCs with.
In the right pane, in VPC ID, choose the ID of the VPC that you want to associate with this hosted
zone.
If you want to associate a VPC that you created by using a different account, the VPC won't appear
in the list. Type the VPC ID and region in the following format:
VPC ID | region-name

In this format, region-name is the applicable value in the Region column in the Amazon VPC table
in AWS Regions and Endpoints.

API Version 2013-04-01
174

Amazon Route 53 Developer Guide
Associating Amazon VPCs and Private Hosted Zones
That You Create with Different AWS Accounts

7.
8.

Choose Associate New VPC.
If you want to associate additional VPCs with this hosted zone, repeat steps 6 and 7.

To get the VPC ID and region for a VPC that is associated with another AWS account
1.
2.
3.
4.
5.

Sign in to the AWS Management Console and open the Amazon VPC console at https://
console.aws.amazon.com/vpc/.
In the navigation pane, choose Your VPCs.
In the region selector at the upper right of the console, choose the region that you created the VPC
in.
In the VPC ID column, get the ID of the VPC that you want to associate with the hosted zone.
If you want to associate multiple VPCs with the hosted zone and you created the VPCs by using an
account that is different from the account that you'll use to create the hosted zone, repeat steps 3
and 4 to get the ID and region for each VPC.

Associating Amazon VPCs and Private Hosted
Zones That You Create with Different AWS
Accounts
If you want to perform either of the following tasks, contact the AWS Support Center first so we can update
your permissions for you:
• Create an Amazon Route 53 private hosted zone by using one AWS account and associate Amazon
VPCs that you created by using one or more other AWS accounts with the new hosted zone
• Associate an Amazon VPC that you created by using one AWS account with an existing Amazon
Route 53 private hosted zone that you created by using another AWS account
When the AWS customer support team contacts you to tell you that permissions for the hosted zone have
been updated, you can create the private hosted zone or associate Amazon VPCs with the existing hosted
zone.

To associate Amazon VPCs and private hosted zones that were created by different AWS
accounts
1.
2.

Using the AWS account that you have already created a private hosted zone with or that you will
create one with, sign in to the AWS Support Center.
Specify the following values:
Regarding
Accept the default value of Account and Billing Support.
Service
Choose Account.
Category
Choose Other Account Issues.
Subject
Specify Associate an Amazon VPC with a hosted zone that was created by a different
account.
Description
Provide the following information:

API Version 2013-04-01
175

Amazon Route 53 Developer Guide
Disassociating Amazon VPCs from a Private Hosted
Zone

• The hosted zone ID of the hosted zone that you want to want to associate the Amazon VPC
with
• The AWS account IDs for all of the accounts that created the Amazon VPCs that you want to
associate with the Amazon Route 53 hosted zone
• The VPC IDs and their regions
Contact method
Specify a contact method and, if you choose Phone, enter the applicable values.

3.

4.

Choose Submit.
The AWS customer support team works with the Amazon Route 53 team to update the permissions
for the AWS account that created the existing hosted zone or that you want to use to create a new
hosted zone. When permissions for the hosted zone have been updated, the AWS customer support
team contacts you by using the contact method that you specified when you opened the case.
Use the Amazon Route 53 console, one of the AWS SDKs, the AWS CLI, or the Amazon Route 53
API to associate Amazon VPCs with your hosted zones. You can either associate VPCs with an
existing private hosted zone or create a new hosted zone and associate VPCs at the same time. For
more information, see the applicable documentation:
• Amazon Route 53 console – See Creating a Private Hosted Zone (p. 172) or Associating More
Amazon VPCs with a Private Hosted Zone (p. 174)
• SDK documentation – See the AWS Documentation page
• AWS CLI documentation – See the AWS Command Line Interface Reference
• Amazon Route 53 API – See Actions on Private Hosted Zones in the Amazon Route 53 API
Reference

Disassociating Amazon VPCs from a Private
Hosted Zone
You can use the Amazon Route 53 console to disassociate Amazon VPCs from a private hosted zone.
For information about how to disassociate Amazon VPCs from a private hosted zone using the Amazon
Route 53 API, see POST DisassociateVPCFromHostedZone in the Amazon Route 53 API Reference.

To disassociated Amazon VPCs from a private hosted zone using the Amazon Route 53
console
1.

Sign in to the AWS Management Console and open the Amazon Route 53 console at https://
console.aws.amazon.com/route53/.

2.
3.
4.

In the navigation pane, choose Hosted Zones.
Select the private hosted zone from which you want to disassociate one or more Amazon VPCs.
In the right pane, choose the x icon next to the VPC that you want to disassociate from this hosted
zone.
Choose Disassociate to confirm.

5.

API Version 2013-04-01
176

Amazon Route 53 Developer Guide
Deleting a Private Hosted Zone

Deleting a Private Hosted Zone
The following procedure explains how to delete a private hosted zone using the Amazon Route 53 console.
For information about how to delete a private hosted zone using the Amazon Route 53 API, see DELETE
DeleteHostedZone (Private) in the Amazon Route 53 API Reference.
You can delete a private hosted zone only if there are no resource record sets other than the default SOA
and NS records. If your hosted zone contains other resource record sets, you must delete them before
you can delete your hosted zone. This prevents you from accidentally deleting a hosted zone that still
contains resource record sets.

To delete a private hosted zone using the Amazon Route 53 console
1.
2.

Sign in to the AWS Management Console and open the Amazon Route 53 console at https://
console.aws.amazon.com/route53/.
Confirm that the hosted zone that you want to delete contains only an NS and an SOA resource
record set. If it contains additional resource record sets, delete them:
a.
b.

c.

3.
4.
5.

Choose the name of the hosted zone that you want to delete.
On the Record Sets page, if the list of resource record sets includes any resource record sets
for which the value of the Type column is something other than NS or SOA, choose the row,
and choose Delete Record Set.
To select multiple, consecutive resource record sets, choose the first row, press and hold the
Shift key, and choose the last row. To select multiple, non-consecutive resource record sets,
choose the first row, press and hold the Ctrl key, and choose the remaining rows.
Choose Back to Hosted Zones.

On the Hosted Zones page, choose the row for the hosted zone that you want to delete.
Choose Delete Hosted Zone.
Choose Confirm.

API Version 2013-04-01
177

Amazon Route 53 Developer Guide

Working with Resource Record
Sets
After you create a hosted zone for your domain, such as example.com, you create resource record sets
to tell the Domain Name System (DNS) how you want traffic to be routed for that domain.
For example, you might create resource record sets that cause DNS to do the following:
• Route Internet traffic for example.com to the IP address of a host in your data center.
• Route email for that domain (ichiro@example.com) to a mail server (mail.example.com).
• Route traffic for a subdomain called operations.tokyo.example.com to the IP address of a different host.
Each resource record set includes the name of a domain or a subdomain, a record type (for example, a
resource record set with a type of MX routes email), and other information applicable to the record type
(for MX records, the host name of one or more mail servers and a priority for each server). For information
about the different types of resource records, see DNS Domain Name Format (p. 2).
The name of each resource record set in a hosted zone must end with the name of the hosted zone. For
example, the example.com hosted zone can contain resource record sets for www.example.com and
accounting.tokyo.example.com subdomains, but cannot contain resource record sets for a www.example.ca
subdomain.

Note
To create resource record sets for complex routing configurations, you can also use the traffic
flow visual editor and save the configuration as a traffic policy. You can then associate the traffic
policy with one or more domain names (such as example.com) or subdomain names (such as
www.example.com), in the same hosted zone or in multiple hosted zones. In addition, you can
roll back the updates if the new configuration isn't performing as you expected it to. For more
information, see Using Traffic Flow to Route DNS Traffic (p. 234).
Amazon Route 53 doesn't charge for the resource record sets that you add to a hosted zone. For
information about limits on the number of resource record sets that you can create in a hosted zone, see
Limits (p. 309).
Topics
• Choosing a Routing Policy (p. 179)
• Choosing Between Alias and Non-Alias Resource Record Sets (p. 182)
• Creating Resource Record Sets by Using the Amazon Route 53 Console (p. 184)
API Version 2013-04-01
178

Amazon Route 53 Developer Guide
Choosing a Routing Policy

• Values that You Specify When You Create or Edit Amazon Route 53 Resource Record Sets (p. 186)
• Creating Resource Record Sets By Importing a Zone File (p. 230)
• Editing Resource Record Sets (p. 232)
• Deleting Resource Record Sets (p. 232)
• Listing Resource Record Sets (p. 233)

Choosing a Routing Policy
When you create a resource record set, you choose a routing policy, which determines how Amazon
Route 53 responds to queries:
Simple Routing Policy
Use a simple routing policy when you have a single resource that performs a given function for your
domain, for example, one web server that serves content for the example.com website. In this case,
Amazon Route 53 responds to DNS queries based only on the values in the resource record set, for
example, the IP address in an A record.
Weighted Routing Policy
Use the weighted routing policy when you have multiple resources that perform the same function
(for example, web servers that serve the same website) and you want Amazon Route 53 to route
traffic to those resources in proportions that you specify (for example, one quarter to one server and
three quarters to the other). For more information about weighted resource record sets, see Weighted
Routing (p. 179).
Latency Routing Policy
Use the latency routing policy when you have resources in multiple Amazon EC2 data centers that
perform the same function and you want Amazon Route 53 to respond to DNS queries with the
resources that provide the best latency. For example, you might have web servers for example.com
in the Amazon EC2 data centers in Ireland and in Tokyo. When a user browses to example.com,
Amazon Route 53 chooses to respond to the DNS query based on which data center gives your user
the lowest latency. For more information about latency resource record sets, see Latency-Based
Routing (p. 180).
Failover Routing Policy (Public Hosted Zones Only)
Use the failover routing policy when you want to configure active-passive failover, in which one
resource takes all traffic when it's available and the other resource takes all traffic when the first
resource isn't available. For more information about failover resource record sets, see Configuring
Active-Passive Failover by Using Amazon Route 53 Failover and Failover Alias Resource Record
Sets (p. 273). For information about creating failover resource record sets in a private hosted zone,
see Configuring Failover in a Private Hosted Zone (p. 270).
Geolocation Routing Policy
Use the geolocation routing policy when you want Amazon Route 53 to respond to DNS queries
based on the location of your users. For more information about geolocation resource record sets,
see Geolocation Routing (p. 181).

Weighted Routing
Weighted resource record sets let you associate multiple resources with a single DNS name. This can
be useful for a variety of purposes, including load balancing and testing new versions of software. To
create a group of weighted resource record sets, you create two or more resource record sets that have
the same combination of DNS name and type, and you assign each resource record set a unique identifier
and a relative weight.
When processing a DNS query, Amazon Route 53 searches for a resource record set or a group of
resource record sets that have the specified name and type. For weighted resource record sets, Amazon

API Version 2013-04-01
179

Amazon Route 53 Developer Guide
Latency-Based Routing

Route 53 selects one from the group. The probability of any one resource record set being selected
depends on its weight as a proportion of the total weight for all resource record sets in the group:

For example, suppose you create three resource record sets for www.example.com. The three A records
have weights of 1, 1, and 3 (sum = 5). On average, Amazon Route 53 selects each of the first two resource
record sets one-fifth of the time, and returns the third resource record set three-fifths of the time.

Latency-Based Routing
If your application is hosted on Amazon EC2 instances in multiple Amazon EC2 regions, you can reduce
latency for your users by serving their requests from the Amazon EC2 region for which network latency
is lowest. Amazon Route 53 latency-based routing lets you use DNS to route user requests to the Amazon
EC2 region that will give your users the fastest response.
To use latency-based routing, you create a latency resource record set for the Amazon EC2 resource in
each region that hosts your application. When Amazon Route 53 receives a query for the corresponding
domain, it selects the latency resource record set for the Amazon EC2 region that gives the user the
lowest latency. Amazon Route 53 then responds with the value associated with that resource record set.
For example, suppose you have ELB load balancers in the US West (Oregon) region and in the Asia
Pacific (Singapore) region, and that you've created a latency resource record set in Amazon Route 53
for each load balancer. A user in London enters the name of your domain in a browser, and DNS routes
the request to an Amazon Route 53 name server. Amazon Route 53 refers to its data on latency between
London and the Singapore region and between London and the Oregon region. If latency is lower between
London and the Oregon region, Amazon Route 53 responds to the user's request with the IP address of
your load balancer in the Amazon EC2 data center in Oregon. If latency is lower between London and
the Singapore region, Amazon Route 53 responds with the IP address of your load balancer in the Amazon
EC2 data center in Singapore.

Latency between hosts on the Internet can change over time as a result of changes in network connectivity
and routing. Latency-based routing is based on latency measurements performed over a period of time,
and the measurements reflect these changes. For example, if you have load balancers in the Oregon

API Version 2013-04-01
180

Amazon Route 53 Developer Guide
Geolocation Routing

and Singapore Amazon EC2 regions, a request that is routed to the Oregon region this week might be
routed to the Singapore region next week if latency from the user to the Singapore region improves.
You can create latency resource record sets for the following:
• Amazon EC2 instances, with or without Elastic IP addresses.
• ELB load balancers, which balance traffic for Amazon EC2 instances.
You can create latency resource record sets using any record type that Amazon Route 53 supports except
NS or SOA. For information about supported record types, see Supported DNS Resource Record
Types (p. 4).
To create latency resource record sets, perform the following steps:
1. Create the AWS resources for your application:
• If you want to use ELB load balancers, create one or more load balancers in each Amazon EC2
region in which you want to run your application. For more information, see Managing Load Balancers
in the Elastic Load Balancing Developer Guide.
The name you specify when you create a load balancer is the name you'll use when you create a
latency resource record set in Amazon Route 53.
• If you want to use Amazon EC2 instances, launch one or more Amazon EC2 instances in each
Amazon EC2 region in which you want to run your application. For more information, see Amazon
EC2 Getting Started Guide.

Note
We recommend that you assign Elastic IP addresses to your Amazon EC2 instances to
ensure that the IP addresses don't change.
2. Create an Amazon Route 53 hosted zone (p. 162).
3. Create latency resource record sets in your hosted zone. For information about how to create resource
record sets using the Amazon Route 53 console, see Creating Resource Record Sets by Using the
Amazon Route 53 Console (p. 184). For information about how to create latency resource record sets
using the Amazon Route 53 API, see POST ChangeResourceRecordSets in the Amazon Route 53
API Reference.

Geolocation Routing
Geolocation routing lets you choose the resources that serve your traffic based on the geographic location
of your users, meaning the location from which DNS queries originate. For example, you might want all
queries from Africa to be routed to a web server with an IP address of 192.0.2.111.
When you use geolocation routing, you can localize your content and present some or all of your website
in the language of your users. You can also use geolocation routing to restrict distribution of content to
only the locations in which you have distribution rights. Another possible use is for balancing load across
endpoints in a predictable, easy-to-manage way, so that each user location is consistently routed to the
same endpoint.
You can specify geographic locations by continent, by country, or by state in the United States. If you
create separate resource record sets for overlapping geographic regions—for example, one resource
record set for a continent and one for a country on the same continent—priority goes to the smallest
geographic region. This allows you to route some queries for a continent to one resource and to route
queries for selected countries on that continent to a different resource. (For a list of the countries on each
continent, see Location (p. 221).)
Geolocation works by mapping IP addresses to locations. However, some IP addresses aren't mapped
to geographic locations, so even if you create geolocation resource record sets that cover all seven
API Version 2013-04-01
181

Amazon Route 53 Developer Guide
Choosing Between Alias and Non-Alias Resource Record
Sets

continents, Amazon Route 53 will receive some DNS queries from locations that it can't identify. You can
create a default resource record set that handles both queries from IP addresses that aren't mapped to
any location and queries that come from locations for which you haven't created geolocation resource
record sets. If you don't create a default resource record set, Amazon Route 53 returns a "no answer"
response for queries from those locations.
You cannot create two geolocation resource record sets that specify the same geographic location. You
also cannot create geolocation resource record sets that have the same values for Name and Type as
the Name and Type of non-geolocation resource record sets.
To improve the accuracy of geolocation routing, Amazon Route 53 supports the edns-client-subnet
extension of EDNS0. (EDNS0 adds several optional extensions to the DNS protocol.) Amazon Route 53
can use edns-client-subnet only when DNS resolvers support it:
• When a browser or other viewer uses a DNS resolver that does not support edns-client-subnet, Amazon
Route 53 uses the source IP address of the DNS resolver to approximate the location of the user and
responds to geolocation queries with the DNS record for the resolver's location.
• When a browser or other viewer uses a DNS resolver that does support edns-client-subnet, the DNS
resolver sends Amazon Route 53 a truncated version of the user's IP address. Amazon Route 53
determines the location of the user based on the truncated IP address rather than the source IP address
of the DNS resolver; this typically provides a more accurate estimate of the user's location. Amazon
Route 53 then responds to geolocation queries with the DNS record for the user's location.
For more information about edns-client-subnet, see the IETF draft Client Subnet in DNS Requests.

Choosing Between Alias and Non-Alias
Resource Record Sets
While ordinary Amazon Route 53 resource record sets are standard DNS resource record sets, alias
resource record sets provide an Amazon Route 53–specific extension to DNS functionality. Instead of an
IP address or a domain name, an alias resource record set contains a pointer to a CloudFront distribution,
an Elastic Beanstalk environment, an ELB load balancer, an Amazon S3 bucket that is configured as a
static website, or another Amazon Route 53 resource record set in the same hosted zone. When Amazon
Route 53 receives a DNS query that matches the name and type in an alias resource record set, Amazon
Route 53 follows the pointer and responds with the applicable value:
• An alternate domain name for a CloudFront distribution – Amazon Route 53 responds as if the
query had asked for the CloudFront distribution by using the CloudFront domain name, such as
d111111abcdef8.cloudfront.net.

Note
You can't create alias resource record sets for CloudFront distributions in a private hosted
zone.
• An Elastic Beanstalk environment – Amazon Route 53 responds to each request with one or more
IP addresses for the environment.
• An ELB load balancer – Amazon Route 53 responds to each request with one or more IP addresses
for the load balancer.
• An Amazon S3 bucket that is configured as a static website – Amazon Route 53 responds to each
request with one IP address for the Amazon S3 bucket.
• Another Amazon Route 53 resource record set in the same hosted zone – Amazon Route 53
responds as if the query had asked for the resource record set that is referenced by the pointer.

API Version 2013-04-01
182

Amazon Route 53 Developer Guide
Choosing Between Alias and Non-Alias Resource Record
Sets

If an alias resource record set points to a CloudFront distribution, an Elastic Beanstalk environment, an
ELB load balancer, or an Amazon S3 bucket, you cannot set the time to live (TTL); Amazon Route 53
uses the CloudFront, Elastic Beanstalk, Elastic Load Balancing, or Amazon S3 TTLs. If an alias resource
record set points to another resource record set in the same hosted zone, Amazon Route 53 uses the
TTL of the resource record set that the alias resource record set points to. For more information about
the current TTL value for Elastic Load Balancing, go to Request Routing in the Elastic Load Balancing
Developer Guide and search for "ttl".
Alias resource record sets can save you time because Amazon Route 53 automatically recognizes changes
in the resource record sets that the alias resource record set refers to. For example, suppose an alias
resource record set for example.com points to an ELB load balancer at
lb1-1234.us-east-1.elb.amazonaws.com. If the IP address of the load balancer changes, Amazon Route 53
will automatically reflect those changes in DNS answers for example.com without any changes to the
hosted zone that contains resource record sets for example.com.

Note
You can't create alias resource record sets for CloudFront distributions in a private hosted zone.
For information about creating resource record sets by using the Amazon Route 53 console, see Creating
Resource Record Sets by Using the Amazon Route 53 Console (p. 184). For information about the values
that you specify for alias resource record sets, see the applicable topic in Values that You Specify When
You Create or Edit Amazon Route 53 Resource Record Sets (p. 186):
•
•
•
•
•

Values for Alias Resource Record Sets (p. 192)
Values for Weighted Alias Resource Record Sets (p. 196)
Values for Latency Alias Resource Record Sets (p. 206)
Values for Failover Alias Resource Record Sets (p. 215)
Values for Geolocation Alias Resource Record Sets (p. 224)

Alias resource records sets are similar to CNAME records, but there are some important differences:
CNAME Records

Alias Records

Amazon Route 53 charges for CNAME queries.

Amazon Route 53 doesn't charge for alias queries
to CloudFront distributions, Elastic Beanstalk environments, ELB load balancers, or Amazon S3
buckets. For more information, see Amazon
Route 53 Pricing.

You cannot create a CNAME record at the top node You can create an alias resource record set at the
of a DNS namespace, also known as the zone
zone apex.
apex. For example, if you register the DNS name
example.com, the zone apex is example.com.
A CNAME record redirects queries for a domain
name regardless of record type.

Amazon Route 53 follows the pointer in an alias
resource record set only when the record type also
matches.

API Version 2013-04-01
183

Amazon Route 53 Developer Guide
Creating Resource Record Sets by Using the Amazon
Route 53 Console

CNAME Records

Alias Records

A CNAME record can point to any DNS record
hosted anywhere, including to the resource record
set that Amazon Route 53 automatically creates
when you create a policy record. For more information, see Using Traffic Flow to Route DNS
Traffic (p. 234).

An alias resource record set can only point to a
CloudFront distribution, an Elastic Beanstalk environment, an ELB load balancer, an Amazon S3
bucket that is configured as a static website, or
another resource record set in the same Amazon
Route 53 hosted zone in which you're creating the
alias resource record set. However, you can't create
an alias that points to the resource record set that
Amazon Route 53 creates when you create a policy
record.

A CNAME record is visible in the answer section
of a reply from an Amazon Route 53 DNS server.

An alias resource record set is only visible in the
Amazon Route 53 console or the Amazon Route 53
API.

A CNAME record is followed by a recursive resolv- An alias resource record set is only followed inside
er.
Amazon Route 53. This means that both the alias
resource record set and its target must exist in
Amazon Route 53.

Creating Resource Record Sets by Using the
Amazon Route 53 Console
The following procedure explains how to create resource record sets using the Amazon Route 53 console.
For information about how to create resource record sets using the Amazon Route 53 API, see POST
ChangeResourceRecordSets in the Amazon Route 53 API Reference.

Note
To create resource record sets for complex routing configurations, you can also use the traffic
flow visual editor and save the configuration as a traffic policy. You can then associate the traffic
policy with one or more domain names (such as example.com) or subdomain names (such as
www.example.com), in the same hosted zone or in multiple hosted zones. In addition, you can
roll back the updates if the new configuration isn't performing as you expected it to. For more
information, see Using Traffic Flow to Route DNS Traffic (p. 234).

To create a resource record set using the Amazon Route 53 console
1.

If you're not creating an alias resource record set, go to step 2.
Also go to step 2 if you're creating an alias resource record set that routes DNS traffic to a CloudFront
distribution, an Elastic Beanstalk environment, an Amazon S3 bucket, or another Amazon Route 53
resource record set.

2.
3.

If you're creating an alias resource record set that routes traffic to an Elastic Load Balancing load
balancer, and if you created your Amazon Route 53 hosted zone and your load balancer using
different accounts, perform the procedure Getting the DNS Name for an ELB Load Balancer (p. 185)
to get the DNS name for the load balancer.
Sign in to the AWS Management Console and open the Amazon Route 53 console at https://
console.aws.amazon.com/route53/.
If you already have a hosted zone for your domain, skip to step 4. If you don't, perform the following
steps:
a.

Click Create Hosted Zone.
API Version 2013-04-01
184

Amazon Route 53 Developer Guide
Creating Resource Record Sets by Using the Amazon
Route 53 Console

4.
5.
6.

b.
c.

For Domain Name, enter the name of your domain.
Optional: For Comment, enter a comment about the hosted zone.

d.

Click Create.

On the Hosted Zones page, choose the name of the hosted zone in which you want to create
resource record sets.
Click Create Record Set.
Enter the applicable values. For more information, see the topic for the kind of resource record set
that you want to create:
• Values for Basic Resource Record Sets (p. 186)
• Values for Weighted Resource Record Sets (p. 189)
• Values for Alias Resource Record Sets (p. 192)
•
•
•
•
•
•
•

7.

Values for Weighted Alias Resource Record Sets (p. 196)
Values for Latency Resource Record Sets (p. 202)
Values for Latency Alias Resource Record Sets (p. 206)
Values for Failover Resource Record Sets (p. 212)
Values for Failover Alias Resource Record Sets (p. 215)
Values for Geolocation Resource Record Sets (p. 220)
Values for Geolocation Alias Resource Record Sets (p. 224)

Click Create.

Note
Your new resource record sets take time to propagate to the Amazon Route 53 DNS servers.
Currently, the only way to verify that changes have propagated is to use the GetChange
API action. Changes generally propagate to all Amazon Route 53 name servers in a couple
of minutes. In rare circumstances, propagation can take up to 30 minutes.
8.

If you're creating multiple resource record sets, repeat steps 5 through 7.

Getting the DNS Name for an ELB Load Balancer
1.
2.
3.
4.
5.

Sign in to the AWS Management Console using the AWS account that was used to create the load
balancer for which you want to create an alias resource record set.
Open the Amazon EC2 console at https://console.aws.amazon.com/ec2/.
In the navigation pane, click Load Balancers.
In the list of load balancers, select the load balancer for which you want to create an alias resource
record set.
On the Description tab, get the DNS name that is labeled A or AAAA Record. This domain name
begins with dualstack.

6.
7.

If you want to create alias resource record sets for other ELB load balancers, repeat steps 4 and 5.
Sign out of the AWS Management Console.

8.

Sign in to the AWS Management Console again using the AWS account that you used to create the
Amazon Route 53 hosted zone.
Return to step 3 of the procedure Creating Resource Record Sets by Using the Amazon Route 53
Console (p. 184).

9.

API Version 2013-04-01
185

Amazon Route 53 Developer Guide
Values that You Specify When You Create or Edit
Amazon Route 53 Resource Record Sets

Values that You Specify When You Create or
Edit Amazon Route 53 Resource Record Sets
When you create resource record sets using the Amazon Route 53 console, the values that you specify
depend on the routing policy that you want to use and on whether you're creating alias resource record
sets, which route traffic to AWS resources.
Topics
• Values for Basic Resource Record Sets (p. 186)
• Values for Weighted Resource Record Sets (p. 189)
• Values for Alias Resource Record Sets (p. 192)
• Values for Weighted Alias Resource Record Sets (p. 196)
• Values for Latency Resource Record Sets (p. 202)
• Values for Latency Alias Resource Record Sets (p. 206)
•
•
•
•

Values for Failover Resource Record Sets (p. 212)
Values for Failover Alias Resource Record Sets (p. 215)
Values for Geolocation Resource Record Sets (p. 220)
Values for Geolocation Alias Resource Record Sets (p. 224)

Values for Basic Resource Record Sets
When you create basic resource record sets, you specify the following values:
Topics
• Name (p. 186)
• Type (p. 187)
• Alias (p. 187)
• TTL (Time to Live) (p. 187)
• Value (p. 187)
• Routing Policy (p. 188)

Name
Enter the name of the domain or subdomain for which you're creating the resource record set. The default
value is the name of the hosted zone. If you're creating a resource record set that has the same name
as the hosted zone, don't enter a value (for example, an @ symbol) in the Name field.
For information about how to specify characters other than a-z, 0-9, and - (hyphen) and how to specify
internationalized domain names, see DNS Domain Name Format (p. 2).
You can use an asterisk (*) character in the name. DNS treats the * character either as a wildcard or as
the * character (ASCII 42), depending on where it appears in the name. For more information, see Using
an Asterisk (*) in the Names of Hosted Zones and Resource Record Sets (p. 3).

Important
You can't use the * wildcard for resource records sets that have a type of NS.

API Version 2013-04-01
186

Amazon Route 53 Developer Guide
Values for Basic Resource Record Sets

Type
The DNS record type. For more information, see Supported DNS Resource Record Types (p. 4).
Select the value for Type based on how you want Amazon Route 53 to respond to DNS queries.

Alias
Select No.

TTL (Time to Live)
The amount of time, in seconds, that you want DNS recursive resolvers to cache information about this
resource record set. If you specify a longer value (for example, 172800 seconds, or two days), you pay
less for Amazon Route 53 service because recursive resolvers send requests to Amazon Route 53 less
often. However, it takes longer for changes to the resource record set (for example, a new IP address)
to take effect because recursive resolvers use the values in their cache for longer periods instead of
asking Amazon Route 53 for the latest information.
If you're associating this resource record set with a health check, we recommend that you specify a TTL
of 60 seconds or less so clients respond quickly to changes in health status.

Value
Enter a value that is appropriate for the value of Type. For all types except CNAME, you can enter more
than one value. Enter each value on a separate line.
A — IPv4 address
An IP address in IPv4 format, for example, 192.0.2.235.
AAAA — IPv6 address
An IP address in IPv6 format, for example, 2001:0db8:85a3:0:0:8a2e:0370:7334.
CNAME — Canonical name
The fully qualified domain name (for example, www.example.com) that you want Amazon Route 53
to return in response to DNS queries for this resource record set. A trailing dot is optional; Amazon
Route 53 assumes that the domain name is fully qualified. This means that Amazon Route 53 treats
www.example.com (without a trailing dot) and www.example.com. (with a trailing dot) as identical.
MX — Mail exchange
A priority and a domain name that specifies a mail server, for example, 10 mailserver.example.com.
NS — Name server
The domain name of a name server, for example, ns1.example.com.
PTR — Pointer
The domain name that you want Amazon Route 53 to return.
SOA — Start of Authority
Basic DNS information about the domain. For more information, see The Start of Authority (SOA)
Resource Record Set (p. 170).
SPF — Sender Policy Framework
An SPF record enclosed in quotation marks, for example, "v=spf1 ip4:192.168.0.1/16-all". SPF
records are not recommended. For more information, see Supported DNS Resource Record
Types (p. 4).
SRV — Service locator
An SRV record. For information about SRV record format, refer to the applicable documentation.
The format of an SRV record is:
[priority] [weight] [port] [server host name]

API Version 2013-04-01
187

Amazon Route 53 Developer Guide
Values for Basic Resource Record Sets

For example:
1 10 5269 xmpp-server.example.com.
TXT — Text
A text record. Enclose text in quotation marks, for example, "Sample Text Entry".

Routing Policy
Select Simple.

API Version 2013-04-01
188

Amazon Route 53 Developer Guide
Values for Weighted Resource Record Sets

Values for Weighted Resource Record Sets
When you create weighted resource record sets, you specify the following values:
Topics
• Name (p. 189)
• Type (p. 189)
• Alias (p. 189)
• TTL (Time to Live) (p. 189)
• Value (p. 190)
• Routing Policy (p. 190)
• Weight (p. 190)
• Set ID (p. 191)
• Associate with Health Check/Health Check to Associate (p. 191)

Name
Enter the name of the domain or subdomain for which you're creating the resource record set. The default
value is the name of the hosted zone. If you're creating a resource record set that has the same name
as the hosted zone, don't enter a value (for example, an @ symbol) in the Name field.
For information about how to specify characters other than a-z, 0-9, and - (hyphen) and how to specify
internationalized domain names, see DNS Domain Name Format (p. 2).
Enter the same name for all of the resource record sets in the group of weighted resource record sets.
You can use an asterisk (*) character in the name. DNS treats the * character either as a wildcard or as
the * character (ASCII 42), depending on where it appears in the name. For more information, see Using
an Asterisk (*) in the Names of Hosted Zones and Resource Record Sets (p. 3).

Type
The DNS record type. For more information, see Supported DNS Resource Record Types (p. 4).
Select the same value for all of the resource record sets in the group of weighted resource record sets.

Alias
Select No.

TTL (Time to Live)
The amount of time, in seconds, that you want DNS recursive resolvers to cache information about this
resource record set. If you specify a longer value (for example, 172800 seconds, or two days), you pay
less for Amazon Route 53 service because recursive resolvers send requests to Amazon Route 53 less
often. However, it takes longer for changes to the resource record set (for example, a new IP address)
to take effect because recursive resolvers use the values in their cache for longer periods instead of
asking Amazon Route 53 for the latest information.
If you're associating this resource record set with a health check, we recommend that you specify a TTL
of 60 seconds or less so clients respond quickly to changes in health status.
You must specify the same value for TTL for all of the resource record sets in this group of weighted
resource record sets.
API Version 2013-04-01
189

Amazon Route 53 Developer Guide
Values for Weighted Resource Record Sets

If a group of weighted resource record sets includes one or more weighted alias resource record sets for
which the alias target is an ELB load balancer, we recommend that you specify a TTL of 60 seconds for
all of the non-alias weighted resource record sets that have the same name and type. Values other than
60 seconds (the TTL for load balancers) will change the effect of the values that you specify for Weight.

Value
Enter a value that is appropriate for the value of Type. For all types except CNAME, you can enter more
than one value. Enter each value on a separate line.
A — IPv4 address
An IP address in IPv4 format, for example, 192.0.2.235.
AAAA — IPv6 address
An IP address in IPv6 format, for example, 2001:0db8:85a3:0:0:8a2e:0370:7334.
CNAME — Canonical name
The fully qualified domain name (for example, www.example.com) that you want Amazon Route 53
to return in response to DNS queries for this resource record set. A trailing dot is optional; Amazon
Route 53 assumes that the domain name is fully qualified. This means that Amazon Route 53 treats
www.example.com (without a trailing dot) and www.example.com. (with a trailing dot) as identical.
MX — Mail exchange
A priority and a domain name that specifies a mail server, for example, 10 mailserver.example.com.
PTR — Pointer
The domain name that you want Amazon Route 53 to return.
SPF — Sender Policy Framework
An SPF record enclosed in quotation marks, for example, "v=spf1 ip4:192.168.0.1/16-all". SPF
records are not recommended. For more information, see Supported DNS Resource Record
Types (p. 4).
SRV — Service locator
An SRV record. For information about SRV record format, refer to the applicable documentation.
The format of an SRV record is:
[priority] [weight] [port] [server host name]
For example:
1 10 5269 xmpp-server.example.com.
TXT — Text
A text record. Enclose text in quotation marks, for example, "Sample Text Entry".

Routing Policy
Select Weighted.

Weight
A value that determines the proportion of DNS queries that Amazon Route 53 responds to using the
current resource record set. Amazon Route 53 calculates the sum of the weights for the resource record
sets that have the same combination of DNS name and type. Amazon Route 53 then responds to queries
based on the ratio of a resource's weight to the total.
You can't create non-weighted resource record sets that have the same values for Name and Type as
weighted resource record sets.

API Version 2013-04-01
190

Amazon Route 53 Developer Guide
Values for Weighted Resource Record Sets

Enter an integer between 0 and 255. To disable routing to a resource, set Weight to 0. If you set Weight
to 0 for all of the resource record sets in the group, traffic is routed to all resources with equal probability.
This ensures that you don't accidentally disable routing for a group of weighted resource record sets.
The effect of setting Weight to 0 is different when you associate health checks with weighted resource
record sets. For more information, see Configuring Active-Active or Active-Passive Failover by Using
Amazon Route 53 Weighted and Weighted Alias Resource Record Sets (p. 271).

Set ID
Enter a value that uniquely identifies this resource record set in the group of weighted resource record
sets.

Associate with Health Check/Health Check to Associate
Select Yes if you want Amazon Route 53 to check the health of a specified endpoint and to respond to
DNS queries using this resource record set only when the endpoint is healthy. Then select the health
check that you want Amazon Route 53 to perform for this resource record set.
Amazon Route 53 doesn't check the health of the endpoint specified in the resource record set, for
example, the endpoint specified by the IP address in the Value field. When you select a health check for
a resource record set, Amazon Route 53 checks the health of the endpoint that you specified in the health
check. For information about how Amazon Route 53 determines whether an endpoint is healthy, see How
Amazon Route 53 Determines Whether an Endpoint Is Healthy (p. 254).
Associating a health check with a resource record set is useful only when Amazon Route 53 is choosing
between two or more resource record sets to respond to a DNS query, and you want Amazon Route 53
to base the choice in part on the status of a health check. Use health checks only in the following
configurations:
• You're checking the health of the resource record sets in a weighted, latency, geolocation, or failover
resource record set, and you specify health check IDs for all of the resource record sets. If the health
check for a resource record set specifies an endpoint that is not healthy, Amazon Route 53 stops
responding to queries using the value for that resource record set.
• You select Yes for Evaluate Target Health for the resource record sets in an alias, weighted alias,
latency alias, geolocation alias, or failover alias resource record set, and you specify health checks for
all of the resource record sets that are referenced by the alias resource record sets.
For geolocation resource record sets, if an endpoint is unhealthy, Amazon Route 53 looks for a resource
record set for the larger, associated geographic region. For example, suppose you have resource record
sets for a state in the United States, for the United States, for North America, and for all locations (Location
is Default). If the endpoint for the state resource record set is unhealthy, Amazon Route 53 checks the
resource record sets for the United States, for North America, and for all locations, in that order, until it
finds a resource record set for which the endpoint is healthy.
If your health checks specify the endpoint only by domain name, we recommend that you create a separate
health check for each endpoint. For example, create a health check for each HTTP server that is serving
content for www.example.com. For the value of Domain Name, specify the domain name of the server
(such as us-east-1-www.example.com), not the name of the resource record sets (example.com).

Important
In this configuration, if you create a health check for which the value of Domain Name matches
the name of the resource record sets and then associate the health check with those resource
record sets, health check results will be unpredictable.
For more information about checking the health of endpoints, see Amazon Route 53 Health Checks and
DNS Failover (p. 245).

API Version 2013-04-01
191

Amazon Route 53 Developer Guide
Values for Alias Resource Record Sets

Values for Alias Resource Record Sets
When you create alias resource record sets, you specify the following values:
Topics
• Name (p. 192)
• Type (p. 192)
• Alias (p. 193)
• Alias Target (p. 193)
• Alias Hosted Zone ID (p. 195)
• Routing Policy (p. 195)
• Evaluate Target Health (p. 195)

Name
Enter the name of the domain or subdomain for which you're creating the resource record set. The default
value is the name of the hosted zone. If you're creating a resource record set that has the same name
as the hosted zone, don't enter a value (for example, an @ symbol) in the Name field.
For information about how to specify characters other than a-z, 0-9, and - (hyphen) and how to specify
internationalized domain names, see DNS Domain Name Format (p. 2).
You can use an asterisk (*) character in the name. DNS treats the * character either as a wildcard or as
the * character (ASCII 42), depending on where it appears in the name. For more information, see Using
an Asterisk (*) in the Names of Hosted Zones and Resource Record Sets (p. 3).
The value that you specify depends in part on the AWS resource for which you're creating an alias resource
record set:
CloudFront Distributions
Your CloudFront distribution must include an alternate domain name that matches the name of the
resource record set. For example, if the name of the resource record set is acme.example.com,
your CloudFront distribution must include acme.example.com as one of the alternate domain names.
For more information, see Using Alternate Domain Names (CNAMEs) in the Amazon CloudFront
Developer Guide.
Amazon S3 Buckets
The name of the resource record set must match the name of your Amazon S3 bucket. For example,
if the name of your Amazon S3 bucket is acme.example.com, the name of this resource record set
must also be acme.example.com.
In addition, you must configure the bucket for website hosting. For more information, see Configure
a Bucket for Website Hosting in the Amazon Simple Storage Service Developer Guide.

Type
The DNS record type. For more information, see Supported DNS Resource Record Types (p. 4).
Select the applicable value based on the AWS resource for which you're creating a resource record set:
CloudFront distribution
Select A — IPv4 address
Elastic Beanstalk environment that has regionalized subdomains
Select A — IPv4 address

API Version 2013-04-01
192

Amazon Route 53 Developer Guide
Values for Alias Resource Record Sets

ELB load balancer
Select A — IPv4 address or AAAA — IPv6 address
Amazon S3 bucket
Select A — IPv4 address
Another resource record set in this hosted zone
Select the type of the resource record set for which you're creating the alias. Select any value except
NS or SOA.

Alias
Select Yes.

Alias Target
The value that you specify depends on the AWS resource for which you're creating an alias resource
record set.
CloudFront Distributions

Note
You can't create alias resource record sets for CloudFront distributions in a private hosted
zone.
For CloudFront distributions, do one of the following:
• If you used the same account to create your Amazon Route 53 hosted zone and your
CloudFront distribution – Choose Alias Target and choose a distribution from the list. If you
have a lot of distributions, you can type the first few characters of the domain name for your
distribution to filter the list.
If your distribution doesn't appear in the list, note the following:
• The name of this resource record set must match an alternate domain name in your distribution.
• If you just added an alternate domain name to your distribution, it may take 15 minutes for your
changes to propagate to all CloudFront edge locations. Until changes have propagated, Amazon
Route 53 can't know about the new alternate domain name.
• If you used different accounts to create your Amazon Route 53 hosted zone and your
distribution – Enter the CloudFront domain name for the distribution, such as
d111111abcdef8.cloudfront.net.
If you used one AWS account to create the current hosted zone and a different account to create
a distribution, the distribution will not appear in the Alias Targets list.
If you used one account to create the current hosted zone and one or more different accounts to
create all of your distributions, the Alias Targets list shows No Targets Available under CloudFront
Distributions.

Important
Do not route queries to a CloudFront distribution that has not propagated to all edge locations,
or your users won't be able to access the applicable content.
Your CloudFront distribution must include an alternate domain name that matches the name of the
resource record set. For example, if the name of the resource record set is acme.example.com,
your CloudFront distribution must include acme.example.com as one of the alternate domain names.
For more information, see Using Alternate Domain Names (CNAMEs) in the Amazon CloudFront
Developer Guide.
Elastic Beanstalk environments that have regionalized subdomains
For Elastic Beanstalk environments that have regionalized subdomains, do one of the following:

API Version 2013-04-01
193

Amazon Route 53 Developer Guide
Values for Alias Resource Record Sets

• If you used the same account to create your Amazon Route 53 hosted zone and your Elastic
Beanstalk environment – Choose Alias Target, and then choose an environment from the list.
If you have a lot of environments, you can type the first few characters of the CNAME attribute for
the environment to filter the list.
• If you used different accounts to create your Amazon Route 53 hosted zone and your Elastic
Beanstalk environment – Enter the CNAME attribute for the Elastic Beanstalk environment.
ELB Load Balancers
For ELB load balancers, do one of the following:
• If you used the same account to create your Amazon Route 53 hosted zone and your load
balancer – Choose Alias Target and choose a load balancer from the list. If you have a lot of load
balancers, you can type the first few characters of the DNS name to filter the list.
• If you used different accounts to create your Amazon Route 53 hosted zone and your load
balancer – Enter the value that you got in the procedure Getting the DNS Name for an ELB Load
Balancer (p. 185).
If you used one AWS account to create the current hosted zone and a different account to create
a load balancer, the load balancer will not appear in the Alias Targets list.
If you used one account to create the current hosted zone and one or more different accounts to
create all of your load balancers, the Alias Targets list shows No Targets Available under Elastic
Load Balancers.
In either case, the console prepends dualstack. to the DNS name.
Amazon S3 Buckets
For Amazon S3 buckets that are configured as website endpoints, do one of the following:
• If you used the same account to create your Amazon Route 53 hosted zone and your Amazon
S3 bucket – Choose Alias Target and choose a bucket from the list. If you have a lot of buckets,
you can type the first few characters of the DNS name to filter the list.
The value of Alias Target changes to the Amazon S3 website endpoint for your bucket.
• If you used different accounts to create your Amazon Route 53 hosted zone and your Amazon
S3 bucket – Enter the domain name of the Amazon S3 website endpoint in the following format:
s3-website-region.amazonaws.com

The region value represents the Amazon S3 region in which the bucket is hosted; for example,
us-east-1.
If you used one AWS account to create the current hosted zone and a different account to create
an Amazon S3 bucket, the bucket will not appear in the Alias Targets list.
If you used one account to create the current hosted zone and one or more different accounts to
create all of your Amazon S3 buckets, the Alias Targets list shows No Targets Available under
S3 Website Endpoints.
In a group of weighted alias, latency alias, failover alias, or geolocation alias resource record sets,
you can create only one resource record set that routes queries to an Amazon S3 bucket because
the name of the resource record set must match the name of the bucket and bucket names must be
globally unique.
The name of the resource record set must match the name of your Amazon S3 bucket. For example,
if the name of your Amazon S3 bucket is acme.example.com, the name of this resource record set
must also be acme.example.com.
You must configure the bucket for website hosting. For more information, see Configure a Bucket
for Website Hosting in the Amazon Simple Storage Service Developer Guide.

API Version 2013-04-01
194

Amazon Route 53 Developer Guide
Values for Alias Resource Record Sets

Resource Record Sets in this Hosted Zone
For resource record sets in this hosted zone, choose Alias Target and choose the applicable resource
record set. If you have a lot of resource record sets, you can type the first few characters of the name
to filter the list.
If the hosted zone contains only the default NS and SOA resource record sets, the Alias Targets
list shows No Targets Available.

Alias Hosted Zone ID
This value appears automatically based on the value that you selected or entered for Alias Target.

Routing Policy
Select Simple.

Evaluate Target Health
Select Yes if you want Amazon Route 53 to determine whether to respond to DNS queries using this
resource record set by checking the health of the resource record set specified by Alias Target.
Some AWS resources have special requirements:
• CloudFront distributions – You cannot set Evaluate Target Health to Yes when the alias target is
a CloudFront distribution.
• Elastic Beanstalk environments that have regionalized endpoints – If you specify an Elastic
Beanstalk environment in Alias Target and the environment contains an ELB load balancer, Elastic
Load Balancing routes queries only to the healthy Amazon EC2 instances that are registered with the
load balancer. (An environment automatically contains an ELB load balancer if it includes more than
one Amazon EC2 instance.) If you set Evaluate Target Health to Yes and either no Amazon EC2
instances are healthy or the load balancer itself is unhealthy, Amazon Route 53 routes queries to other
available resources that are healthy, if any.
If the environment contains a single Amazon EC2 instance, there are no special requirements.
• ELB load balancers – If you specify an ELB load balancer in Alias Target, Elastic Load Balancing
routes queries only to the healthy Amazon EC2 instances that are registered with the load balancer. If
you set Evaluate Target Health to Yes and either no Amazon EC2 instances are healthy or the load
balancer itself is unhealthy, Amazon Route 53 routes queries to other resources.
When you create a load balancer, you configure settings for Elastic Load Balancing health checks;
they're not Amazon Route 53 health checks, but they perform a similar function. Do not create Amazon
Route 53 health checks for the Amazon EC2 instances that you register with an ELB load balancer.
For more information, see How Health Checks Work in Complex Amazon Route 53
Configurations (p. 264).
• Other resource record sets – If the AWS resource that you specify in Alias Target is a resource
record set or a group of resource record sets (for example, a group of weighted resource record sets)
but is not another alias resource record set, we recommend that you associate a health check with all
of the resource record sets in the alias target. For more information, see What Happens When You
Omit Health Checks? (p. 267).
We recommend that you set Evaluate Target Health to Yes only when you have enough idle capacity
to handle the failure of one or more endpoints.

API Version 2013-04-01
195

Amazon Route 53 Developer Guide
Values for Weighted Alias Resource Record Sets

Values for Weighted Alias Resource Record Sets
When you create weighted alias resource record sets, you specify the following values:
Topics
• Name (p. 196)
• Type (p. 196)
• Alias (p. 197)
• Alias Target (p. 197)
• Alias Hosted Zone ID (p. 199)
• Routing Policy (p. 199)
• Weight (p. 199)
• Set ID (p. 199)
• Evaluate Target Health (p. 199)
• Associate with Health Check/Health Check to Associate (p. 200)

Name
Enter the name of the domain or subdomain for which you're creating the resource record set. The default
value is the name of the hosted zone. If you're creating a resource record set that has the same name
as the hosted zone, don't enter a value (for example, an @ symbol) in the Name field.
For information about how to specify characters other than a-z, 0-9, and - (hyphen) and how to specify
internationalized domain names, see DNS Domain Name Format (p. 2).
Enter the same name for all of the resource record sets in the group of weighted resource record sets.
You can use an asterisk (*) character in the name. DNS treats the * character either as a wildcard or as
the * character (ASCII 42), depending on where it appears in the name. For more information, see Using
an Asterisk (*) in the Names of Hosted Zones and Resource Record Sets (p. 3).
The value that you specify depends in part on the AWS resource for which you're creating an alias resource
record set:
CloudFront Distributions
Your CloudFront distribution must include an alternate domain name that matches the name of the
resource record set. For example, if the name of the resource record set is acme.example.com,
your CloudFront distribution must include acme.example.com as one of the alternate domain names.
For more information, see Using Alternate Domain Names (CNAMEs) in the Amazon CloudFront
Developer Guide.
Amazon S3 Buckets
The name of the resource record set must match the name of your Amazon S3 bucket. For example,
if the name of your Amazon S3 bucket is acme.example.com, the name of this resource record set
must also be acme.example.com.
In addition, you must configure the bucket for website hosting. For more information, see Configure
a Bucket for Website Hosting in the Amazon Simple Storage Service Developer Guide.

Type
The DNS record type. For more information, see Supported DNS Resource Record Types (p. 4).
Select the applicable value based on the AWS resource for which you're creating a resource record set:

API Version 2013-04-01
196

Amazon Route 53 Developer Guide
Values for Weighted Alias Resource Record Sets

CloudFront distribution
Select A — IPv4 address
Elastic Beanstalk environment that has regionalized subdomains
Select A — IPv4 address
ELB load balancer
Select A — IPv4 address or AAAA — IPv6 address
Amazon S3 bucket
Select A — IPv4 address
Another resource record set in this hosted zone
Select the type of the resource record set for which you're creating the alias. Select any value except
NS or SOA.
Select the same value for all of the resource record sets in the group of weighted resource record sets.

Alias
Select Yes.

Alias Target
The value that you specify depends on the AWS resource for which you're creating an alias resource
record set.
CloudFront Distributions

Note
You can't create alias resource record sets for CloudFront distributions in a private hosted
zone.
For CloudFront distributions, do one of the following:
• If you used the same account to create your Amazon Route 53 hosted zone and your
CloudFront distribution – Choose Alias Target and choose a distribution from the list. If you
have a lot of distributions, you can type the first few characters of the domain name for your
distribution to filter the list.
If your distribution doesn't appear in the list, note the following:
• The name of this resource record set must match an alternate domain name in your distribution.
• If you just added an alternate domain name to your distribution, it may take 15 minutes for your
changes to propagate to all CloudFront edge locations. Until changes have propagated, Amazon
Route 53 can't know about the new alternate domain name.
• If you used different accounts to create your Amazon Route 53 hosted zone and your
distribution – Enter the CloudFront domain name for the distribution, such as
d111111abcdef8.cloudfront.net.
If you used one AWS account to create the current hosted zone and a different account to create
a distribution, the distribution will not appear in the Alias Targets list.
If you used one account to create the current hosted zone and one or more different accounts to
create all of your distributions, the Alias Targets list shows No Targets Available under CloudFront
Distributions.

Important
Do not route queries to a CloudFront distribution that has not propagated to all edge locations,
or your users won't be able to access the applicable content.

API Version 2013-04-01
197

Amazon Route 53 Developer Guide
Values for Weighted Alias Resource Record Sets

Your CloudFront distribution must include an alternate domain name that matches the name of the
resource record set. For example, if the name of the resource record set is acme.example.com,
your CloudFront distribution must include acme.example.com as one of the alternate domain names.
For more information, see Using Alternate Domain Names (CNAMEs) in the Amazon CloudFront
Developer Guide.
Elastic Beanstalk environments that have regionalized subdomains
For Elastic Beanstalk environments that have regionalized subdomains, do one of the following:
• If you used the same account to create your Amazon Route 53 hosted zone and your Elastic
Beanstalk environment – Choose Alias Target, and then choose an environment from the list.
If you have a lot of environments, you can type the first few characters of the CNAME attribute for
the environment to filter the list.
• If you used different accounts to create your Amazon Route 53 hosted zone and your Elastic
Beanstalk environment – Enter the CNAME attribute for the Elastic Beanstalk environment.
ELB Load Balancers
For ELB load balancers, do one of the following:
• If you used the same account to create your Amazon Route 53 hosted zone and your load
balancer – Choose Alias Target and choose a load balancer from the list. If you have a lot of load
balancers, you can type the first few characters of the DNS name to filter the list.
• If you used different accounts to create your Amazon Route 53 hosted zone and your load
balancer – Enter the value that you got in the procedure Getting the DNS Name for an ELB Load
Balancer (p. 185).
If you used one AWS account to create the current hosted zone and a different account to create
a load balancer, the load balancer will not appear in the Alias Targets list.
If you used one account to create the current hosted zone and one or more different accounts to
create all of your load balancers, the Alias Targets list shows No Targets Available under Elastic
Load Balancers.
In either case, the console prepends dualstack. to the DNS name.
Amazon S3 Buckets
For Amazon S3 buckets that are configured as website endpoints, do one of the following:
• If you used the same account to create your Amazon Route 53 hosted zone and your Amazon
S3 bucket – Choose Alias Target and choose a bucket from the list. If you have a lot of buckets,
you can type the first few characters of the DNS name to filter the list.
The value of Alias Target changes to the Amazon S3 website endpoint for your bucket.
• If you used different accounts to create your Amazon Route 53 hosted zone and your Amazon
S3 bucket – Enter the domain name of the Amazon S3 website endpoint in the following format:
s3-website-region.amazonaws.com

The region value represents the Amazon S3 region in which the bucket is hosted; for example,
us-east-1.
If you used one AWS account to create the current hosted zone and a different account to create
an Amazon S3 bucket, the bucket will not appear in the Alias Targets list.
If you used one account to create the current hosted zone and one or more different accounts to
create all of your Amazon S3 buckets, the Alias Targets list shows No Targets Available under
S3 Website Endpoints.
In a group of weighted alias, latency alias, failover alias, or geolocation alias resource record sets,
you can create only one resource record set that routes queries to an Amazon S3 bucket because
the name of the resource record set must match the name of the bucket and bucket names must be
globally unique.

API Version 2013-04-01
198

Amazon Route 53 Developer Guide
Values for Weighted Alias Resource Record Sets

The name of the resource record set must match the name of your Amazon S3 bucket. For example,
if the name of your Amazon S3 bucket is acme.example.com, the name of this resource record set
must also be acme.example.com.
You must configure the bucket for website hosting. For more information, see Configure a Bucket
for Website Hosting in the Amazon Simple Storage Service Developer Guide.
Resource Record Sets in this Hosted Zone
For resource record sets in this hosted zone, choose Alias Target and choose the applicable resource
record set. If you have a lot of resource record sets, you can type the first few characters of the name
to filter the list.
If the hosted zone contains only the default NS and SOA resource record sets, the Alias Targets
list shows No Targets Available.

Alias Hosted Zone ID
This value appears automatically based on the value that you selected or entered for Alias Target.

Routing Policy
Select Weighted.

Weight
A value that determines the proportion of DNS queries that Amazon Route 53 responds to using the
current resource record set. Amazon Route 53 calculates the sum of the weights for the resource record
sets that have the same combination of DNS name and type. Amazon Route 53 then responds to queries
based on the ratio of a resource's weight to the total.
You can't create non-weighted resource record sets that have the same values for Name and Type as
weighted resource record sets.
Enter an integer between 0 and 255. To disable routing to a resource, set Weight to 0. If you set Weight
to 0 for all of the resource record sets in the group, traffic is routed to all resources with equal probability.
This ensures that you don't accidentally disable routing for a group of weighted resource record sets.
The effect of setting Weight to 0 is different when you associate health checks with weighted resource
record sets. For more information, see Configuring Active-Active or Active-Passive Failover by Using
Amazon Route 53 Weighted and Weighted Alias Resource Record Sets (p. 271).

Set ID
Enter a value that uniquely identifies this resource record set in the group of weighted resource record
sets.

Evaluate Target Health
Select Yes if you want Amazon Route 53 to determine whether to respond to DNS queries using this
resource record set by checking the health of the resource record set specified by Alias Target.
Some AWS resources have special requirements:
• CloudFront distributions – You cannot set Evaluate Target Health to Yes when the alias target is
a CloudFront distribution.
• Elastic Beanstalk environments that have regionalized endpoints – If you specify an Elastic
Beanstalk environment in Alias Target and the environment contains an ELB load balancer, Elastic
API Version 2013-04-01
199

Amazon Route 53 Developer Guide
Values for Weighted Alias Resource Record Sets

Load Balancing routes queries only to the healthy Amazon EC2 instances that are registered with the
load balancer. (An environment automatically contains an ELB load balancer if it includes more than
one Amazon EC2 instance.) If you set Evaluate Target Health to Yes and either no Amazon EC2
instances are healthy or the load balancer itself is unhealthy, Amazon Route 53 routes queries to other
available resources that are healthy, if any.
If the environment contains a single Amazon EC2 instance, there are no special requirements.
• ELB load balancers – If you specify an ELB load balancer in Alias Target, Elastic Load Balancing
routes queries only to the healthy Amazon EC2 instances that are registered with the load balancer. If
you set Evaluate Target Health to Yes and either no Amazon EC2 instances are healthy or the load
balancer itself is unhealthy, Amazon Route 53 routes queries to other resources.
When you create a load balancer, you configure settings for Elastic Load Balancing health checks;
they're not Amazon Route 53 health checks, but they perform a similar function. Do not create Amazon
Route 53 health checks for the Amazon EC2 instances that you register with an ELB load balancer.
For more information, see How Health Checks Work in Complex Amazon Route 53
Configurations (p. 264).
• Other resource record sets – If the AWS resource that you specify in Alias Target is a resource
record set or a group of resource record sets (for example, a group of weighted resource record sets)
but is not another alias resource record set, we recommend that you associate a health check with all
of the resource record sets in the alias target. For more information, see What Happens When You
Omit Health Checks? (p. 267).
We recommend that you set Evaluate Target Health to Yes only when you have enough idle capacity
to handle the failure of one or more endpoints.

Associate with Health Check/Health Check to Associate
Select Yes if you want Amazon Route 53 to check the health of a specified endpoint and to respond to
DNS queries using this resource record set only when the endpoint is healthy. Then select the health
check that you want Amazon Route 53 to perform for this resource record set.
Amazon Route 53 doesn't check the health of the endpoint specified in the resource record set, for
example, the endpoint specified by the IP address in the Value field. When you select a health check for
a resource record set, Amazon Route 53 checks the health of the endpoint that you specified in the health
check. For information about how Amazon Route 53 determines whether an endpoint is healthy, see How
Amazon Route 53 Determines Whether an Endpoint Is Healthy (p. 254).
Associating a health check with a resource record set is useful only when Amazon Route 53 is choosing
between two or more resource record sets to respond to a DNS query, and you want Amazon Route 53
to base the choice in part on the status of a health check. Use health checks only in the following
configurations:
• You're checking the health of the resource record sets in a weighted, latency, geolocation, or failover
resource record set, and you specify health check IDs for all of the resource record sets. If the health
check for a resource record set specifies an endpoint that is not healthy, Amazon Route 53 stops
responding to queries using the value for that resource record set.
• You select Yes for Evaluate Target Health for the resource record sets in an alias, weighted alias,
latency alias, geolocation alias, or failover alias resource record set, and you specify health checks for
all of the resource record sets that are referenced by the alias resource record sets.
For geolocation resource record sets, if an endpoint is unhealthy, Amazon Route 53 looks for a resource
record set for the larger, associated geographic region. For example, suppose you have resource record
sets for a state in the United States, for the United States, for North America, and for all locations (Location
is Default). If the endpoint for the state resource record set is unhealthy, Amazon Route 53 checks the

API Version 2013-04-01
200

Amazon Route 53 Developer Guide
Values for Weighted Alias Resource Record Sets

resource record sets for the United States, for North America, and for all locations, in that order, until it
finds a resource record set for which the endpoint is healthy.
If your health checks specify the endpoint only by domain name, we recommend that you create a separate
health check for each endpoint. For example, create a health check for each HTTP server that is serving
content for www.example.com. For the value of Domain Name, specify the domain name of the server
(such as us-east-1-www.example.com), not the name of the resource record sets (example.com).

Important
In this configuration, if you create a health check for which the value of Domain Name matches
the name of the resource record sets and then associate the health check with those resource
record sets, health check results will be unpredictable.
For more information about checking the health of endpoints, see Amazon Route 53 Health Checks and
DNS Failover (p. 245).

API Version 2013-04-01
201

Amazon Route 53 Developer Guide
Values for Latency Resource Record Sets

Values for Latency Resource Record Sets
When you create latency resource record sets, you specify the following values:

Note
Creating latency resource record sets in private hosted zones is not supported.
Topics
• Name (p. 202)
• Type (p. 202)
• Alias (p. 202)
• TTL (Time to Live) (p. 202)
• Value (p. 203)
• Routing Policy (p. 203)
• Region (p. 203)
• Set ID (p. 204)
• Associate with Health Check/Health Check to Associate (p. 204)

Name
Enter the name of the domain or subdomain for which you're creating the resource record set. The default
value is the name of the hosted zone. If you're creating a resource record set that has the same name
as the hosted zone, don't enter a value (for example, an @ symbol) in the Name field.
For information about how to specify characters other than a-z, 0-9, and - (hyphen) and how to specify
internationalized domain names, see DNS Domain Name Format (p. 2).
Enter the same name for all of the resource record sets in the group of latency resource record sets.
You can use an asterisk (*) character in the name. DNS treats the * character either as a wildcard or as
the * character (ASCII 42), depending on where it appears in the name. For more information, see Using
an Asterisk (*) in the Names of Hosted Zones and Resource Record Sets (p. 3).

Type
The DNS record type. For more information, see Supported DNS Resource Record Types (p. 4).
Select the value for Type based on how you want Amazon Route 53 to respond to DNS queries.
Select the same value for all of the resource record sets in the group of latency resource record sets.

Alias
Select No.

TTL (Time to Live)
The amount of time, in seconds, that you want DNS recursive resolvers to cache information about this
resource record set. If you specify a longer value (for example, 172800 seconds, or two days), you pay
less for Amazon Route 53 service because recursive resolvers send requests to Amazon Route 53 less
often. However, it takes longer for changes to the resource record set (for example, a new IP address)
to take effect because recursive resolvers use the values in their cache for longer periods instead of
asking Amazon Route 53 for the latest information.

API Version 2013-04-01
202

Amazon Route 53 Developer Guide
Values for Latency Resource Record Sets

If you're associating this resource record set with a health check, we recommend that you specify a TTL
of 60 seconds or less so clients respond quickly to changes in health status.
You must specify the same value for TTL for all of the resource record sets in this group of latency resource
record sets.

Value
Enter a value that is appropriate for the value of Type. For all types except CNAME, you can enter more
than one value. Enter each value on a separate line.
A — IPv4 address
An IP address in IPv4 format, for example, 192.0.2.235.
AAAA — IPv6 address
An IP address in IPv6 format, for example, 2001:0db8:85a3:0:0:8a2e:0370:7334.
CNAME — Canonical name
The fully qualified domain name (for example, www.example.com) that you want Amazon Route 53
to return in response to DNS queries for this resource record set. A trailing dot is optional; Amazon
Route 53 assumes that the domain name is fully qualified. This means that Amazon Route 53 treats
www.example.com (without a trailing dot) and www.example.com. (with a trailing dot) as identical.
MX — Mail exchange
A priority and a domain name that specifies a mail server, for example, 10 mailserver.example.com.
PTR — Pointer
The domain name that you want Amazon Route 53 to return.
SPF — Sender Policy Framework
An SPF record enclosed in quotation marks, for example, "v=spf1 ip4:192.168.0.1/16-all". SPF
records are not recommended. For more information, see Supported DNS Resource Record
Types (p. 4).
SRV — Service locator
An SRV record. For information about SRV record format, refer to the applicable documentation.
The format of an SRV record is:
[priority] [weight] [port] [server host name]
For example:
1 10 5269 xmpp-server.example.com.
TXT — Text
A text record. Enclose text in quotation marks, for example, "Sample Text Entry".

Routing Policy
Select Latency.

Region
The Amazon EC2 region where the resource that you specified in this resource record set resides. Amazon
Route 53 recommends an Amazon EC2 region based on other values that you've specified.We recommend
that you not change this value.
Note the following:
• You can only create one latency resource record set for each Amazon EC2 region.

API Version 2013-04-01
203

Amazon Route 53 Developer Guide
Values for Latency Resource Record Sets

• You aren't required to create latency resource record sets for all Amazon EC2 regions. Amazon Route 53
chooses the region with the best latency from among the regions for which you create latency resource
record sets.
• You can't create non-latency resource record sets that have the same values for Name and Type as
latency resource record sets.
• If you create a record tagged with the region cn-north-1, Amazon Route 53 always responds to queries
from within China using this resource record set, regardless of the latency.
For more information about using latency resource record sets, see Latency-Based Routing (p. 180).

Set ID
Enter a value that uniquely identifies this resource record set in the group of latency resource record sets.

Associate with Health Check/Health Check to Associate
Select Yes if you want Amazon Route 53 to check the health of a specified endpoint and to respond to
DNS queries using this resource record set only when the endpoint is healthy. Then select the health
check that you want Amazon Route 53 to perform for this resource record set.
Amazon Route 53 doesn't check the health of the endpoint specified in the resource record set, for
example, the endpoint specified by the IP address in the Value field. When you select a health check for
a resource record set, Amazon Route 53 checks the health of the endpoint that you specified in the health
check. For information about how Amazon Route 53 determines whether an endpoint is healthy, see How
Amazon Route 53 Determines Whether an Endpoint Is Healthy (p. 254).
Associating a health check with a resource record set is useful only when Amazon Route 53 is choosing
between two or more resource record sets to respond to a DNS query, and you want Amazon Route 53
to base the choice in part on the status of a health check. Use health checks only in the following
configurations:
• You're checking the health of the resource record sets in a weighted, latency, geolocation, or failover
resource record set, and you specify health check IDs for all of the resource record sets. If the health
check for a resource record set specifies an endpoint that is not healthy, Amazon Route 53 stops
responding to queries using the value for that resource record set.
• You select Yes for Evaluate Target Health for the resource record sets in an alias, weighted alias,
latency alias, geolocation alias, or failover alias resource record set, and you specify health checks for
all of the resource record sets that are referenced by the alias resource record sets.
For geolocation resource record sets, if an endpoint is unhealthy, Amazon Route 53 looks for a resource
record set for the larger, associated geographic region. For example, suppose you have resource record
sets for a state in the United States, for the United States, for North America, and for all locations (Location
is Default). If the endpoint for the state resource record set is unhealthy, Amazon Route 53 checks the
resource record sets for the United States, for North America, and for all locations, in that order, until it
finds a resource record set for which the endpoint is healthy.
If your health checks specify the endpoint only by domain name, we recommend that you create a separate
health check for each endpoint. For example, create a health check for each HTTP server that is serving
content for www.example.com. For the value of Domain Name, specify the domain name of the server
(such as us-east-1-www.example.com), not the name of the resource record sets (example.com).

Important
In this configuration, if you create a health check for which the value of Domain Name matches
the name of the resource record sets and then associate the health check with those resource
record sets, health check results will be unpredictable.

API Version 2013-04-01
204

Amazon Route 53 Developer Guide
Values for Latency Resource Record Sets

For more information about checking the health of endpoints, see Amazon Route 53 Health Checks and
DNS Failover (p. 245).

API Version 2013-04-01
205

Amazon Route 53 Developer Guide
Values for Latency Alias Resource Record Sets

Values for Latency Alias Resource Record Sets
When you create latency alias resource record sets, you specify the following values:

Note
Creating latency alias resource record sets in private hosted zones is not supported.
Topics
• Name (p. 206)
• Type (p. 207)
• Alias (p. 207)
• Alias Target (p. 207)
• Alias Hosted Zone ID (p. 209)
• Routing Policy (p. 209)
• Region (p. 209)
• Set ID (p. 210)
• Evaluate Target Health (p. 210)
• Associate with Health Check/Health Check to Associate (p. 210)

Name
Enter the name of the domain or subdomain for which you're creating the resource record set. The default
value is the name of the hosted zone. If you're creating a resource record set that has the same name
as the hosted zone, don't enter a value (for example, an @ symbol) in the Name field.
For information about how to specify characters other than a-z, 0-9, and - (hyphen) and how to specify
internationalized domain names, see DNS Domain Name Format (p. 2).
Enter the same name for all of the resource record sets in the group of latency resource record sets.
You can use an asterisk (*) character in the name. DNS treats the * character either as a wildcard or as
the * character (ASCII 42), depending on where it appears in the name. For more information, see Using
an Asterisk (*) in the Names of Hosted Zones and Resource Record Sets (p. 3).
The value that you specify depends in part on the AWS resource for which you're creating an alias resource
record set:
CloudFront Distributions
Your CloudFront distribution must include an alternate domain name that matches the name of the
resource record set. For example, if the name of the resource record set is acme.example.com,
your CloudFront distribution must include acme.example.com as one of the alternate domain names.
For more information, see Using Alternate Domain Names (CNAMEs) in the Amazon CloudFront
Developer Guide.
Amazon S3 Buckets
The name of the resource record set must match the name of your Amazon S3 bucket. For example,
if the name of your Amazon S3 bucket is acme.example.com, the name of this resource record set
must also be acme.example.com.
In addition, you must configure the bucket for website hosting. For more information, see Configure
a Bucket for Website Hosting in the Amazon Simple Storage Service Developer Guide.

API Version 2013-04-01
206

Amazon Route 53 Developer Guide
Values for Latency Alias Resource Record Sets

Type
The DNS record type. For more information, see Supported DNS Resource Record Types (p. 4).
Select the applicable value based on the AWS resource for which you're creating a resource record set:
CloudFront distribution
Select A — IPv4 address
Elastic Beanstalk environment that has regionalized subdomains
Select A — IPv4 address
ELB load balancer
Select A — IPv4 address or AAAA — IPv6 address
Amazon S3 bucket
Select A — IPv4 address
Another resource record set in this hosted zone
Select the type of the resource record set for which you're creating the alias. Select any value except
NS or SOA.
Select the same value for all of the resource record sets in the group of latency resource record sets.

Alias
Select Yes.

Alias Target
The value that you specify depends on the AWS resource for which you're creating an alias resource
record set.
CloudFront Distributions

Note
You can't create alias resource record sets for CloudFront distributions in a private hosted
zone.
For CloudFront distributions, do one of the following:
• If you used the same account to create your Amazon Route 53 hosted zone and your
CloudFront distribution – Choose Alias Target and choose a distribution from the list. If you
have a lot of distributions, you can type the first few characters of the domain name for your
distribution to filter the list.
If your distribution doesn't appear in the list, note the following:
• The name of this resource record set must match an alternate domain name in your distribution.
• If you just added an alternate domain name to your distribution, it may take 15 minutes for your
changes to propagate to all CloudFront edge locations. Until changes have propagated, Amazon
Route 53 can't know about the new alternate domain name.
• If you used different accounts to create your Amazon Route 53 hosted zone and your
distribution – Enter the CloudFront domain name for the distribution, such as
d111111abcdef8.cloudfront.net.
If you used one AWS account to create the current hosted zone and a different account to create
a distribution, the distribution will not appear in the Alias Targets list.

API Version 2013-04-01
207

Amazon Route 53 Developer Guide
Values for Latency Alias Resource Record Sets

If you used one account to create the current hosted zone and one or more different accounts to
create all of your distributions, the Alias Targets list shows No Targets Available under CloudFront
Distributions.

Important
Do not route queries to a CloudFront distribution that has not propagated to all edge locations,
or your users won't be able to access the applicable content.
Your CloudFront distribution must include an alternate domain name that matches the name of the
resource record set. For example, if the name of the resource record set is acme.example.com,
your CloudFront distribution must include acme.example.com as one of the alternate domain names.
For more information, see Using Alternate Domain Names (CNAMEs) in the Amazon CloudFront
Developer Guide.
Elastic Beanstalk environments that have regionalized subdomains
For Elastic Beanstalk environments that have regionalized subdomains, do one of the following:
• If you used the same account to create your Amazon Route 53 hosted zone and your Elastic
Beanstalk environment – Choose Alias Target, and then choose an environment from the list.
If you have a lot of environments, you can type the first few characters of the CNAME attribute for
the environment to filter the list.
• If you used different accounts to create your Amazon Route 53 hosted zone and your Elastic
Beanstalk environment – Enter the CNAME attribute for the Elastic Beanstalk environment.
ELB Load Balancers
For ELB load balancers, do one of the following:
• If you used the same account to create your Amazon Route 53 hosted zone and your load
balancer – Choose Alias Target and choose a load balancer from the list. If you have a lot of load
balancers, you can type the first few characters of the DNS name to filter the list.
• If you used different accounts to create your Amazon Route 53 hosted zone and your load
balancer – Enter the value that you got in the procedure Getting the DNS Name for an ELB Load
Balancer (p. 185).
If you used one AWS account to create the current hosted zone and a different account to create
a load balancer, the load balancer will not appear in the Alias Targets list.
If you used one account to create the current hosted zone and one or more different accounts to
create all of your load balancers, the Alias Targets list shows No Targets Available under Elastic
Load Balancers.
In either case, the console prepends dualstack. to the DNS name.
Amazon S3 Buckets
For Amazon S3 buckets that are configured as website endpoints, do one of the following:
• If you used the same account to create your Amazon Route 53 hosted zone and your Amazon
S3 bucket – Choose Alias Target and choose a bucket from the list. If you have a lot of buckets,
you can type the first few characters of the DNS name to filter the list.
The value of Alias Target changes to the Amazon S3 website endpoint for your bucket.
• If you used different accounts to create your Amazon Route 53 hosted zone and your Amazon
S3 bucket – Enter the domain name of the Amazon S3 website endpoint in the following format:
s3-website-region.amazonaws.com

The region value represents the Amazon S3 region in which the bucket is hosted; for example,
us-east-1.
If you used one AWS account to create the current hosted zone and a different account to create
an Amazon S3 bucket, the bucket will not appear in the Alias Targets list.

API Version 2013-04-01
208

Amazon Route 53 Developer Guide
Values for Latency Alias Resource Record Sets

If you used one account to create the current hosted zone and one or more different accounts to
create all of your Amazon S3 buckets, the Alias Targets list shows No Targets Available under
S3 Website Endpoints.
In a group of weighted alias, latency alias, failover alias, or geolocation alias resource record sets,
you can create only one resource record set that routes queries to an Amazon S3 bucket because
the name of the resource record set must match the name of the bucket and bucket names must be
globally unique.
The name of the resource record set must match the name of your Amazon S3 bucket. For example,
if the name of your Amazon S3 bucket is acme.example.com, the name of this resource record set
must also be acme.example.com.
You must configure the bucket for website hosting. For more information, see Configure a Bucket
for Website Hosting in the Amazon Simple Storage Service Developer Guide.
Resource Record Sets in this Hosted Zone
For resource record sets in this hosted zone, choose Alias Target and choose the applicable resource
record set. If you have a lot of resource record sets, you can type the first few characters of the name
to filter the list.
If the hosted zone contains only the default NS and SOA resource record sets, the Alias Targets
list shows No Targets Available.

Alias Hosted Zone ID
This value appears automatically based on the value that you selected or entered for Alias Target.

Routing Policy
Select Latency.

Note
Creating latency alias resource record sets in a private hosted zone is unsupported.

Region
The Amazon EC2 region where the resource that you specified in this resource record set resides. Amazon
Route 53 recommends an Amazon EC2 region based on other values that you've specified.We recommend
that you not change this value.
Note the following:
• You can only create one latency resource record set for each Amazon EC2 region.
• You aren't required to create latency resource record sets for all Amazon EC2 regions. Amazon Route 53
chooses the region with the best latency from among the regions for which you create latency resource
record sets.
• You can't create non-latency resource record sets that have the same values for Name and Type as
latency resource record sets.
• If you create a record tagged with the region cn-north-1, Amazon Route 53 always responds to queries
from within China using this resource record set, regardless of the latency.
For more information about using latency resource record sets, see Latency-Based Routing (p. 180).

API Version 2013-04-01
209

Amazon Route 53 Developer Guide
Values for Latency Alias Resource Record Sets

Set ID
Enter a value that uniquely identifies this resource record set in the group of latency resource record sets.

Evaluate Target Health
Select Yes if you want Amazon Route 53 to determine whether to respond to DNS queries using this
resource record set by checking the health of the resource record set specified by Alias Target.
Some AWS resources have special requirements:
• CloudFront distributions – You cannot set Evaluate Target Health to Yes when the alias target is
a CloudFront distribution.
• Elastic Beanstalk environments that have regionalized endpoints – If you specify an Elastic
Beanstalk environment in Alias Target and the environment contains an ELB load balancer, Elastic
Load Balancing routes queries only to the healthy Amazon EC2 instances that are registered with the
load balancer. (An environment automatically contains an ELB load balancer if it includes more than
one Amazon EC2 instance.) If you set Evaluate Target Health to Yes and either no Amazon EC2
instances are healthy or the load balancer itself is unhealthy, Amazon Route 53 routes queries to other
available resources that are healthy, if any.
If the environment contains a single Amazon EC2 instance, there are no special requirements.
• ELB load balancers – If you specify an ELB load balancer in Alias Target, Elastic Load Balancing
routes queries only to the healthy Amazon EC2 instances that are registered with the load balancer. If
you set Evaluate Target Health to Yes and either no Amazon EC2 instances are healthy or the load
balancer itself is unhealthy, Amazon Route 53 routes queries to other resources.
When you create a load balancer, you configure settings for Elastic Load Balancing health checks;
they're not Amazon Route 53 health checks, but they perform a similar function. Do not create Amazon
Route 53 health checks for the Amazon EC2 instances that you register with an ELB load balancer.
For more information, see How Health Checks Work in Complex Amazon Route 53
Configurations (p. 264).
• Other resource record sets – If the AWS resource that you specify in Alias Target is a resource
record set or a group of resource record sets (for example, a group of weighted resource record sets)
but is not another alias resource record set, we recommend that you associate a health check with all
of the resource record sets in the alias target. For more information, see What Happens When You
Omit Health Checks? (p. 267).
We recommend that you set Evaluate Target Health to Yes only when you have enough idle capacity
to handle the failure of one or more endpoints.

Associate with Health Check/Health Check to Associate
Select Yes if you want Amazon Route 53 to check the health of a specified endpoint and to respond to
DNS queries using this resource record set only when the endpoint is healthy. Then select the health
check that you want Amazon Route 53 to perform for this resource record set.
Amazon Route 53 doesn't check the health of the endpoint specified in the resource record set, for
example, the endpoint specified by the IP address in the Value field. When you select a health check for
a resource record set, Amazon Route 53 checks the health of the endpoint that you specified in the health
check. For information about how Amazon Route 53 determines whether an endpoint is healthy, see How
Amazon Route 53 Determines Whether an Endpoint Is Healthy (p. 254).
Associating a health check with a resource record set is useful only when Amazon Route 53 is choosing
between two or more resource record sets to respond to a DNS query, and you want Amazon Route 53

API Version 2013-04-01
210

Amazon Route 53 Developer Guide
Values for Latency Alias Resource Record Sets

to base the choice in part on the status of a health check. Use health checks only in the following
configurations:
• You're checking the health of the resource record sets in a weighted, latency, geolocation, or failover
resource record set, and you specify health check IDs for all of the resource record sets. If the health
check for a resource record set specifies an endpoint that is not healthy, Amazon Route 53 stops
responding to queries using the value for that resource record set.
• You select Yes for Evaluate Target Health for the resource record sets in an alias, weighted alias,
latency alias, geolocation alias, or failover alias resource record set, and you specify health checks for
all of the resource record sets that are referenced by the alias resource record sets.
For geolocation resource record sets, if an endpoint is unhealthy, Amazon Route 53 looks for a resource
record set for the larger, associated geographic region. For example, suppose you have resource record
sets for a state in the United States, for the United States, for North America, and for all locations (Location
is Default). If the endpoint for the state resource record set is unhealthy, Amazon Route 53 checks the
resource record sets for the United States, for North America, and for all locations, in that order, until it
finds a resource record set for which the endpoint is healthy.
If your health checks specify the endpoint only by domain name, we recommend that you create a separate
health check for each endpoint. For example, create a health check for each HTTP server that is serving
content for www.example.com. For the value of Domain Name, specify the domain name of the server
(such as us-east-1-www.example.com), not the name of the resource record sets (example.com).

Important
In this configuration, if you create a health check for which the value of Domain Name matches
the name of the resource record sets and then associate the health check with those resource
record sets, health check results will be unpredictable.
For more information about checking the health of endpoints, see Amazon Route 53 Health Checks and
DNS Failover (p. 245).

API Version 2013-04-01
211

Amazon Route 53 Developer Guide
Values for Failover Resource Record Sets

Values for Failover Resource Record Sets
When you create failover resource record sets, you specify the following values:

Note
For information about creating failover resource record sets in a private hosted zone, see
Configuring Failover in a Private Hosted Zone in the Amazon Route 53 Developer Guide.
Topics
• Name (p. 212)
• Type (p. 212)
• Alias (p. 212)
• TTL (Time to Live) (p. 212)
• Value (p. 213)
•
•
•
•

Routing Policy (p. 213)
Failover Record Type (p. 213)
Set ID (p. 213)
Associate with Health Check/Health Check to Associate (p. 214)

Name
Enter the name of the domain or subdomain for which you're creating the resource record set. The default
value is the name of the hosted zone. If you're creating a resource record set that has the same name
as the hosted zone, don't enter a value (for example, an @ symbol) in the Name field.
For information about how to specify characters other than a-z, 0-9, and - (hyphen) and how to specify
internationalized domain names, see DNS Domain Name Format (p. 2).
Enter the same name for both of the resource record sets in the group of failover resource record sets.
You can use an asterisk (*) character in the name. DNS treats the * character either as a wildcard or as
the * character (ASCII 42), depending on where it appears in the name. For more information, see Using
an Asterisk (*) in the Names of Hosted Zones and Resource Record Sets (p. 3).

Type
The DNS record type. For more information, see Supported DNS Resource Record Types (p. 4).
Select any value except NS or SOA. Select the same value for both the primary and secondary failover
resource record sets.

Alias
Select No.

TTL (Time to Live)
The amount of time, in seconds, that you want DNS recursive resolvers to cache information about this
resource record set. If you specify a longer value (for example, 172800 seconds, or two days), you pay
less for Amazon Route 53 service because recursive resolvers send requests to Amazon Route 53 less
often. However, it takes longer for changes to the resource record set (for example, a new IP address)
to take effect because recursive resolvers use the values in their cache for longer periods instead of
asking Amazon Route 53 for the latest information.

API Version 2013-04-01
212

Amazon Route 53 Developer Guide
Values for Failover Resource Record Sets

If you're associating this resource record set with a health check, we recommend that you specify a TTL
of 60 seconds or less so clients respond quickly to changes in health status.
You must specify the same value for TTL for the primary and secondary resource record sets.

Value
Enter a value that is appropriate for the value of Type. For all types except CNAME, you can enter more
than one value. Enter each value on a separate line.
A — IPv4 address
An IP address in IPv4 format, for example, 192.0.2.235.
AAAA — IPv6 address
An IP address in IPv6 format, for example, 2001:0db8:85a3:0:0:8a2e:0370:7334.
CNAME — Canonical name
The fully qualified domain name (for example, www.example.com) that you want Amazon Route 53
to return in response to DNS queries for this resource record set. A trailing dot is optional; Amazon
Route 53 assumes that the domain name is fully qualified. This means that Amazon Route 53 treats
www.example.com (without a trailing dot) and www.example.com. (with a trailing dot) as identical.
MX — Mail exchange
A priority and a domain name that specifies a mail server, for example, 10 mailserver.example.com.
PTR — Pointer
The domain name that you want Amazon Route 53 to return.
SPF — Sender Policy Framework
An SPF record enclosed in quotation marks, for example, "v=spf1 ip4:192.168.0.1/16-all". SPF
records are not recommended. For more information, see Supported DNS Resource Record
Types (p. 4).
SRV — Service locator
An SRV record. For information about SRV record format, refer to the applicable documentation.
The format of an SRV record is:
[priority] [weight] [port] [server host name]
For example:
1 10 5269 xmpp-server.example.com.
TXT — Text
A text record. Enclose text in quotation marks, for example, "Sample Text Entry".

Routing Policy
Select Failover.

Failover Record Type
Choose the applicable value for this resource record set. For failover to function correctly, you must create
one primary and one secondary failover resource record set.
You can't create non-failover resource record sets that have the same values for Name and Type as
failover resource record sets.

Set ID
Enter a value that uniquely identifies the primary and secondary resource record sets.

API Version 2013-04-01
213

Amazon Route 53 Developer Guide
Values for Failover Resource Record Sets

Associate with Health Check/Health Check to Associate
Select Yes if you want Amazon Route 53 to check the health of a specified endpoint and to respond to
DNS queries using this resource record set only when the endpoint is healthy. Then select the health
check that you want Amazon Route 53 to perform for this resource record set.
Amazon Route 53 doesn't check the health of the endpoint specified in the resource record set, for
example, the endpoint specified by the IP address in the Value field. When you select a health check for
a resource record set, Amazon Route 53 checks the health of the endpoint that you specified in the health
check. For information about how Amazon Route 53 determines whether an endpoint is healthy, see How
Amazon Route 53 Determines Whether an Endpoint Is Healthy (p. 254).
Associating a health check with a resource record set is useful only when Amazon Route 53 is choosing
between two or more resource record sets to respond to a DNS query, and you want Amazon Route 53
to base the choice in part on the status of a health check. Use health checks only in the following
configurations:
• You're checking the health of the resource record sets in a weighted, latency, geolocation, or failover
resource record set, and you specify health check IDs for all of the resource record sets. If the health
check for a resource record set specifies an endpoint that is not healthy, Amazon Route 53 stops
responding to queries using the value for that resource record set.
• You select Yes for Evaluate Target Health for the resource record sets in an alias, weighted alias,
latency alias, geolocation alias, or failover alias resource record set, and you specify health checks for
all of the resource record sets that are referenced by the alias resource record sets.
For geolocation resource record sets, if an endpoint is unhealthy, Amazon Route 53 looks for a resource
record set for the larger, associated geographic region. For example, suppose you have resource record
sets for a state in the United States, for the United States, for North America, and for all locations (Location
is Default). If the endpoint for the state resource record set is unhealthy, Amazon Route 53 checks the
resource record sets for the United States, for North America, and for all locations, in that order, until it
finds a resource record set for which the endpoint is healthy.
If your health checks specify the endpoint only by domain name, we recommend that you create a separate
health check for each endpoint. For example, create a health check for each HTTP server that is serving
content for www.example.com. For the value of Domain Name, specify the domain name of the server
(such as us-east-1-www.example.com), not the name of the resource record sets (example.com).

Important
In this configuration, if you create a health check for which the value of Domain Name matches
the name of the resource record sets and then associate the health check with those resource
record sets, health check results will be unpredictable.
For more information about checking the health of endpoints, see Amazon Route 53 Health Checks and
DNS Failover (p. 245).

API Version 2013-04-01
214

Amazon Route 53 Developer Guide
Values for Failover Alias Resource Record Sets

Values for Failover Alias Resource Record Sets
When you create failover alias resource record sets, you specify the following values:

Note
For information about creating failover resource record sets in a private hosted zone, see
Configuring Failover in a Private Hosted Zone in the Amazon Route 53 Developer Guide.
Topics
• Name (p. 215)
• Type (p. 215)
• Alias (p. 216)
• Alias Target (p. 216)
• Alias Hosted Zone ID (p. 218)
•
•
•
•

Routing Policy (p. 218)
Failover Record Type (p. 218)
Set ID (p. 218)
Associate with Health Check/Health Check to Associate (p. 218)

Name
Enter the name of the domain or subdomain for which you're creating the resource record set. The default
value is the name of the hosted zone. If you're creating a resource record set that has the same name
as the hosted zone, don't enter a value (for example, an @ symbol) in the Name field.
For information about how to specify characters other than a-z, 0-9, and - (hyphen) and how to specify
internationalized domain names, see DNS Domain Name Format (p. 2).
Enter the same name for both of the resource record sets in the group of failover resource record sets.
You can use an asterisk (*) character in the name. DNS treats the * character either as a wildcard or as
the * character (ASCII 42), depending on where it appears in the name. For more information, see Using
an Asterisk (*) in the Names of Hosted Zones and Resource Record Sets (p. 3).
The value that you specify depends in part on the AWS resource for which you're creating an alias resource
record set:
CloudFront Distributions
Your CloudFront distribution must include an alternate domain name that matches the name of the
resource record set. For example, if the name of the resource record set is acme.example.com,
your CloudFront distribution must include acme.example.com as one of the alternate domain names.
For more information, see Using Alternate Domain Names (CNAMEs) in the Amazon CloudFront
Developer Guide.
Amazon S3 Buckets
The name of the resource record set must match the name of your Amazon S3 bucket. For example,
if the name of your Amazon S3 bucket is acme.example.com, the name of this resource record set
must also be acme.example.com.
In addition, you must configure the bucket for website hosting. For more information, see Configure
a Bucket for Website Hosting in the Amazon Simple Storage Service Developer Guide.

Type
The DNS record type. For more information, see Supported DNS Resource Record Types (p. 4).
API Version 2013-04-01
215

Amazon Route 53 Developer Guide
Values for Failover Alias Resource Record Sets

Select the applicable value based on the AWS resource for which you're creating a resource record set:
CloudFront distribution
Select A — IPv4 address
Elastic Beanstalk environment that has regionalized subdomains
Select A — IPv4 address
ELB load balancer
Select A — IPv4 address or AAAA — IPv6 address
Amazon S3 bucket
Select A — IPv4 address
Another resource record set in this hosted zone
Select the type of the resource record set for which you're creating the alias. Select any value except
NS or SOA.
Select any value except NS or SOA. Select the same value for both the primary and secondary failover
resource record sets.

Alias
Select Yes.

Note
When you create primary and secondary failover resource record sets, you can optionally create
one failover and one failover alias resource record set that have the same values for Name and
Type. If you mix failover and failover alias resource record sets, either one can be the primary
resource record set.

Alias Target
The value that you specify depends on the AWS resource for which you're creating an alias resource
record set.
CloudFront Distributions

Note
You can't create alias resource record sets for CloudFront distributions in a private hosted
zone.
For CloudFront distributions, do one of the following:
• If you used the same account to create your Amazon Route 53 hosted zone and your
CloudFront distribution – Choose Alias Target and choose a distribution from the list. If you
have a lot of distributions, you can type the first few characters of the domain name for your
distribution to filter the list.
If your distribution doesn't appear in the list, note the following:
• The name of this resource record set must match an alternate domain name in your distribution.
• If you just added an alternate domain name to your distribution, it may take 15 minutes for your
changes to propagate to all CloudFront edge locations. Until changes have propagated, Amazon
Route 53 can't know about the new alternate domain name.
• If you used different accounts to create your Amazon Route 53 hosted zone and your
distribution – Enter the CloudFront domain name for the distribution, such as
d111111abcdef8.cloudfront.net.
If you used one AWS account to create the current hosted zone and a different account to create
a distribution, the distribution will not appear in the Alias Targets list.

API Version 2013-04-01
216

Amazon Route 53 Developer Guide
Values for Failover Alias Resource Record Sets

If you used one account to create the current hosted zone and one or more different accounts to
create all of your distributions, the Alias Targets list shows No Targets Available under CloudFront
Distributions.

Important
Do not route queries to a CloudFront distribution that has not propagated to all edge locations,
or your users won't be able to access the applicable content.
Your CloudFront distribution must include an alternate domain name that matches the name of the
resource record set. For example, if the name of the resource record set is acme.example.com,
your CloudFront distribution must include acme.example.com as one of the alternate domain names.
For more information, see Using Alternate Domain Names (CNAMEs) in the Amazon CloudFront
Developer Guide.
Elastic Beanstalk environments that have regionalized subdomains
For Elastic Beanstalk environments that have regionalized subdomains, do one of the following:
• If you used the same account to create your Amazon Route 53 hosted zone and your Elastic
Beanstalk environment – Choose Alias Target, and then choose an environment from the list.
If you have a lot of environments, you can type the first few characters of the CNAME attribute for
the environment to filter the list.
• If you used different accounts to create your Amazon Route 53 hosted zone and your Elastic
Beanstalk environment – Enter the CNAME attribute for the Elastic Beanstalk environment.
ELB Load Balancers
For ELB load balancers, do one of the following:
• If you used the same account to create your Amazon Route 53 hosted zone and your load
balancer – Choose Alias Target and choose a load balancer from the list. If you have a lot of load
balancers, you can type the first few characters of the DNS name to filter the list.
• If you used different accounts to create your Amazon Route 53 hosted zone and your load
balancer – Enter the value that you got in the procedure Getting the DNS Name for an ELB Load
Balancer (p. 185).
If you used one AWS account to create the current hosted zone and a different account to create
a load balancer, the load balancer will not appear in the Alias Targets list.
If you used one account to create the current hosted zone and one or more different accounts to
create all of your load balancers, the Alias Targets list shows No Targets Available under Elastic
Load Balancers.
In either case, the console prepends dualstack. to the DNS name.
Amazon S3 Buckets
For Amazon S3 buckets that are configured as website endpoints, do one of the following:
• If you used the same account to create your Amazon Route 53 hosted zone and your Amazon
S3 bucket – Choose Alias Target and choose a bucket from the list. If you have a lot of buckets,
you can type the first few characters of the DNS name to filter the list.
The value of Alias Target changes to the Amazon S3 website endpoint for your bucket.
• If you used different accounts to create your Amazon Route 53 hosted zone and your Amazon
S3 bucket – Enter the domain name of the Amazon S3 website endpoint in the following format:
s3-website-region.amazonaws.com

The region value represents the Amazon S3 region in which the bucket is hosted; for example,
us-east-1.
If you used one AWS account to create the current hosted zone and a different account to create
an Amazon S3 bucket, the bucket will not appear in the Alias Targets list.

API Version 2013-04-01
217

Amazon Route 53 Developer Guide
Values for Failover Alias Resource Record Sets

If you used one account to create the current hosted zone and one or more different accounts to
create all of your Amazon S3 buckets, the Alias Targets list shows No Targets Available under
S3 Website Endpoints.
In a group of weighted alias, latency alias, failover alias, or geolocation alias resource record sets,
you can create only one resource record set that routes queries to an Amazon S3 bucket because
the name of the resource record set must match the name of the bucket and bucket names must be
globally unique.
The name of the resource record set must match the name of your Amazon S3 bucket. For example,
if the name of your Amazon S3 bucket is acme.example.com, the name of this resource record set
must also be acme.example.com.
You must configure the bucket for website hosting. For more information, see Configure a Bucket
for Website Hosting in the Amazon Simple Storage Service Developer Guide.
Resource Record Sets in this Hosted Zone
For resource record sets in this hosted zone, choose Alias Target and choose the applicable resource
record set. If you have a lot of resource record sets, you can type the first few characters of the name
to filter the list.
If the hosted zone contains only the default NS and SOA resource record sets, the Alias Targets
list shows No Targets Available.

Alias Hosted Zone ID
This value appears automatically based on the value that you selected or entered for Alias Target.

Routing Policy
Select Failover.

Failover Record Type
Choose the applicable value for this resource record set. For failover to function correctly, you must create
one primary and one secondary failover resource record set.
You can't create non-failover resource record sets that have the same values for Name and Type as
failover resource record sets.

Set ID
Enter a value that uniquely identifies the primary and secondary resource record sets.

Associate with Health Check/Health Check to Associate
Select Yes if you want Amazon Route 53 to check the health of a specified endpoint and to respond to
DNS queries using this resource record set only when the endpoint is healthy. Then select the health
check that you want Amazon Route 53 to perform for this resource record set.
Amazon Route 53 doesn't check the health of the endpoint specified in the resource record set, for
example, the endpoint specified by the IP address in the Value field. When you select a health check for
a resource record set, Amazon Route 53 checks the health of the endpoint that you specified in the health
check. For information about how Amazon Route 53 determines whether an endpoint is healthy, see How
Amazon Route 53 Determines Whether an Endpoint Is Healthy (p. 254).

API Version 2013-04-01
218

Amazon Route 53 Developer Guide
Values for Failover Alias Resource Record Sets

Associating a health check with a resource record set is useful only when Amazon Route 53 is choosing
between two or more resource record sets to respond to a DNS query, and you want Amazon Route 53
to base the choice in part on the status of a health check. Use health checks only in the following
configurations:
• You're checking the health of the resource record sets in a weighted, latency, geolocation, or failover
resource record set, and you specify health check IDs for all of the resource record sets. If the health
check for a resource record set specifies an endpoint that is not healthy, Amazon Route 53 stops
responding to queries using the value for that resource record set.
• You select Yes for Evaluate Target Health for the resource record sets in an alias, weighted alias,
latency alias, geolocation alias, or failover alias resource record set, and you specify health checks for
all of the resource record sets that are referenced by the alias resource record sets.
For geolocation resource record sets, if an endpoint is unhealthy, Amazon Route 53 looks for a resource
record set for the larger, associated geographic region. For example, suppose you have resource record
sets for a state in the United States, for the United States, for North America, and for all locations (Location
is Default). If the endpoint for the state resource record set is unhealthy, Amazon Route 53 checks the
resource record sets for the United States, for North America, and for all locations, in that order, until it
finds a resource record set for which the endpoint is healthy.
If your health checks specify the endpoint only by domain name, we recommend that you create a separate
health check for each endpoint. For example, create a health check for each HTTP server that is serving
content for www.example.com. For the value of Domain Name, specify the domain name of the server
(such as us-east-1-www.example.com), not the name of the resource record sets (example.com).

Important
In this configuration, if you create a health check for which the value of Domain Name matches
the name of the resource record sets and then associate the health check with those resource
record sets, health check results will be unpredictable.
For more information about checking the health of endpoints, see Amazon Route 53 Health Checks and
DNS Failover (p. 245).

API Version 2013-04-01
219

Amazon Route 53 Developer Guide
Values for Geolocation Resource Record Sets

Values for Geolocation Resource Record Sets
When you create geolocation resource record sets, you specify the following values:

Note
Creating geolocation resource record sets in private hosted zones is not supported.
Topics
• Name (p. 220)
• Type (p. 220)
• Alias (p. 220)
• TTL (Time to Live) (p. 220)
• Value (p. 221)
• Routing Policy (p. 221)
• Location (p. 221)
• Sublocation (p. 222)
• Set ID (p. 223)
• Associate with Health Check/Health Check to Associate (p. 223)

Name
Enter the name of the domain or subdomain for which you're creating the resource record set. The default
value is the name of the hosted zone. If you're creating a resource record set that has the same name
as the hosted zone, don't enter a value (for example, an @ symbol) in the Name field.
For information about how to specify characters other than a-z, 0-9, and - (hyphen) and how to specify
internationalized domain names, see DNS Domain Name Format (p. 2).
Enter the same name for all of the resource record sets in the group of geolocation resource record sets.
You can use an asterisk (*) character in the name. DNS treats the * character either as a wildcard or as
the * character (ASCII 42), depending on where it appears in the name. For more information, see Using
an Asterisk (*) in the Names of Hosted Zones and Resource Record Sets (p. 3).

Type
The DNS record type. For more information, see Supported DNS Resource Record Types (p. 4).
Select the same value for all of the resource record sets in the group of geolocation resource record sets.

Alias
Select No.

TTL (Time to Live)
The amount of time, in seconds, that you want DNS recursive resolvers to cache information about this
resource record set. If you specify a longer value (for example, 172800 seconds, or two days), you pay
less for Amazon Route 53 service because recursive resolvers send requests to Amazon Route 53 less
often. However, it takes longer for changes to the resource record set (for example, a new IP address)
to take effect because recursive resolvers use the values in their cache for longer periods instead of
asking Amazon Route 53 for the latest information.

API Version 2013-04-01
220

Amazon Route 53 Developer Guide
Values for Geolocation Resource Record Sets

If you're associating this resource record set with a health check, we recommend that you specify a TTL
of 60 seconds or less so clients respond quickly to changes in health status.
You must specify the same value for TTL for all of the resource record sets in this group of geolocation
resource record sets.

Value
Enter a value that is appropriate for the value of Type. For all types except CNAME, you can enter more
than one value. Enter each value on a separate line.
A — IPv4 address
An IP address in IPv4 format, for example, 192.0.2.235.
AAAA — IPv6 address
An IP address in IPv6 format, for example, 2001:0db8:85a3:0:0:8a2e:0370:7334.
CNAME — Canonical name
The fully qualified domain name (for example, www.example.com) that you want Amazon Route 53
to return in response to DNS queries for this resource record set. A trailing dot is optional; Amazon
Route 53 assumes that the domain name is fully qualified. This means that Amazon Route 53 treats
www.example.com (without a trailing dot) and www.example.com. (with a trailing dot) as identical.
MX — Mail exchange
A priority and a domain name that specifies a mail server, for example, 10 mailserver.example.com.
PTR — Pointer
The domain name that you want Amazon Route 53 to return.
SPF — Sender Policy Framework
An SPF record enclosed in quotation marks, for example, "v=spf1 ip4:192.168.0.1/16-all". SPF
records are not recommended. For more information, see Supported DNS Resource Record
Types (p. 4).
SRV — Service locator
An SRV record. For information about SRV record format, refer to the applicable documentation.
The format of an SRV record is:
[priority] [weight] [port] [server host name]
For example:
1 10 5269 xmpp-server.example.com.
TXT — Text
A text record. Enclose text in quotation marks, for example, "Sample Text Entry".

Routing Policy
Select Geolocation.

Location
When you configure Amazon Route 53 to respond to DNS queries based on the location from which the
queries originated, select the continent or country for which you want Amazon Route 53 to respond with
the settings in this resource record set. If you want Amazon Route 53 to respond to DNS queries for
individual states in the United States, select United States from the Location list, and then select the
state from the Sublocation list.

API Version 2013-04-01
221

Amazon Route 53 Developer Guide
Values for Geolocation Resource Record Sets

Important
We recommend that you create one geolocation resource record set for which the value of
Location is Default to cover geographic locations for which you haven't created resource record
sets and to cover IP addresses for which Amazon Route 53 can't identify a location.
You can't create non-geolocation resource record sets that have the same values for Name and Type
as geolocation resource record sets.
For more information, see Geolocation Routing (p. 181).
Here are the countries that Amazon Route 53 associates with each continent. The country codes are
from ISO 3166. For more information, see the Wikipedia article ISO 3166-1 alpha-2:
Africa (AF)
AO, BF, BI, BJ, BW, CD, CF, CG, CI, CM, CV, DJ, DZ, EG, ER, ET, GA, GH, GM, GN, GQ, GW,
KE, KM, LR, LS, LY, MA, MG, ML, MR, MU, MW, MZ, NA, NE, NG, RE, RW, SC, SD, SH, SL, SN,
SO, SS, ST, SZ, TD, TG, TN, TZ, UG, YT, ZA, ZM, ZW
Antarctica (AN)
AQ, GS, TF
Asia (AS)
AE, AF, AM, AZ, BD, BH, BN, BT, CC, CN, GE, HK, ID, IL, IN, IO, IQ, IR, JO, JP, KG, KH, KP, KR,
KW, KZ, LA, LB, LK, MM, MN, MO, MV, MY, NP, OM, PH, PK, PS, QA, SA, SG, SY, TH, TJ, TM,
TR, TW, UZ, VN, YE
Europe (EU)
AD, AL, AT, AX, BA, BE, BG, BY, CH, CY, CZ, DE, DK, EE, ES, FI, FO, FR, GB, GG, GI, GR, HR,
HU, IE, IM, IS, IT, JE, LI, LT, LU, LV, MC, MD, ME, MK, MT, NL, NO, PL, PT, RO, RS, RU, SE, SI,
SJ, SK, SM, UA, VA, XK
North America (NA)
AG, AI, AW, BB, BL, BM, BQ, BS, BZ, CA, CR, CU, CW, DM, DO, GD, GL, GP, GT, HN, HT, JM,
KN, KY, LC, MF, MQ, MS, MX, NI, PA, PM, PR, SV, SX, TC, TT, US, VC, VG, VI
Oceania (OC)
AS, AU, CK, FJ, FM, GU, KI, MH, MP, NC, NF, NR, NU, NZ, PF, PG, PN, PW, SB, TK, TL, TO, TV,
UM, VU, WF, WS
South America (SA)
AR, BO, BR, CL, CO, EC, FK, GF, GY, PE, PY, SR, UY, VE

Note
Amazon Route 53 doesn't support creating geolocation resource record sets for the following
countries: Bouvet Island (BV), Christmas Island (CX), Western Sahara (EH), and Heard Island
and McDonald Islands (HM). No data is available about IP addresses for these countries.

Sublocation
When you configure Amazon Route 53 to respond to DNS queries based on the state of the United States
from which the queries originated, select the state from the Sublocations list. United States territories
(for example, Puerto Rico) are listed as countries in the Location list.

Important
Some IP addresses are associated with the United States, but not with an individual state. If you
create resource record sets for all of the states in the United States, we recommend that you
also create a resource record set for the United States to route queries for these unassociated
IP addresses. If you don't create a resource record set for the United States, Amazon Route 53
responds to DNS queries from unassociated United States IP addresses with settings from the
default geolocation resource record set (if you created one) or with a "no answer" response.

API Version 2013-04-01
222

Amazon Route 53 Developer Guide
Values for Geolocation Resource Record Sets

Set ID
Enter a value that uniquely identifies this resource record set in the group of geolocation resource record
sets.

Associate with Health Check/Health Check to Associate
Select Yes if you want Amazon Route 53 to check the health of a specified endpoint and to respond to
DNS queries using this resource record set only when the endpoint is healthy. Then select the health
check that you want Amazon Route 53 to perform for this resource record set.
Amazon Route 53 doesn't check the health of the endpoint specified in the resource record set, for
example, the endpoint specified by the IP address in the Value field. When you select a health check for
a resource record set, Amazon Route 53 checks the health of the endpoint that you specified in the health
check. For information about how Amazon Route 53 determines whether an endpoint is healthy, see How
Amazon Route 53 Determines Whether an Endpoint Is Healthy (p. 254).
Associating a health check with a resource record set is useful only when Amazon Route 53 is choosing
between two or more resource record sets to respond to a DNS query, and you want Amazon Route 53
to base the choice in part on the status of a health check. Use health checks only in the following
configurations:
• You're checking the health of the resource record sets in a weighted, latency, geolocation, or failover
resource record set, and you specify health check IDs for all of the resource record sets. If the health
check for a resource record set specifies an endpoint that is not healthy, Amazon Route 53 stops
responding to queries using the value for that resource record set.
• You select Yes for Evaluate Target Health for the resource record sets in an alias, weighted alias,
latency alias, geolocation alias, or failover alias resource record set, and you specify health checks for
all of the resource record sets that are referenced by the alias resource record sets.
For geolocation resource record sets, if an endpoint is unhealthy, Amazon Route 53 looks for a resource
record set for the larger, associated geographic region. For example, suppose you have resource record
sets for a state in the United States, for the United States, for North America, and for all locations (Location
is Default). If the endpoint for the state resource record set is unhealthy, Amazon Route 53 checks the
resource record sets for the United States, for North America, and for all locations, in that order, until it
finds a resource record set for which the endpoint is healthy.
If your health checks specify the endpoint only by domain name, we recommend that you create a separate
health check for each endpoint. For example, create a health check for each HTTP server that is serving
content for www.example.com. For the value of Domain Name, specify the domain name of the server
(such as us-east-1-www.example.com), not the name of the resource record sets (example.com).

Important
In this configuration, if you create a health check for which the value of Domain Name matches
the name of the resource record sets and then associate the health check with those resource
record sets, health check results will be unpredictable.
For more information about checking the health of endpoints, see Amazon Route 53 Health Checks and
DNS Failover (p. 245).

API Version 2013-04-01
223

Amazon Route 53 Developer Guide
Values for Geolocation Alias Resource Record Sets

Values for Geolocation Alias Resource Record
Sets
When you create geolocation alias resource record sets, you specify the following values:

Note
Creating geolocation alias resource record sets in private hosted zones is not supported.
Topics
• Name (p. 224)
• Type (p. 225)
• Alias (p. 225)
• Alias Target (p. 225)
• Alias Hosted Zone ID (p. 227)
•
•
•
•
•
•

Routing Policy (p. 227)
Location (p. 227)
Sublocation (p. 228)
Set ID (p. 228)
Evaluate Target Health (p. 228)
Associate with Health Check/Health Check to Associate (p. 229)

Name
Enter the name of the domain or subdomain for which you're creating the resource record set. The default
value is the name of the hosted zone. If you're creating a resource record set that has the same name
as the hosted zone, don't enter a value (for example, an @ symbol) in the Name field.
For information about how to specify characters other than a-z, 0-9, and - (hyphen) and how to specify
internationalized domain names, see DNS Domain Name Format (p. 2).
Enter the same name for all of the resource record sets in the group of geolocation resource record sets.
You can use an asterisk (*) character in the name. DNS treats the * character either as a wildcard or as
the * character (ASCII 42), depending on where it appears in the name. For more information, see Using
an Asterisk (*) in the Names of Hosted Zones and Resource Record Sets (p. 3).
The value that you specify depends in part on the AWS resource for which you're creating an alias resource
record set:
CloudFront Distributions
Your CloudFront distribution must include an alternate domain name that matches the name of the
resource record set. For example, if the name of the resource record set is acme.example.com,
your CloudFront distribution must include acme.example.com as one of the alternate domain names.
For more information, see Using Alternate Domain Names (CNAMEs) in the Amazon CloudFront
Developer Guide.
Amazon S3 Buckets
The name of the resource record set must match the name of your Amazon S3 bucket. For example,
if the name of your Amazon S3 bucket is acme.example.com, the name of this resource record set
must also be acme.example.com.
In addition, you must configure the bucket for website hosting. For more information, see Configure
a Bucket for Website Hosting in the Amazon Simple Storage Service Developer Guide.

API Version 2013-04-01
224

Amazon Route 53 Developer Guide
Values for Geolocation Alias Resource Record Sets

Type
The DNS record type. For more information, see Supported DNS Resource Record Types (p. 4).
Select the applicable value based on the AWS resource for which you're creating a resource record set:
CloudFront distribution
Select A — IPv4 address
Elastic Beanstalk environment that has regionalized subdomains
Select A — IPv4 address
ELB load balancer
Select A — IPv4 address or AAAA — IPv6 address
Amazon S3 bucket
Select A — IPv4 address
Another resource record set in this hosted zone
Select the type of the resource record set for which you're creating the alias. Select any value except
NS or SOA.
Select the same value for all of the resource record sets in the group of geolocation resource record sets.

Alias
Select Yes.

Alias Target
The value that you specify depends on the AWS resource for which you're creating an alias resource
record set.
CloudFront Distributions

Note
You can't create alias resource record sets for CloudFront distributions in a private hosted
zone.
For CloudFront distributions, do one of the following:
• If you used the same account to create your Amazon Route 53 hosted zone and your
CloudFront distribution – Choose Alias Target and choose a distribution from the list. If you
have a lot of distributions, you can type the first few characters of the domain name for your
distribution to filter the list.
If your distribution doesn't appear in the list, note the following:
• The name of this resource record set must match an alternate domain name in your distribution.
• If you just added an alternate domain name to your distribution, it may take 15 minutes for your
changes to propagate to all CloudFront edge locations. Until changes have propagated, Amazon
Route 53 can't know about the new alternate domain name.
• If you used different accounts to create your Amazon Route 53 hosted zone and your
distribution – Enter the CloudFront domain name for the distribution, such as
d111111abcdef8.cloudfront.net.
If you used one AWS account to create the current hosted zone and a different account to create
a distribution, the distribution will not appear in the Alias Targets list.

API Version 2013-04-01
225

Amazon Route 53 Developer Guide
Values for Geolocation Alias Resource Record Sets

If you used one account to create the current hosted zone and one or more different accounts to
create all of your distributions, the Alias Targets list shows No Targets Available under CloudFront
Distributions.

Important
Do not route queries to a CloudFront distribution that has not propagated to all edge locations,
or your users won't be able to access the applicable content.
Your CloudFront distribution must include an alternate domain name that matches the name of the
resource record set. For example, if the name of the resource record set is acme.example.com,
your CloudFront distribution must include acme.example.com as one of the alternate domain names.
For more information, see Using Alternate Domain Names (CNAMEs) in the Amazon CloudFront
Developer Guide.
Elastic Beanstalk environments that have regionalized subdomains
For Elastic Beanstalk environments that have regionalized subdomains, do one of the following:
• If you used the same account to create your Amazon Route 53 hosted zone and your Elastic
Beanstalk environment – Choose Alias Target, and then choose an environment from the list.
If you have a lot of environments, you can type the first few characters of the CNAME attribute for
the environment to filter the list.
• If you used different accounts to create your Amazon Route 53 hosted zone and your Elastic
Beanstalk environment – Enter the CNAME attribute for the Elastic Beanstalk environment.
ELB Load Balancers
For ELB load balancers, do one of the following:
• If you used the same account to create your Amazon Route 53 hosted zone and your load
balancer – Choose Alias Target and choose a load balancer from the list. If you have a lot of load
balancers, you can type the first few characters of the DNS name to filter the list.
• If you used different accounts to create your Amazon Route 53 hosted zone and your load
balancer – Enter the value that you got in the procedure Getting the DNS Name for an ELB Load
Balancer (p. 185).
If you used one AWS account to create the current hosted zone and a different account to create
a load balancer, the load balancer will not appear in the Alias Targets list.
If you used one account to create the current hosted zone and one or more different accounts to
create all of your load balancers, the Alias Targets list shows No Targets Available under Elastic
Load Balancers.
In either case, the console prepends dualstack. to the DNS name.
Amazon S3 Buckets
For Amazon S3 buckets that are configured as website endpoints, do one of the following:
• If you used the same account to create your Amazon Route 53 hosted zone and your Amazon
S3 bucket – Choose Alias Target and choose a bucket from the list. If you have a lot of buckets,
you can type the first few characters of the DNS name to filter the list.
The value of Alias Target changes to the Amazon S3 website endpoint for your bucket.
• If you used different accounts to create your Amazon Route 53 hosted zone and your Amazon
S3 bucket – Enter the domain name of the Amazon S3 website endpoint in the following format:
s3-website-region.amazonaws.com

The region value represents the Amazon S3 region in which the bucket is hosted; for example,
us-east-1.
If you used one AWS account to create the current hosted zone and a different account to create
an Amazon S3 bucket, the bucket will not appear in the Alias Targets list.

API Version 2013-04-01
226

Amazon Route 53 Developer Guide
Values for Geolocation Alias Resource Record Sets

If you used one account to create the current hosted zone and one or more different accounts to
create all of your Amazon S3 buckets, the Alias Targets list shows No Targets Available under
S3 Website Endpoints.
In a group of weighted alias, latency alias, failover alias, or geolocation alias resource record sets,
you can create only one resource record set that routes queries to an Amazon S3 bucket because
the name of the resource record set must match the name of the bucket and bucket names must be
globally unique.
The name of the resource record set must match the name of your Amazon S3 bucket. For example,
if the name of your Amazon S3 bucket is acme.example.com, the name of this resource record set
must also be acme.example.com.
You must configure the bucket for website hosting. For more information, see Configure a Bucket
for Website Hosting in the Amazon Simple Storage Service Developer Guide.
Resource Record Sets in this Hosted Zone
For resource record sets in this hosted zone, choose Alias Target and choose the applicable resource
record set. If you have a lot of resource record sets, you can type the first few characters of the name
to filter the list.
If the hosted zone contains only the default NS and SOA resource record sets, the Alias Targets
list shows No Targets Available.

Alias Hosted Zone ID
This value appears automatically based on the value that you selected or entered for Alias Target.

Routing Policy
Select Geolocation.

Note
Creating geolocation alias resource record sets in a private hosted zone is unsupported.

Location
When you configure Amazon Route 53 to respond to DNS queries based on the location from which the
queries originated, select the continent or country for which you want Amazon Route 53 to respond with
the settings in this resource record set. If you want Amazon Route 53 to respond to DNS queries for
individual states in the United States, select United States from the Location list, and then select the
state from the Sublocation list.

Important
We recommend that you create one geolocation resource record set for which the value of
Location is Default to cover geographic locations for which you haven't created resource record
sets and to cover IP addresses for which Amazon Route 53 can't identify a location.
You can't create non-geolocation resource record sets that have the same values for Name and Type
as geolocation resource record sets.
For more information, see Geolocation Routing (p. 181).
Here are the countries that Amazon Route 53 associates with each continent. The country codes are
from ISO 3166. For more information, see the Wikipedia article ISO 3166-1 alpha-2:

API Version 2013-04-01
227

Amazon Route 53 Developer Guide
Values for Geolocation Alias Resource Record Sets

Africa (AF)
AO, BF, BI, BJ, BW, CD, CF, CG, CI, CM, CV, DJ, DZ, EG, ER, ET, GA, GH, GM, GN, GQ, GW,
KE, KM, LR, LS, LY, MA, MG, ML, MR, MU, MW, MZ, NA, NE, NG, RE, RW, SC, SD, SH, SL, SN,
SO, SS, ST, SZ, TD, TG, TN, TZ, UG, YT, ZA, ZM, ZW
Antarctica (AN)
AQ, GS, TF
Asia (AS)
AE, AF, AM, AZ, BD, BH, BN, BT, CC, CN, GE, HK, ID, IL, IN, IO, IQ, IR, JO, JP, KG, KH, KP, KR,
KW, KZ, LA, LB, LK, MM, MN, MO, MV, MY, NP, OM, PH, PK, PS, QA, SA, SG, SY, TH, TJ, TM,
TR, TW, UZ, VN, YE
Europe (EU)
AD, AL, AT, AX, BA, BE, BG, BY, CH, CY, CZ, DE, DK, EE, ES, FI, FO, FR, GB, GG, GI, GR, HR,
HU, IE, IM, IS, IT, JE, LI, LT, LU, LV, MC, MD, ME, MK, MT, NL, NO, PL, PT, RO, RS, RU, SE, SI,
SJ, SK, SM, UA, VA, XK
North America (NA)
AG, AI, AW, BB, BL, BM, BQ, BS, BZ, CA, CR, CU, CW, DM, DO, GD, GL, GP, GT, HN, HT, JM,
KN, KY, LC, MF, MQ, MS, MX, NI, PA, PM, PR, SV, SX, TC, TT, US, VC, VG, VI
Oceania (OC)
AS, AU, CK, FJ, FM, GU, KI, MH, MP, NC, NF, NR, NU, NZ, PF, PG, PN, PW, SB, TK, TL, TO, TV,
UM, VU, WF, WS
South America (SA)
AR, BO, BR, CL, CO, EC, FK, GF, GY, PE, PY, SR, UY, VE

Note
Amazon Route 53 doesn't support creating geolocation resource record sets for the following
countries: Bouvet Island (BV), Christmas Island (CX), Western Sahara (EH), and Heard Island
and McDonald Islands (HM). No data is available about IP addresses for these countries.

Sublocation
When you configure Amazon Route 53 to respond to DNS queries based on the state of the United States
from which the queries originated, select the state from the Sublocations list. United States territories
(for example, Puerto Rico) are listed as countries in the Location list.

Important
Some IP addresses are associated with the United States, but not with an individual state. If you
create resource record sets for all of the states in the United States, we recommend that you
also create a resource record set for the United States to route queries for these unassociated
IP addresses. If you don't create a resource record set for the United States, Amazon Route 53
responds to DNS queries from unassociated United States IP addresses with settings from the
default geolocation resource record set (if you created one) or with a "no answer" response.

Set ID
Enter a value that uniquely identifies this resource record set in the group of geolocation resource record
sets.

Evaluate Target Health
Select Yes if you want Amazon Route 53 to determine whether to respond to DNS queries using this
resource record set by checking the health of the resource record set specified by Alias Target.
Some AWS resources have special requirements:

API Version 2013-04-01
228

Amazon Route 53 Developer Guide
Values for Geolocation Alias Resource Record Sets

• CloudFront distributions – You cannot set Evaluate Target Health to Yes when the alias target is
a CloudFront distribution.
• Elastic Beanstalk environments that have regionalized endpoints – If you specify an Elastic
Beanstalk environment in Alias Target and the environment contains an ELB load balancer, Elastic
Load Balancing routes queries only to the healthy Amazon EC2 instances that are registered with the
load balancer. (An environment automatically contains an ELB load balancer if it includes more than
one Amazon EC2 instance.) If you set Evaluate Target Health to Yes and either no Amazon EC2
instances are healthy or the load balancer itself is unhealthy, Amazon Route 53 routes queries to other
available resources that are healthy, if any.
If the environment contains a single Amazon EC2 instance, there are no special requirements.
• ELB load balancers – If you specify an ELB load balancer in Alias Target, Elastic Load Balancing
routes queries only to the healthy Amazon EC2 instances that are registered with the load balancer. If
you set Evaluate Target Health to Yes and either no Amazon EC2 instances are healthy or the load
balancer itself is unhealthy, Amazon Route 53 routes queries to other resources.
When you create a load balancer, you configure settings for Elastic Load Balancing health checks;
they're not Amazon Route 53 health checks, but they perform a similar function. Do not create Amazon
Route 53 health checks for the Amazon EC2 instances that you register with an ELB load balancer.
For more information, see How Health Checks Work in Complex Amazon Route 53
Configurations (p. 264).
• Other resource record sets – If the AWS resource that you specify in Alias Target is a resource
record set or a group of resource record sets (for example, a group of weighted resource record sets)
but is not another alias resource record set, we recommend that you associate a health check with all
of the resource record sets in the alias target. For more information, see What Happens When You
Omit Health Checks? (p. 267).
We recommend that you set Evaluate Target Health to Yes only when you have enough idle capacity
to handle the failure of one or more endpoints.

Associate with Health Check/Health Check to Associate
Select Yes if you want Amazon Route 53 to check the health of a specified endpoint and to respond to
DNS queries using this resource record set only when the endpoint is healthy. Then select the health
check that you want Amazon Route 53 to perform for this resource record set.
Amazon Route 53 doesn't check the health of the endpoint specified in the resource record set, for
example, the endpoint specified by the IP address in the Value field. When you select a health check for
a resource record set, Amazon Route 53 checks the health of the endpoint that you specified in the health
check. For information about how Amazon Route 53 determines whether an endpoint is healthy, see How
Amazon Route 53 Determines Whether an Endpoint Is Healthy (p. 254).
Associating a health check with a resource record set is useful only when Amazon Route 53 is choosing
between two or more resource record sets to respond to a DNS query, and you want Amazon Route 53
to base the choice in part on the status of a health check. Use health checks only in the following
configurations:
• You're checking the health of the resource record sets in a weighted, latency, geolocation, or failover
resource record set, and you specify health check IDs for all of the resource record sets. If the health
check for a resource record set specifies an endpoint that is not healthy, Amazon Route 53 stops
responding to queries using the value for that resource record set.
• You select Yes for Evaluate Target Health for the resource record sets in an alias, weighted alias,
latency alias, geolocation alias, or failover alias resource record set, and you specify health checks for
all of the resource record sets that are referenced by the alias resource record sets.

API Version 2013-04-01
229

Amazon Route 53 Developer Guide
Creating Resource Record Sets By Importing a Zone
File

For geolocation resource record sets, if an endpoint is unhealthy, Amazon Route 53 looks for a resource
record set for the larger, associated geographic region. For example, suppose you have resource record
sets for a state in the United States, for the United States, for North America, and for all locations (Location
is Default). If the endpoint for the state resource record set is unhealthy, Amazon Route 53 checks the
resource record sets for the United States, for North America, and for all locations, in that order, until it
finds a resource record set for which the endpoint is healthy.
If your health checks specify the endpoint only by domain name, we recommend that you create a separate
health check for each endpoint. For example, create a health check for each HTTP server that is serving
content for www.example.com. For the value of Domain Name, specify the domain name of the server
(such as us-east-1-www.example.com), not the name of the resource record sets (example.com).

Important
In this configuration, if you create a health check for which the value of Domain Name matches
the name of the resource record sets and then associate the health check with those resource
record sets, health check results will be unpredictable.
For more information about checking the health of endpoints, see Amazon Route 53 Health Checks and
DNS Failover (p. 245).

Creating Resource Record Sets By Importing a
Zone File
If you're migrating from another DNS service provider, and if your current DNS service provider lets you
export your current DNS settings to a zone file, you can quickly create all of the resource record sets for
an Amazon Route 53 hosted zone by importing a zone file.

Note
A zone file uses a standard format known as BIND to represent resource record sets in a text
format. For information about the format of a zone file, see the Wikipedia entry Zone file. Additional
information is available in RFC 1034, Domain Names—Concepts and Facilities section 3.6.1,
and RFC 1035, Domain Names—Implementation and Specification section 5.
If you want to create resource record sets by importing a zone file, note the following:
• The zone file must be in RFC-compliant format.
• The hosted zone must be empty except for the default NS and SOA records.
• The domain name of the resource record sets in the zone file must match the name of the hosted zone.
• Amazon Route 53 supports the $ORIGIN and $TTL keywords. If the zone file includes $GENERATE or
$INCLUDE keywords, the import fails and Amazon Route 53 returns an error.
• When you import the zone file, Amazon Route 53 ignores the SOA record in the zone file. Amazon
Route 53 also ignores any NS records that have the same name as the hosted zone.
• You can import a maximum of 1000 resource record sets. If you need to import more than 1000 records,
you may be able to use the BIND to Amazon Route 53 Conversion Tool.
• When the name of a resource record set in the zone file includes a trailing dot (example.com.), the
import process interprets the name as a fully qualified domain name and creates an Amazon Route 53
resource record set with that name.
When the name of a resource record set in the zone file does not include a trailing dot (www), the import
process concatenates that name with the domain name in the zone file (example.com) and creates
an Amazon Route 53 resource record set with the concatenated name (www.example.com).
If you use the GoDaddy export process to create a zone file, you might need to edit the zone file to add
a trailing dot to MX resource record sets before you import the zone file into your hosted zone. The
export process currently doesn't add a trailing dot to the fully qualified domain names of MX resource
API Version 2013-04-01
230

Amazon Route 53 Developer Guide
Creating Resource Record Sets By Importing a Zone
File

record sets, so the Amazon Route 53 import process adds the domain name to the name of the resource
record set. For example, suppose you're importing resource record sets into the hosted zone
example.com and the name of an MX record in the zone file is mail.example.com, with no trailing
dot. The Amazon Route 53 import process creates an MX resource record set named
mail.example.com.example.com.

Important
For CNAME, MX, PTR, and SRV resource record sets, this behavior also applies to the domain
name that is included in the RDATA value. For example, suppose you have a zone file for
example.com. If a CNAME resource record set in the zone file (support, without a trailing
dot) has an RDATA value of www.example.com (also without a trailing dot), the import process
creates an Amazon Route 53 resource record set with the name support.example.com
that routes traffic to www.example.com.example.com. Before you import your zone file,
review RDATA values and update as applicable.

Amazon Route 53 doesn't support exporting resource record sets to a zone file.

To create resource record sets by importing a zone file
1.

2.
3.

Get a zone file from the DNS service provider that is currently servicing the domain. The process
and terminology vary from one service provider to another. Refer to your provider's interface and
documentation for information about exporting or saving your records in a zone file or a BIND file.
If the process isn't obvious, try asking your current DNS provider's customer support for your records
list or zone file information.
Sign in to the AWS Management Console and open the Amazon Route 53 console at https://
console.aws.amazon.com/route53/.
On the Hosted Zones page, create a new hosted zone:
a.
b.
c.

4.
5.
6.
7.

Click Create Hosted Zone.
Enter the name of your domain and, optionally, a comment. Note that the comment can't be
edited later.
Click Create.

On the Hosted Zones page, double-click the name of your new hosted zone.
Click Import Zone File.
In the Import Zone File pane, paste the contents of your zone file into the Zone File text box.
Click Import.

Note
Depending on the number of resource record sets in your zone file, you may have to wait
a few minutes for the resource record sets to be created.
8.

If you're using another DNS service for the domain (which is common if you registered the domain
with another registrar), migrate DNS service to Amazon Route 53. When that step is complete, your
registrar will start to identify Amazon Route 53 as your DNS service in response to DNS queries for
your domain, and the queries will start being sent to Amazon Route 53 DNS servers. (Typically,
there's a day or two of delay before DNS queries start being routed to Amazon Route 53 because
information about your previous DNS service is cached on DNS resolvers for that long.) For more
information, see Migrating DNS Service for an Existing Domain to Amazon Route 53 (p. 141).

API Version 2013-04-01
231

Amazon Route 53 Developer Guide
Editing Resource Record Sets

Editing Resource Record Sets
The following procedure explains how to edit resource record sets using the Amazon Route 53 console.
For information about how to edit resource record sets using the Amazon Route 53 API, see POST
ChangeResourceRecordSets in the Amazon Route 53 API Reference.

Note
Your changes to resource record sets take time to propagate to the Amazon Route 53 DNS
servers. Currently, the only way to verify that changes have propagated is to use the GetChange
API action. Changes generally propagate to all Amazon Route 53 name servers in a couple of
minutes. In rare circumstances, propagation can take up to 30 minutes.

To edit resource record sets using the Amazon Route 53 console
1.

If you're not editing alias resource record sets, skip to step 2.
If you're editing alias resource record sets that route traffic to ELB load balancers, and if you created
your Amazon Route 53 hosted zone and your load balancer using different accounts, perform the
procedure Getting the DNS Name for an ELB Load Balancer (p. 185) to get the DNS name for the
load balancer.

2.
3.
4.
5.
6.
7.

If you're editing alias resource record sets for any other AWS resource, skip to step 2.
Sign in to the AWS Management Console and open the Amazon Route 53 console at https://
console.aws.amazon.com/route53/.
On the Hosted Zones page, double-click the row for the hosted zone in which you want to edit
resource record sets.
Double-click the row for the resource record set that you want to edit.
Enter the applicable values. For more information, see Values that You Specify When You Create
or Edit Amazon Route 53 Resource Record Sets (p. 186).
Click Save Record Set.
If you're editing multiple resource record sets, repeat steps 4 through 6.

Deleting Resource Record Sets
The following procedure explains how to delete resource record sets using the Amazon Route 53 console.
For information about how to delete resource record sets using the Amazon Route 53 API, see POST
ChangeResourceRecordSets in the Amazon Route 53 API Reference.

Note
Your changes to resource record sets take time to propagate to the Amazon Route 53 DNS
servers. Currently, the only way to verify that changes have propagated is to use the GetChange
API action. Changes generally propagate to all Amazon Route 53 name servers in a couple of
minutes. In rare circumstances, propagation can take up to 30 minutes.

To delete resource record sets
1.
2.
3.

Sign in to the AWS Management Console and open the Amazon Route 53 console at https://
console.aws.amazon.com/route53/.
On the Hosted Zones page, double-click the row for the hosted zone that contains resource record
sets that you want to delete.
In the list of resource record sets, select the resource record set that you want to delete.

API Version 2013-04-01
232

Amazon Route 53 Developer Guide
Listing Resource Record Sets

To select multiple, consecutive resource record sets, click the first row, hold the Shift key, and click
the last row. To select multiple, nonconsecutive resource record sets, click the first row, hold the Ctrl
key, and click additional rows.
You cannot delete the resource record sets that have a value of NS or SOA for Type.
4.
5.

Click Delete Record Set.
Click OK to confirm.

Listing Resource Record Sets
The following procedure explains how to use the Amazon Route 53 console to list the resource record
sets in a hosted zone. For information about how to list resource record sets using the Amazon Route 53
API, see GET ListResourceRecordSets in the Amazon Route 53 API Reference.

To list resource record sets
1.
2.

Sign in to the AWS Management Console and open the Amazon Route 53 console at https://
console.aws.amazon.com/route53/.
On the Hosted Zones page, double-click the name of a hosted zone to see its Record Sets page.
To display only selected resource record sets, enter the applicable search criteria above the list of
resource record sets:
• To display the resource record sets that have specific values in either the Name or Value field,
enter a value in the Search field. For example, to display the resource record sets that have an
IP address beginning with 192.0, type that value in the Search field.
• To display only the resource record sets that have the same DNS record type, select the type in
the drop down list.
• To display only alias resource record sets, select Aliases Only.
• To display only weighted resource record sets, select Weighted Only.

API Version 2013-04-01
233

Amazon Route 53 Developer Guide

Using Traffic Flow to Route DNS
Traffic
If you use multiple resources, such as web servers, in multiple locations, it can be a challenge to create
resource record sets for a complex configuration that uses a combination of Amazon Route 53 routing
policies—weighted, latency, failover, and geolocation. You can create resource record sets one at a time,
but it's hard to keep track of the relationships among the resource record sets when you're reviewing the
settings in a table in the console.
If you're using the Amazon Route 53 console, Amazon Route 53 traffic flow provides a visual editor that
helps you create complex trees in a fraction of the time with a fraction of the effort. You can save the
configuration as a traffic policy and then associate the traffic policy with one or more domain names (such
as example.com) or subdomain names (such as www.example.com), in the same hosted zone or in
multiple hosted zones. (You can only use traffic flow to create configurations for public hosted zones.)
You can also use the visual editor to quickly find resources that you need to update and apply the updates
to one or more DNS names such as www.example.com. In addition, you can roll back the updates if the
new configuration isn't performing as you expected it to.
For example, using the traffic flow visual editor, you can easily create a configuration in which you use
geolocation routing to route all users from one country to a single endpoint and then use latency routing
to route all other users to AWS regions based on the latency between your users and those regions. You
might also use failover routing to route users to a primary ELB load balancer within each region when
the load balancer is functioning or to a secondary load balancer when the primary load balancer is
unhealthy or is offline for maintenance.
Here's an overview of how traffic flow works:
1. You use the visual editor to create a traffic policy. A traffic policy includes information about the routing
configuration that you want to create: the routing policies that you want to use and the resources that
you want to route DNS traffic to, such as the IP address of each EC2 instance and the domain name
of each ELB load balancer. You can also associate health checks with your endpoints so that Amazon
Route 53 routes traffic only to healthy resources. (Traffic flow also lets you route traffic to non-AWS
resources.)
2. You create a policy record. This is where you specify the hosted zone (such as example.com) in which
you want to create the configuration that you defined in your traffic policy. It's also where you specify
the DNS name (such as www.example.com) that you want to associate the configuration with. You
can create more than one policy record in the same hosted zone or in different hosted zones by using
the same traffic policy.

API Version 2013-04-01
234

Amazon Route 53 Developer Guide
Creating and Managing Traffic Policies

When you create a policy record, Amazon Route 53 creates a tree of resource record sets. The root
resource record set appears in the list of resource record sets for your hosted zone. The root resource
record set has the DNS name that you specified when you created the policy record. Amazon Route 53
also creates resource record sets for the entire rest of the tree, but it hides them from the list of resource
record sets for your hosted zone.
3. When a user browses to www.example.com, Amazon Route 53 responds to the query based on the
configuration in the traffic policy that you used to create the policy record.
Topics
• Creating and Managing Traffic Policies (p. 235)
• Creating and Managing Policy Records (p. 242)

Creating and Managing Traffic Policies
Topics
• Creating a Traffic Policy (p. 235)
• Values that You Specify When You Create a Traffic Policy (p. 236)
• Creating Additional Versions of a Traffic Policy (p. 238)
• Creating a Traffic Policy by Importing a JSON Document (p. 239)
• Viewing Traffic Policy Versions and the Associated Policy Records (p. 240)
• Deleting Traffic Policy Versions and Traffic Policies (p. 241)

Creating a Traffic Policy
To create a traffic policy, perform the following procedure.

To create a traffic policy
1.
2.
3.

Design your configuration. For information about how complex DNS routing configurations work, see
Configuring DNS Failover (p. 261) in Amazon Route 53 Health Checks and DNS Failover (p. 245).
Based on the design for your configuration, create the health checks that you want to use for your
endpoints.
Sign in to the AWS Management Console and open the Amazon Route 53 console at https://
console.aws.amazon.com/route53/.

4.
5.

In the navigation pane, choose Traffic policies.
Choose Create traffic policy.

6.

On the Name policy page, specify the applicable values. For more information, see Values that You
Specify When You Create a Traffic Policy (p. 236).
Choose Next.

7.
8.

On the policy name page, specify the applicable values. For more information, see Values that You
Specify When You Create a Traffic Policy (p. 236).
You can delete rules, endpoints, and branches of a traffic policy in the following ways:
• To delete a rule or an endpoint, click the x in the upper-right corner of the box.

Important
If you delete a rule that has child rules and endpoints, Amazon Route 53 also deletes all
of the children.

API Version 2013-04-01
235

Amazon Route 53 Developer Guide
Values that You Specify When You Create a Traffic Policy

• If you connect two rules to the same child rule or endpoint and you want to delete one of the
connections, pause your cursor on the connection that you want to delete, and click the x for that
connection.

9.

Choose Next.

10. Optional: Specify the settings to create one or more policy records in one hosted zone by using the
new traffic policy. For more information, see Values that You Specify When You Create or Update
a Policy Record (p. 243). You can also create policy records later, either in the same hosted zone or
in additional hosted zones.
If you don't want to create policy records now, choose Skip this step, and the console displays the
list of traffic policies and policy records that you have created by using the current AWS account.
11. If you specified settings for policy records in the preceding step, choose Create policy record.

Values that You Specify When You Create a Traffic
Policy
When you create a traffic policy, you specify the following values.
•
•
•
•
•
•
•

Policy name
Version
Version description
DNS type
Connect to
Value type
Value

Policy name
Enter a name that describes the traffic policy. This value appears in the list of traffic policies in the
console. You can't change the name of a traffic policy after you create it.
Version
This value is assigned automatically by Amazon Route 53 when you create a traffic policy or a new
version of an existing policy.
Version description
Enter a description that applies to this version of the traffic policy. This value appears in the list of
traffic policy versions in the console.
DNS type
Choose the DNS type that you want Amazon Route 53 to assign to all of the resource record sets
when you create a policy record by using this traffic policy version. For a list of supported types, see
Supported DNS Resource Record Types (p. 4).

Important
If you're creating a new version of an existing traffic policy, you can change the DNS type.
However, you can't edit a policy record and choose a traffic policy version that has a DNS
type that is different from the traffic policy version that you used to create the policy record.
For example, if you created a policy record by using a traffic policy version that has a DNS
type of A, you can't edit the policy record and choose a traffic policy version that has any
other value for DNS type.
If you want to route traffic to the following AWS resources, choose the applicable value:
• CloudFront distribution – Choose A: IP address in IPv4 format.

API Version 2013-04-01
236

Amazon Route 53 Developer Guide
Values that You Specify When You Create a Traffic Policy

• ELB load balancer – Choose either A: IP address in IPv4 format or AAAA: IP address in IPv6
format.
• Amazon S3 bucket configured as a website endpoint: Choose A: IP address in IPv4 format.
Connect to
Choose the applicable rule or endpoint based on the design for your configuration.
Weighted rule
Choose this option when you have multiple resources that perform the same function (for example,
web servers that serve the same website) and you want Amazon Route 53 to route traffic to
those resources in proportions that you specify (for example, 1/3rd to one server and 2/3rds to
the other).
For more information, see Weighted Routing (p. 179).
Failover rule
Choose this option when you want to configure active-passive failover, in which one resource
takes all traffic when it's available and the other resource takes all traffic when the first resource
isn't available.
For more information, see Configuring Active-Passive Failover by Using Amazon Route 53
Failover and Failover Alias Resource Record Sets (p. 273).
Geolocation rule
Choose this option when you want Amazon Route 53 to respond to DNS queries based on the
location of your users.
For more information, see Geolocation Routing (p. 181).
Latency rule
Choose this option when you have resources in multiple Amazon EC2 data centers that perform
the same function, and you want Amazon Route 53 to respond to DNS queries with the resources
that provide the best latency.
For more information, see Latency-Based Routing (p. 180).
Endpoint
Choose this option to specify the resource, such as a CloudFront distribution or an ELB load
balancer, that you want to route DNS queries to.
Existing rule
Choose this option when you want to route DNS queries to an existing rule in this traffic policy.
For example, you might create two or more geolocation rules that route queries for different
countries to the same failover rule. The failover rule might then routes queries to two ELB load
balancers.
This option isn't available if the traffic policy doesn't include any rules.
Existing endpoint
Choose this option when you want to route DNS queries to an existing endpoint. For example,
if you have two failover rules, you might want to route DNS requests for both On failover
(secondary) options to the same ELB load balancer.
This option isn't available if the traffic policy doesn't include any endpoints.
Value type
Choose the applicable option:
CloudFront distribution
Choose this option if you want to route traffic to a CloudFront distribution. The option is available
only if you chose A: IP address in IPv4 format for DNS type.
ELB load balancer
Choose this option if you want to route traffic to an ELB load balancer. The option is available
only if you chose either A: IP address in IPv4 format or AAAA: IP address in IPv6 format for
DNS type.

API Version 2013-04-01
237

Amazon Route 53 Developer Guide
Creating Additional Versions of a Traffic Policy

S3 website endpoint
Choose this option if you want to route traffic to an Amazon S3 bucket that is configured as a
website endpoint. The option is available only if you chose A: IP address in IPv4 format for
DNS type.
Type DNS type value
Choose this option if you want Amazon Route 53 to respond to DNS queries using the value in
the Value field. For example, if you chose A for the value of DNS type when you created this
traffic policy, this option in the Value type list will be Type A value. This requires that you enter
an IP address in IPv4 format in the Value field. Amazon Route 53 will respond to DNS queries
that are routed to this endpoint with the IP address in the Value field.
Value
Choose or type a value based on the option that you chose for Value type:
CloudFront distribution
Choose a CloudFront distribution from the list of distributions that are associated with the current
AWS account.
ELB load balancer
Choose an ELB load balancer from the list of ELB load balancers that are associated with the
current AWS account.
S3 website endpoint
Choose an Amazon S3 bucket from the list of Amazon S3 buckets that are configured as website
endpoints and that are associated with the current AWS account.

Important
When you create a policy record based on this traffic policy, the bucket that you choose
here must match the domain name (such as www.example.com) that you specify for
Policy record DNS name in the policy record. If Value and Policy record DNS name
don't match, Amazon S3 won't respond to DNS queries for the domain name.
Type DNS type value
Enter a value that corresponds with the value that you specified for DNS type when you started
this traffic policy. For example, if you chose MX for DNS type, type two values: the priority that
you want to assign to a mail server and the domain name of the mail server, such as 10
sydney.mail.example.com.
For more information about supported DNS types, see Supported DNS Resource Record
Types (p. 4).

Creating Additional Versions of a Traffic Policy
When you edit a traffic policy, Amazon Route 53 automatically creates another version of the traffic policy
and retains the previous versions unless you choose to delete them. The new version has the same name
as the traffic policy that you're editing; it's distinguished from the original version by a version number
that Amazon Route 53 increments automatically. You can base the new version of a traffic policy on any
existing version of a traffic policy that has the same name.
Amazon Route 53 doesn't reuse version numbers for new versions of a given traffic policy. For example,
if you create three versions of MyTrafficPolicy, delete the last two versions, and then create another
version, the new version is version 4. By retaining the previous versions, Amazon Route 53 ensures that
you can roll back to a previous configuration if a new configuration doesn't route traffic as you wanted it
to.
To create a new traffic policy version, perform the following procedure.

To create another version of a traffic policy
1.

Sign in to the AWS Management Console and open the Amazon Route 53 console at https://
console.aws.amazon.com/route53/.
API Version 2013-04-01
238

Amazon Route 53 Developer Guide
Creating a Traffic Policy by Importing a JSON Document

2.
3.

In the navigation pane, choose Traffic policies.
Choose the name of the traffic policy that you want to create a new version of.

4.

In the Traffic policy versions table at the top of the page, select the check box for the traffic policy
version that you want to use as a basis for the new traffic policy version.

5.
6.

Choose Edit policy as new version.
On the Update description page, type a description for the new traffic policy version. We recommend
that you specify a description that distinguishes this version from other versions of the same traffic
policy. When you create a new policy record, the value that you specify appears in the list of available
versions for this traffic policy.
Choose Next.

7.
8.

Update the configuration as applicable. For more information, see Values that You Specify When
You Create a Traffic Policy (p. 236).
You can delete rules, endpoints, and branches of a traffic policy in the following ways:
• To delete a rule or an endpoint, click the x in the upper-right corner of the box.

Important
If you delete a rule that has child rules and endpoints, Amazon Route 53 also deletes all
of the children.
• If you connect two rules to the same child rule or endpoint and you want to delete one of the
connections, pause your cursor on the connection that you want to delete, and click the x for that
connection.

9. When you're finished editing, choose Save as new version.
10. Optional: Specify the settings to create one or more policy records in one hosted zone by using the
new traffic policy version. For more information, see Values that You Specify When You Create or
Update a Policy Record (p. 243). You can also create policy records later, either in the same hosted
zone or in additional hosted zones.
If you don't want to create policy records now, choose Skip this step, and the console displays the
list of traffic policies and policy records that you have created by using the current AWS account.
11. If you specified settings for policy records in the preceding step, choose Create policy record.

Creating a Traffic Policy by Importing a JSON
Document
You can create a new traffic policy or a new version of an existing traffic policy by importing a document
in JSON format that describes all of the endpoints and rules that you want to include in the traffic policy.
For information about the format of the JSON document and several examples that you can copy and
revise, see Traffic Policy Document Format in the Amazon Route 53 API Reference.
The easiest way to get the JSON-formatted document for an existing traffic policy version is to use the
get-traffic-policy command in the AWS CLI. For more information, see get-traffic-policy in the
AWS Command Line Interface Reference.

To create a traffic policy by importing a JSON document
1.
2.

Sign in to the AWS Management Console and open the Amazon Route 53 console at https://
console.aws.amazon.com/route53/.
To create a new traffic policy by importing a JSON document, perform the following steps:
a.

In the navigation pane, choose Traffic policies.
API Version 2013-04-01
239

Amazon Route 53 Developer Guide
Viewing Traffic Policy Versions and the Associated
Policy Records

b.
c.
d.

3.

4.
5.
6.
7.

Choose Create traffic policy.
On the Name policy page, specify the applicable values. For more information, see Values that
You Specify When You Create a Traffic Policy (p. 236).
Skip to step 4.

To create a new version of an existing traffic policy by importing a JSON document, perform the
following steps:
a.
b.
c.

In the navigation pane, choose Traffic policies.
Choose the name of the traffic policy that you want to base the new version on.
In the Traffic policy versions table, select the check box for the version that you want to base
the new version on.

d.
e.
f.

Choose Edit policy as new version.
On the Update description page, type a description for the new version.
Skip to step 4.

Choose Next.
Choose Import traffic policy.
Type a new traffic policy, paste an example traffic policy, or paste an existing traffic policy.
Choose Import traffic policy.

Viewing Traffic Policy Versions and the Associated
Policy Records
You can view all of the versions that you've created for a traffic policy as well as all of the policy records
that you've created by using each of the versions of the traffic policy.

To view traffic policy versions and the associated policy records
1.
2.
3.
4.

Sign in to the AWS Management Console and open the Amazon Route 53 console at https://
console.aws.amazon.com/route53/.
In the navigation pane, choose Traffic policies.
Choose the name of a traffic policy.
The top table lists all of the versions that you've created of a traffic policy. The table includes the
following information:
Version number
The number of each version of a traffic policy that you've created. If you choose the version
number, the console displays the configuration for that version.
Number of policy records
The number of policy records that you've created by using this traffic policy version.
DNS type
The DNS type that you specified when you created the traffic policy version.
Version description
The description that you specified when you created the traffic policy version.

5.

The bottom table lists all of the policy records that you've created by using the traffic policy versions
in the top table. The table includes the following information:

API Version 2013-04-01
240

Amazon Route 53 Developer Guide
Deleting Traffic Policy Versions and Traffic Policies

Policy record DNS name
The DNS names that you've associated the traffic policy with.
Status
Possible values include the following:
Applied
Amazon Route 53 has finished creating or updating a policy record and the corresponding
resource record sets.
Creating
Amazon Route 53 is creating the resource record sets for a new policy record.
Updating
You have updated a policy record and Amazon Route 53 is in the process of creating a new
group of resource record sets that will replace the existing group of resource record sets
for the specified DNS name.
Deleting
Amazon Route 53 is in the process of deleting a policy record and the associated resource
record sets.
Failed
Amazon Route 53 wasn't able to create or update the policy record and the associated
resource record sets.
Version used
Indicates the version of the traffic policy that you used to create the policy record.
DNS type
The DNS type of all of the resource record sets that Amazon Route 53 created for this policy
record. When you edit a policy record, you must specify a traffic policy version that has the same
DNS type as the DNS type for the policy record that you're editing.
TTL (in seconds)
The amount of time, in seconds, that you want DNS recursive resolvers to cache information
about this resource record set. If you specify a longer value (for example, 172800 seconds, or
two days), you pay less for Amazon Route 53 service because recursive resolvers send requests
to Amazon Route 53 less often. However, it takes longer for changes to the resource record
sets (for example, a new IP address) to take effect because recursive resolvers use the values
in their cache for longer periods instead of asking Amazon Route 53 for the latest information.

Deleting Traffic Policy Versions and Traffic Policies
To delete a traffic policy, you must delete all of the versions (including the original) that you've created
for the traffic policy. In addition, to delete a traffic policy version, you must delete all of the policy records
that you created by using the traffic policy version.

Caution
If you delete policy records that Amazon Route 53 is using to respond to DNS queries, Amazon
Route 53 will stop responding to queries for the corresponding DNS names. For example, if
Amazon Route 53 is using the policy record for www.example.com to respond to DNS queries
for www.example.com and you delete the policy record, your users will not be able to access
your website or web application by using the domain name www.example.com.
To delete traffic policy versions and, optionally, a traffic policy, perform the following procedure:

To delete traffic policy versions and a traffic policy
1.
2.

Sign in to the AWS Management Console and open the Amazon Route 53 console at https://
console.aws.amazon.com/route53/.
In the navigation pane, choose Traffic policies.
API Version 2013-04-01
241

Amazon Route 53 Developer Guide
Creating and Managing Policy Records

3.
4.

Choose the name of the traffic policy for which you want to delete traffic policy versions and that,
optionally, you want to delete completely.
If the traffic policy versions that you want to delete in the top table appear in the Version used column
in the bottom table, select the check boxes for the corresponding policy records in the bottom table.
For example, if you want to delete version 3 of a traffic policy but you created one of the policy records
in the bottom table by using version 3, select the check box for that policy record.

5.
6.

Choose Delete policy records.
Choose the refresh button for the bottom table to refresh the display until the policy records that you
deleted no longer appear in the table.

7.
8.
9.

In the top table, select the check boxes for the traffic policy versions that you want to delete.
Choose Delete version.
If you deleted all traffic policy versions in the preceding step and you want to delete the traffic policy,
too, choose the refresh button for the top table to refresh the display until the table is empty.

10. In the navigation pane, choose Traffic policies.
11. In the list of traffic policies, select the check box for the traffic policy that you want to delete.
12. Choose Delete traffic policy.

Creating and Managing Policy Records
You create policy records to apply the configuration that you created in a traffic policy to one or more
domain names or subdomain names.
Topics
• Creating Policy Records (p. 242)
• Values that You Specify When You Create or Update a Policy Record (p. 243)
• Updating Policy Records (p. 243)
• Deleting Policy Records (p. 244)

Creating Policy Records
To create a policy record, perform the following procedure.

Important
For each policy record that you create, you incur a monthly charge. If you later delete the policy
record, the charge is prorated. For more information, see Amazon Route 53 Pricing.

To create a policy record
1.
2.
3.
4.

Sign in to the AWS Management Console and open the Amazon Route 53 console at https://
console.aws.amazon.com/route53/.
In the navigation pane, choose Policy records.

5.

On the Policy records page, choose Create policy records.
On the Create policy records page, specify the applicable values. For more information, see Values
that You Specify When You Create or Update a Policy Record (p. 243).
Choose Create policy records.

6.

If you want to create policy records in another hosted zone, repeat steps 3 through 5.

API Version 2013-04-01
242

Amazon Route 53 Developer Guide
Values that You Specify When You Create or Update a
Policy Record

Values that You Specify When You Create or
Update a Policy Record
When you create or update a policy record, you specify the following values
• Traffic policy
• Version
• Hosted zone
• Policy record DNS name
• TTL
Traffic policy
Choose the traffic policy whose configuration you want to use for this policy record.
Version
Choose the version of the traffic policy whose configuration you want to use for this policy record.
If you're updating an existing policy record, you must choose a version for which the DNS type
matches the current DNS type of the policy record. For example, if the DNS type of the policy record
is A, you must choose a version for which the DNS type is A.
Hosted zone
Choose the hosted zone in which you want to create a policy record by using the specified traffic
policy and version. You can't change the value of Hosted zone after you create a policy record.
Policy record DNS name
When you're creating a policy record, type the domain name or subdomain name for which you want
Amazon Route 53 to respond to DNS queries by using the configuration in the specified traffic policy
and version.
To use the same configuration for more than one domain name or subdomain name in the specified
hosted zone, choose Add another policy record, and enter the applicable domain name or subdomain
name and TTL.
You can't change the value of Policy record DNS name after you create a policy record.
TTL (in seconds)
Type the amount of time, in seconds, that you want DNS recursive resolvers to cache information
about this resource record set. If you specify a longer value (for example, 172800 seconds, or two
days), you pay less for Amazon Route 53 service because recursive resolvers send requests to
Amazon Route 53 less often. However, it takes longer for changes to the resource record sets (for
example, a new IP address) to take effect because recursive resolvers use the values in their cache
for longer periods instead of asking Amazon Route 53 for the latest information.

Updating Policy Records
To update the settings in a policy record, perform the following procedure.

To update a policy record
1.
2.
3.

Sign in to the AWS Management Console and open the Amazon Route 53 console at https://
console.aws.amazon.com/route53/.
In the navigation pane, choose Policy records.
On the Policy records page, select the check box for the policy record that you want to update, and
choose Edit policy record.

API Version 2013-04-01
243

Amazon Route 53 Developer Guide
Deleting Policy Records

4.
5.
6.

On the Edit policy record page, specify the applicable values. For more information, see Values
that You Specify When You Create or Update a Policy Record (p. 243).
Choose Edit policy record.
If you want to update another policy record, repeat steps 3 through 5.

Deleting Policy Records
To delete policy records, perform the following procedure.

Caution
If you delete policy records that Amazon Route 53 is using to respond to DNS queries, Amazon
Route 53 will stop responding to queries for the corresponding DNS names. For example, if
Amazon Route 53 is using the policy record for www.example.com to respond to DNS queries
for www.example.com and you delete the policy record, your users will not be able to access
your website or web application by using the domain name www.example.com.

To delete a policy record
1.
2.
3.

Sign in to the AWS Management Console and open the Amazon Route 53 console at https://
console.aws.amazon.com/route53/.
In the navigation pane, choose Policy records.
On the Policy records page, select the check boxes for the policy records that you want to delete,
and choose Delete policy record.

API Version 2013-04-01
244

Amazon Route 53 Developer Guide
Creating, Updating, and Deleting Health Checks

Amazon Route 53 Health Checks
and DNS Failover
Amazon Route 53 health checks monitor the health and performance of your web applications, web
servers, and other resources. At regular intervals that you specify, Amazon Route 53 submits automated
requests over the Internet to your application, server, or other resource to verify that it's reachable,
available and functional.
You can configure a health check to make requests similar to those that your users make, such as
requesting a web page from a specific URL. You can also view the current and recent status of health
checks. If you want to receive a notification when an application or a resource becomes unavailable, you
can configure an Amazon CloudWatch alarm for each health check. For information about creating health
checks, see Creating, Updating, and Deleting Health Checks (p. 245). For information about viewing health
check status and receiving notifications, see Monitoring Health Check Status and Getting
Notifications (p. 255).
If you have multiple resources that perform the same function, for example, web servers or email servers,
and you want Amazon Route 53 to route traffic only to the resources that are healthy, you can configure
DNS failover by associating health checks with your resource record sets. If a health check determines
that the underlying resource is unhealthy, Amazon Route 53 routes traffic away from the associated
resource record set. For more information, see Configuring DNS Failover (p. 261).
Topics
•
•
•
•

Creating, Updating, and Deleting Health Checks (p. 245)
Monitoring Health Check Status and Getting Notifications (p. 255)
Configuring DNS Failover (p. 261)
Naming and Tagging Health Checks (p. 275)

• Using Health Checks with Amazon Route 53 API Versions Earlier than 2012-12-12 (p. 276)

Creating, Updating, and Deleting Health Checks
The procedures in the following topics explain how to create, update, and delete Amazon Route 53 health
checks.

API Version 2013-04-01
245

Amazon Route 53 Developer Guide
Creating and Updating Health Checks

Important
If you're updating or deleting health checks that are associated with resource record sets, review
the tasks in Updating or Deleting Health Checks when DNS Failover Is Configured (p. 253) before
you proceed.
Topics
• Creating and Updating Health Checks (p. 246)
• Deleting Health Checks (p. 253)
• Updating or Deleting Health Checks when DNS Failover Is Configured (p. 253)
• Configuring Router and Firewall Rules for Amazon Route 53 Health Checks (p. 254)
• How Amazon Route 53 Determines Whether an Endpoint Is Healthy (p. 254)

Creating and Updating Health Checks
The following procedure describes how to create and update health checks using the Amazon Route 53
console.
For information about creating health checks using the API, see POST CreateHealthCheck in the Amazon
Route 53 API Reference. For information about updating health checks using the API, see POST
UpdateHealthCheck, also in the Amazon Route 53 API Reference.

Note
Health checks are supported starting with the 2012-12-12 version of the Amazon Route 53 API.

To create or update a health check using the Amazon Route 53 console
1.
2.
3.
4.

5.
6.
7.

If you're updating health checks that are associated with resource record sets, perform the
recommended tasks in Updating or Deleting Health Checks when DNS Failover Is Configured (p. 253).
Sign in to the AWS Management Console and open the Amazon Route 53 console at https://
console.aws.amazon.com/route53/.
In the navigation pane, choose Health Checks.
If you want to update an existing health check, select the health check, and then choose Edit Health
Check.
If you want to create a health check, choose Create Health Check. For more information about each
setting, move the mouse pointer over a label to see its tooltip.
Enter the applicable values. Note that some values can't be changed after you create a health check.
For more information, see Values that You Specify When You Create or Update Health Checks (p. 246).
Choose Create Health Check.
Associate the health check with one or more Amazon Route 53 resource record sets. For information
about creating and updating resource record sets, see Working with Resource Record Sets (p. 178).

Values that You Specify When You Create or Update Health
Checks
When you create or update health checks, you specify the applicable values. Note that you can't change
some values after you create a health check.
Topics
• Monitoring an Endpoint (p. 247)
• Monitoring Other Health Checks (Calculated Health Checks) (p. 249)
• Monitoring a CloudWatch Alarm (p. 250)

API Version 2013-04-01
246

Amazon Route 53 Developer Guide
Creating and Updating Health Checks

• Advanced Configuration ("Monitor an endpoint" Only) (p. 250)
• Get Notified When a Health Check Fails (p. 252)
• Values that Amazon Route 53 Displays (p. 253)
Name
Optional, but recommended: The name that you want to assign to the health check. If you specify a
value for Name, Amazon Route 53 adds a tag to the health check, assigns the value Name to the
tag key, and assigns the value that you specify to the tag value. The value of the Name tag appears
in the list of health checks in the Amazon Route 53 console, which lets you easily distinguish health
checks from one another.
For more information about tagging and health checks, see Naming and Tagging Health
Checks (p. 275).
What to monitor
Whether you want this health check to monitor an endpoint or the status of other health checks:
• Endpoint – Amazon Route 53 monitors the health of an endpoint that you specify.You can specify
the endpoint by providing either a domain name or an IP address and a port.

Note
If you specify a non-AWS endpoint, an additional charge applies. For more information,
including a definition of AWS endpoints, see Health Checks on the Amazon Route 53
Pricing page.
• Status of other health checks (calculated health check) – Amazon Route 53 determines whether
this health check is healthy based on the status of other health checks that you specify. You also
specify how many of the health checks need to be healthy for this health check to be considered
healthy.
• State of CloudWatch alarm – Amazon Route 53 determines whether this health check is healthy
based on the alarm state of a CloudWatch alarm.

Monitoring an Endpoint
If you want this health check to monitor an endpoint, specify the following values:
•
•
•
•
•

Specify endpoint by
Protocol
IP address
Host name
Port

• Domain name
• Path
Specify endpoint by
Whether you want to specify the endpoint using an IP address or using a domain name.
After you create a health check, you can't change the value of Specify endpoint by.
Protocol
The method that you want Amazon Route 53 to use to check the health of your endpoint:
• HTTP – Amazon Route 53 tries to establish a TCP connection. If successful, Amazon Route 53
submits an HTTP request and waits for an HTTP status code of 200 or greater and less than 400.
• HTTPS – Amazon Route 53 tries to establish a TCP connection. If successful, Amazon Route 53
submits an HTTPS request and waits for an HTTP status code of 200 or greater and less than
400.

API Version 2013-04-01
247

Amazon Route 53 Developer Guide
Creating and Updating Health Checks

Important
If you choose HTTPS, the endpoint must support TLS v1.0 or later.
If you choose HTTPS for the value of Protocol, an additional charge applies. For more information,
see Amazon Route 53 Pricing.
• TCP – Amazon Route 53 tries to establish a TCP connection.
For more information, see How Amazon Route 53 Determines Whether an Endpoint Is Healthy (p. 254).
After you create a health check, you can't change the value of Protocol.
IP address ("Specify endpoint by IP address" Only)
The IPv4 address of the endpoint on which you want Amazon Route 53 to perform health checks, if
you chose Specify endpoint by IP address.
Amazon Route 53 cannot check the health of endpoints for which the IP address is in local, private,
nonroutable, or multicast ranges. For more information about IP addresses for which you cannot
create health checks, see RFC 5735, Special Use IPv4 Addresses and RFC 6598, IANA-Reserved
IPv4 Prefix for Shared Address Space.
If the endpoint is an Amazon EC2 instance, we recommend that you create an Elastic IP address,
associate it with your Amazon EC2 instance, and specify the Elastic IP address. This ensures that
the IP address of your instance will never change. For more information, see Elastic IP Addresses
(EIP) in the Amazon EC2 User Guide for Linux Instances.

Note
If you specify a non-AWS endpoint, an additional charge applies. For more information,
including a definition of AWS endpoints, see Health Checks on the Amazon Route 53 Pricing
page.
Host name ("Specify endpoint by IP address" Only, HTTP and HTTPS Protocols Only)
The value that you want Amazon Route 53 to pass in the Host header in HTTP and HTTPS health
checks. This is typically the fully qualified DNS name of the website on which you want Amazon
Route 53 to perform health checks. When Amazon Route 53 checks the health of an endpoint, here
is how it constructs the Host header:
• If you specify a value of 80 for Port and HTTP for Protocol, Amazon Route 53 passes to the
endpoint a Host header that contains the value of Host name.
• If you specify a value of 443 for Port and HTTPS for Protocol, Amazon Route 53 passes to the
endpoint a Host header that contains the value of Host name.
• If you specify another value for Port and either HTTP or HTTPS for Protocol, Amazon Route 53
passes to the endpoint a Host header that contains the value Host name:Port.
If you choose to specify the endpoint by IP address and you don't specify a value for Host name,
Amazon Route 53 substitutes the value of IP address in the Host header in each of the preceding
cases.
Port
The port on the endpoint on which you want Amazon Route 53 to perform health checks.
Domain name ("Specify endpoint by domain name" Only, All Protocols)
The domain name of the endpoint on which you want Amazon Route 53 to perform health checks,
if you choose Specify endpoint by domain name.
If you choose to specify the endpoint by domain name, Amazon Route 53 sends a DNS request to
resolve the domain name that you specify in Domain name at the interval you specify in Request
interval. Using an IP address that DNS returns, Amazon Route 53 then checks the health of the
endpoint.
If you want to check the health of weighted, latency, geolocation routing, or failover resource record
sets, and you choose to specify the endpoint by domain name, we recommend that you create a
separate health check for each endpoint. For example, create a health check for each HTTP server

API Version 2013-04-01
248

Amazon Route 53 Developer Guide
Creating and Updating Health Checks

that is serving content for www.example.com. For the value of Domain name, specify the domain
name of the server (such as us-east-1-www.example.com), not the name of the resource record sets
(www.example.com).

Important
In this configuration, if you create a health check for which the value of Domain name
matches the name of the resource record sets and then associate the health check with
those resource record sets, health check results will be unpredictable.
In addition, if the value of Protocol is HTTP or HTTPS, Amazon Route 53 passes the value of Domain
name in the Host header as described in Host name, earlier in this list. If the value of Protocol is
TCP, Amazon Route 53 doesn't pass a Host header.

Note
If you specify a non-AWS endpoint, an additional charge applies. For more information,
including a definition of AWS endpoints, see Health Checks on the Amazon Route 53 Pricing
page.
Path (HTTP and HTTPS Protocols Only)
The path that you want Amazon Route 53 to request when performing health checks. The path can
be any value for which your endpoint will return an HTTP status code of 2xx or 3xx when the endpoint
is healthy, such as the file /docs/route53-health-check.html. Amazon Route 53 automatically
adds a leading / character.

Monitoring Other Health Checks (Calculated Health Checks)
If you want this health check to monitor the status of other health checks, specify the following values:
• Health checks to monitor
• Report healthy when
• Invert health check status
Health checks to monitor
The health checks that you want Amazon Route 53 to monitor to determine the health of this health
check.
You can add up to 256 health checks to Health checks to monitor. To remove a health check from
the list, choose the x at the right end of the highlight for that health check.

Note
You can't configure a calculated health check to monitor the health of other calculated health
checks.
Report healthy when
The calculation that you want Amazon Route 53 to perform to determine whether this health check
is healthy:
• Report healthy when at least x of y selected health checks are healthy – Amazon Route 53
considers this health check to be healthy when the specified number of health checks that you
added to Health checks to monitor are healthy. Note the following:
• If you specify a number greater than the number of health checks in Health checks to monitor,
Amazon Route 53 always considers this health check to be unhealthy.
• If you specify 0, Amazon Route 53 always considers this health check to be healthy.
• Report healthy when all health checks are healthy (AND) – Amazon Route 53 considers this
health check to be healthy only when all of the health checks that you added to Health checks to
monitor are healthy.
• Report healthy when one or more health checks are healthy (OR) – Amazon Route 53 considers
this health check to be healthy when at least one of the health checks that you added to Health
checks to monitor is healthy.
API Version 2013-04-01
249

Amazon Route 53 Developer Guide
Creating and Updating Health Checks

Invert health check status
Choose whether you want Amazon Route 53 to invert the status of a health check. If you choose this
option, Amazon Route 53 considers health checks to be unhealthy when the status is healthy and
vice versa.

Monitoring a CloudWatch Alarm
If you want this health check to monitor the alarm state of a CloudWatch alarm, specify the following
values:
• CloudWatch alarm
• Health check status
• Invert health check status
CloudWatch alarm
Choose the CloudWatch alarm that you want Amazon Route 53 to use to determine whether this
health check is healthy.
If you want to create a new alarm, perform the following steps:
1.
2.
3.
4.
5.

Choose create, and the CloudWatch console appears in a new browser tab.
Enter the applicable values. For more information, see Create an alarm in the Amazon
CloudWatch Developer Guide.
Return to the browser tab that the Amazon Route 53 console appears in.
Choose the refresh button next to the CloudWatch alarm list.
Choose the new alarm from the list.

Health check status
Choose the status of the health check when CloudWatch has insufficient data to determine the state
of the alarm that you chose in CloudWatch alarm. If you choose to use the last known status, Amazon
Route 53 uses the status of the health check from the last time CloudWatch had sufficient data to
determine the alarm state. For new health checks that have no last known status, the default status
for the health check is healthy.
Invert health check status
Choose whether you want Amazon Route 53 to invert the status of a health check. If you choose this
option, Amazon Route 53 considers health checks to be unhealthy when the status is healthy and
vice versa.

Advanced Configuration ("Monitor an endpoint" Only)
If you choose the option to monitor an endpoint, you can also specify the following settings:
• Request interval
• Failure threshold
• String matching
• Search string
•
•
•
•

Latency graphs
Enable SNI
Health checker regions
Invert health check status

API Version 2013-04-01
250

Amazon Route 53 Developer Guide
Creating and Updating Health Checks

Request interval
The number of seconds between the time that each Amazon Route 53 health checker gets a response
from your endpoint and the time that it sends the next health check request. If you choose an interval
of 30 seconds, each of the Amazon Route 53 health checkers in data centers around the world will
send your endpoint a health check request every 30 seconds. On average, your endpoint will receive
a health check request about every two seconds. If you choose an interval of 10 seconds, the endpoint
will receive a request more than once per second.
Note that Amazon Route 53 health checkers in different data centers don't coordinate with one
another, so you'll sometimes see several requests per second regardless of the interval you chose,
followed by a few seconds with no health checks at all.
After you create a health check, you can't change the value of Request interval.

Note
If you choose Fast (10 seconds) for the value of Request interval, an additional charge
applies. For more information, see Amazon Route 53 Pricing.
Failure threshold
The number of consecutive health checks that an endpoint must pass or fail for Amazon Route 53
to change the current status of the endpoint from unhealthy to healthy or vice versa. For more
information, see How Amazon Route 53 Determines Whether an Endpoint Is Healthy (p. 254).
String matching (HTTP and HTTPS Only)
Whether you want Amazon Route 53 to determine the health of an endpoint by submitting an HTTP
or HTTPS request to the endpoint and searching the response body for a specified string. If the
response body contains the value that you specify in Search string, Amazon Route 53 considers
the endpoint healthy. If not, or if the endpoint doesn't respond, Amazon Route 53 considers the
endpoint unhealthy. The search string must appear entirely within the first 5,120 bytes of the response
body.
After you create a health check, you can't change the value of String matching.

Note
If you choose Yes for the value of String matching, an additional charge applies. For more
information, see Amazon Route 53 Pricing.
Search string (Only When "String matching" Is Enabled)
The string that you want Amazon Route 53 to search for in the body of the response from your
endpoint. The maximum length is 255 characters.
Amazon Route 53 considers case when searching for Search string in the response body.
Latency graphs
Choose whether you want Amazon Route 53 to measure the latency between health checkers in
multiple AWS regions and your endpoint and to display Amazon CloudWatch latency graphs on the
Latency tab on the Health checks page in the Amazon Route 53 console. If Amazon Route 53
health checkers can't connect to the endpoint, Amazon Route 53 can't display latency graphs for that
endpoint.
After you create a health check, you can't change the value of Latency measurements.

Note
If you configure Amazon Route 53 to measure the latency between health checkers and
your endpoint, an additional charge applies. For more information, see Amazon Route 53
Pricing.
Enable SNI (HTTPS Only)
Specify whether you want Amazon Route 53 to send the host name to the endpoint in the
client_hello message during TLS negotiation. This allows the endpoint to respond to the HTTPS
request with the applicable SSL/TLS certificate.
Some endpoints require that HTTPS requests include the host name in the client_hello message.
If you don't enable SNI, the status of the health check will be SSL alert handshake_failure.
API Version 2013-04-01
251

Amazon Route 53 Developer Guide
Creating and Updating Health Checks

A health check can also have that status for other reasons. If SNI is enabled and you're still getting
the error, check the SSL/TLS configuration on your endpoint and confirm that your certificate is valid.
Note the following requirements:
• The endpoint must support SNI.
• The SSL/TLS certificate on your endpoint includes a domain name in the Common Name field and
possibly several more in the Subject Alternative Names field. One of the domain names in
the certificate must match the value that you specify for Host name.
Health checker regions
Choose whether you want Amazon Route 53 to check the health of the endpoint by using health
checkers in the recommended regions or by using health checkers in regions that you specify.
If you update a health check to remove a region that has been performing health checks, Amazon
Route 53 will briefly continue to perform checks from that region to ensure that some health checkers
are always checking the endpoint (for example, if you replace three regions with four different regions).
If you choose Customize, choose the x for a region to remove it. Click the space at the bottom of
the list to add a region back to the list. You must specify at least three regions.
Invert health check status
Choose whether you want Amazon Route 53 to invert the status of a health check. If you choose this
option, Amazon Route 53 considers health checks to be unhealthy when the status is healthy and
vice versa.

Get Notified When a Health Check Fails
Use the following options to configure email notification when a health check fails:
•
•
•
•

Create alarm
Send notification to
Topic name
Recipient email addresses

Create alarm (Only When Creating Health Checks)
Specify whether you want to create a default CloudWatch alarm. If you choose Yes, CloudWatch
sends you an Amazon SNS notification when the status of this endpoint changes to unhealthy and
Amazon Route 53 considers the endpoint unhealthy for one minute.
If you want to create an alarm for an existing health check or you want to receive notifications when
Amazon Route 53 considers the endpoint unhealthy for more or less than one minute (the default
value), select No, and add an alarm after you create the health check. For more information, see
Monitoring Health Checks Using CloudWatch (p. 257).
Send notification to (Only When Creating an Alarm)
Specify whether you want CloudWatch to send notifications to an existing Amazon SNS topic or to
a new one:
• Existing SNS topic – Select the name of the topic from the list
• New SNS topic – Enter a name for the topic in Topic name, and enter the email addresses that
you want to send notifications to in Recipients
Topic name (Only When Creating a New SNS Topic)
If you specified New SNS Topic, enter the name of the new topic.
Recipient email addresses (Only When Creating a New SNS Topic)
If you specified New SNS topic, enter the email addresses that you want to send notifications to.
Separate multiple names with commas (,), semicolons (;), or spaces.

API Version 2013-04-01
252

Amazon Route 53 Developer Guide
Deleting Health Checks

Values that Amazon Route 53 Displays
The Create Health Check page displays the following values based on the values that you entered:
URL
Either the full URL (for HTTP or HTTPS health checks) or the IP address and port (for TCP health
checks) to which Amazon Route 53 will send requests when performing health checks.
Health Check Type
Either Basic or Basic + additional options based on the settings that you specified for this health
check. For information about pricing for the additional options, see Amazon Route 53 Pricing.

Deleting Health Checks
To delete health checks, perform the following procedure.

To delete a health check using the Amazon Route 53 console
1.
2.
3.
4.
5.
6.

If you're deleting health checks that are associated with resource record sets, perform the
recommended tasks in Updating or Deleting Health Checks when DNS Failover Is Configured (p. 253).
Sign in to the AWS Management Console and open the Amazon Route 53 console at https://
console.aws.amazon.com/route53/.
In the navigation pane, choose Health Checks.
In the right pane, select the health check that you want to delete.
Choose Delete Health Check.
Choose Yes, Delete to confirm.

Updating or Deleting Health Checks when DNS
Failover Is Configured
When you want to update or delete health checks that are associated with resource record sets, or you
want to change resource record sets that have associated health checks, you must consider how your
changes affect routing of DNS queries and your DNS failover configuration.

Caution
Amazon Route 53 does not prevent you from deleting a health check even if the health check
is associated with one or more resource record sets. If you delete a health check and you don't
update the associated resource record sets, the future status of the health check cannot be
predicted and might change. This will affect the routing of DNS queries for your DNS failover
configuration.
To update or delete health checks that are already associated with resource record sets, we recommend
that you perform the following tasks:
1.

Identify the resource record sets that are associated with the health checks. To identify the resource
record sets that are associated with a health check, you must do one of the following:
• Review the resource record sets in each hosted zone using the Amazon Route 53 console. For
more information, see Listing Resource Record Sets (p. 233).
• Run the GET ListResourceRecordSets API action on each hosted zone and review the
response. For more information, see GET ListResourceRecordSets in the Amazon Route 53 API
Reference.

API Version 2013-04-01
253

Amazon Route 53 Developer Guide
Configuring Router and Firewall Rules for Amazon
Route 53 Health Checks

2.

Assess the change in behavior that will result from updating or deleting health checks, or from updating
resource record sets, and determine which changes to make. For more information, see the following
topics:
• What Happens When You Omit Health Checks? (p. 267)
• Configuring Active-Passive Failover by Using Amazon Route 53 Failover and Failover Alias
Resource Record Sets (p. 273)

3.

Change health checks and resource record sets as applicable. For more information, see the following
topics:
• Creating and Updating Health Checks (p. 246)
• Editing Resource Record Sets (p. 232)

4.

Delete the health checks that you're no longer using, if any. For more information about deleting
health checks using the console, see Deleting Health Checks (p. 253). For information about using
the Amazon Route 53 API, see DELETE DeleteHealthCheck in the Amazon Route 53 API Reference.

Configuring Router and Firewall Rules for Amazon
Route 53 Health Checks
When Amazon Route 53 checks the health of an endpoint, it sends an HTTP, HTTPS, or TCP request
to the IP address and port that you specified when you created the health check. For a health check to
succeed, your router and firewall rules must allow inbound traffic from the IP addresses that the Amazon
Route 53 health checkers use. (In Amazon EC2, security groups act as firewalls. For more information,
see Amazon EC2 Security Groups in the Amazon EC2 User Guide for Linux Instances.) For the current
list of IP addresses for Amazon Route 53 health checkers, see Forum Announcements at the top of
the Amazon Route 53 forum.
You can also get the IP addresses of Amazon Route 53 health checkers using the Amazon Route 53
API. For more information, see GET GetCheckerIpRanges in the Amazon Route 53 API Reference.

How Amazon Route 53 Determines Whether an
Endpoint Is Healthy
Amazon Route 53 determines whether the endpoint associated with a health check is healthy based on
response time and on the number of failed or passed health checks:
• HTTP and HTTPS health checks – Amazon Route 53 must be able to establish a TCP connection
with the endpoint within four seconds. In addition, the endpoint must respond with an HTTP status code
of 200 or greater and less than 400 within two seconds after connecting.
• TCP health checks – Amazon Route 53 must be able to establish a TCP connection with the endpoint
within ten seconds.
• HTTP and HTTPS health checks with string matching – As with HTTP and HTTPS health checks,
Amazon Route 53 must be able to establish a TCP connection with the endpoint within four seconds,
and the endpoint must respond with an HTTP status code of 200 or greater and less than 400 within
two seconds after connecting.
After an Amazon Route 53 health checker receives the HTTP status code, it must receive the response
body from the endpoint within the next two seconds. Amazon Route 53 searches the response body
for a string that you specify. The string must appear entirely in the first 5120 bytes of the response body
or the endpoint fails the health check. If you're using the Amazon Route 53 console, you specify the
API Version 2013-04-01
254

Amazon Route 53 Developer Guide
Monitoring Health Check Status and Getting Notifications

string in the Search String field. If you're using the Amazon Route 53 API, you specify the string in the
SearchString element when you create the health check.
• Calculated health checks – For health checks that monitor the status of other health checks, Amazon
Route 53 adds up the number of health checks that Amazon Route 53 health checkers consider to be
healthy. It then compares that number with the number of child health checks that must be healthy for
the status of the health check to be considered healthy.
• Health checks based on the state of CloudWatch alarms – If the state of a CloudWatch alarm is
OK, the health check is considered healthy. If the state is Alarm, the health check is considered
unhealthy. If CloudWatch doesn't have sufficient data to determine whether the state is OK or Alarm,
the health check status depends on the setting for Health check status: healthy, unhealthy, or last
known status. (In the Amazon Route 53 API, this setting is InsufficientDataHealthStatus.)
For more information, see Creating, Updating, and Deleting Health Checks (p. 245).
When you create a health check, here's what happens:
1.
2.

3.

4.

Amazon Route 53 propagates the health check configuration to the servers that perform health
checks in AWS data centers around the world.
A health-checking application (a health checker) in each data center sends a request to the endpoint
that you specify at the request interval that you specify: every 10 seconds or every 30 seconds. The
request interval is the number of seconds between the time that Amazon Route 53 gets a response
from your endpoint and the time that it sends the next health-check request.
When the endpoint either passes or fails a consecutive number of health checks that you specify
(the failure threshold), Amazon Route 53 updates the health status of the endpoint. Thereafter, the
health status of an endpoint changes from healthy to unhealthy (or vice versa) after it fails (or passes)
the same number of consecutive checks.
Each Amazon Route 53 health checker propagates the results of its health checks to Amazon
Route 53 DNS servers worldwide. If more than 18% of available health checkers report that an
endpoint is healthy, Amazon Route 53 responds to queries using the associated resource record
sets when applicable. If 18% of health checkers or fewer report that an endpoint is healthy, Amazon
Route 53 typically does not respond to queries using the associated resource record sets. The 18%
value might change in a future release.

Monitoring Health Check Status and Getting
Notifications
You monitor the status of your health checks on the Amazon Route 53 console. You can also set
CloudWatch alarms and get automated notifications when the status of your health check status changes.
Topics
• Viewing Health Check Status and the Reason for Health Check Failures (p. 255)
• Monitoring the Latency Between Health Checkers and Your Endpoint (p. 256)
• Monitoring Health Checks Using CloudWatch (p. 257)

Viewing Health Check Status and the Reason for
Health Check Failures
On the Amazon Route 53 console, you can view the status (healthy or unhealthy) of your health checks
as reported by Amazon Route 53 health checkers. For all health checks except calculated health checks,

API Version 2013-04-01
255

Amazon Route 53 Developer Guide
Monitoring the Latency Between Health Checkers and
Your Endpoint

you can also view the reason for the last health check failure, for example, health checkers were unable
to establish a connection with the endpoint.

To view the status and last failure reason for a health check (console)
1.

Sign in to the AWS Management Console and open the Amazon Route 53 console at https://
console.aws.amazon.com/route53/.

2.
3.

In the navigation pane, choose Health Checks.
For an overview of the status of all of your health checks—healthy or unhealthy—view the Status
column. For more information, see How Amazon Route 53 Determines Whether an Endpoint Is
Healthy (p. 254).
For all health checks except calculated health checks, you can view the status of the Amazon Route 53
health checkers that are checking the health of a specified endpoint. Select the health check.
In the bottom pane, choose the Health Checkers tab.

4.
5.

Note
New health checks must propagate to Amazon Route 53 health checkers before the health
check status and last failure reason appear in the Status column. Until propagation has
finished, the message in that column explains that no status is available.
6.

Choose whether you want to view the current status of the health check, or view the date and time
of the last failure and the reason for the failure. The table on the Status tab includes the following
values:
Health checker IP
The IP address of the Amazon Route 53 health checker that performed the health check.
Last checked
The date and time of the health check or the date and time of the last failure, depending on the
option that you select at the top of the Status tab.
Status
Either the current status of the health check or the reason for the last health check failure,
depending on the option that you select at the top of the Status tab.

Monitoring the Latency Between Health Checkers
and Your Endpoint
When you create a health check, if you choose to monitor the status of an endpoint (not the status of
other health checks) and you choose the Latency graphs option, you can view the following values on
CloudWatch graphs on the Amazon Route 53 console:
• The average time, in milliseconds, that it took Amazon Route 53 health checkers to establish a TCP
connection with the endpoint
• The average time, in milliseconds, that it took Amazon Route 53 health checkers to receive the first
byte of the response to an HTTP or HTTPS request
• The average time, in milliseconds, that it took Amazon Route 53 health checkers to complete the SSL
handshake

Note
You can't enable latency monitoring for existing health checks.

API Version 2013-04-01
256

Amazon Route 53 Developer Guide
Monitoring Health Checks Using CloudWatch

To view the latency between Amazon Route 53 health checkers and your endpoint (console)
1.

Sign in to the AWS Management Console and open the Amazon Route 53 console at https://
console.aws.amazon.com/route53/.

2.
3.
4.

In the navigation pane, choose Health Checks.
Select the rows for the applicable health checks. You can view latency data only for health checks
that monitor the status of an endpoint and for which the Latency graphs option is enabled.
In the bottom pane, choose the Latency tab.

5.

Choose the time range and the geographic region for which you want to display latency graphs.
The graphs display the status for the specified time range:
TCP connection time (HTTP and TCP only)
The average time, in milliseconds, that it took Amazon Route 53 health checkers in the selected
geographic region to establish a TCP connection with the endpoint.
Time to first byte (HTTP and HTTPS only)
The average time, in milliseconds, that it took Amazon Route 53 health checkers in the selected
geographic region to receive the first byte of the response to an HTTP or HTTPS request.
Time to complete SSL handshake (HTTPS only)
The average time, in milliseconds, that it took Amazon Route 53 health checkers in the selected
geographic region to complete the SSL handshake.

Note
If you select more than one health check, the graph displays a separate color-coded line
for each health check.
6.

To view a larger graph and specify different settings, click the graph. You can change the following
settings:
Statistic
Changes the calculation that CloudWatch performs on the data.
Time range
Displays the status of a health check over a different period, for example, overnight or last week.
Period
Changes the interval between data points in the graph.
Note the following:
• If you just created a health check, you might need to wait for a few minutes for data to appear in
the graph and for the health check metric to appear in the list of available metrics.
•
The graph doesn't refresh itself automatically. To update the display, choose the refresh (
)
icon.
• If health checks are failing for some reason, such as a connection timeout, Amazon Route 53 can't
measure latency, and latency data will be missing from the graph for the affected period.

Monitoring Health Checks Using CloudWatch
Amazon Route 53 health checks integrate with CloudWatch metrics so that you can do the following:
• Verify that a health check is properly configured.
• Review the status of a health check over a specified period of time.

API Version 2013-04-01
257

Amazon Route 53 Developer Guide
Monitoring Health Checks Using CloudWatch

• Configure CloudWatch to send an Amazon Simple Notification Service (Amazon SNS) alert when the
status of a health check is unhealthy. Note that several minutes might elapse between the time that a
health check fails and the time that you receive the associated Amazon SNS notification.
CloudWatch metrics are retained for two weeks.
For more information, see How Amazon Route 53 Determines Whether an Endpoint Is Healthy (p. 254).
• To view the status of a health check (console) (p. 258)
• To receive an Amazon SNS notification when a health check status is unhealthy (console) (p. 259)
• To view CloudWatch alarm status and edit alarms for Amazon Route 53 (console) (p. 260)
• To view Amazon Route 53 metrics on the CloudWatch console (p. 261)

To view the status of a health check (console)
1.
2.
3.
4.

Sign in to the AWS Management Console and open the Amazon Route 53 console at https://
console.aws.amazon.com/route53/.
In the navigation pane, choose Health Checks.
Choose the rows for the applicable health checks.
In the bottom pane, choose the Monitoring tab.
The two graphs display the status for the last hour in one-minute intervals:
Health check status
The graph shows the Amazon Route 53 assessment of endpoint health. 1 indicates healthy and
0 indicates unhealthy.
Health checkers that report the endpoint healthy (%)
For all health checks except calculated health checks, the graph shows the percentage of Amazon
Route 53 health checkers that consider the selected endpoint to be healthy.
Number of healthy child health checks
For calculated health checks only, the graph shows the number of child health checks for which
the status is healthy.

Note
If you selected more than one health check, the graph displays a separate color-coded line
for each health check.
5.

To view a larger graph and specify different settings, click the graph. You can change the following
settings:
Statistic
Changes the calculation that CloudWatch performs on the data.
Time range
Displays the status of a health check over a different period, for example, overnight or last week.
Period
Changes the interval between data points in the graph.
Note the following:
• If you just created a health check, you might need to wait for a few minutes for data to appear in
the graph and for the health check metric to appear in the list of available metrics.
•
The graph doesn't refresh itself automatically. To update the display, choose the refresh (
)
icon.

API Version 2013-04-01
258

Amazon Route 53 Developer Guide
Monitoring Health Checks Using CloudWatch

To receive an Amazon SNS notification when a health check status is unhealthy (console)
1.

In the navigation pane of the Amazon Route 53 console, choose Health Checks.

2.
3.

Choose the row for the applicable health check.
In the bottom pane, choose the Alarms tab.

4.
5.

The table lists the alarms that you've already created for this health check.
Choose Create Alarm.
Specify the following values:
Alarm name
Type the name that you want to see in the Name column in the table.
Alarm description
(Optional) Type a description of the alarm.
Send notification
Choose whether you want Amazon Route 53 to send you notification if the status of this health
check triggers an alarm.
Notification target (Only when "Send notification" is "Yes")
If you want CloudWatch to send notification to an existing Amazon SNS topic, choose the topic
from the list.
If you want CloudWatch to send notification but not to an existing Amazon SNS topic, do one of
the following:
• If you want CloudWatch to send email notification – Choose New SNS topic and continue
with this procedure.
• If you want CloudWatch to send notification by another method – Open a new browser
tab, go to the Amazon SNS console, and create the new topic. Then return to the Amazon
Route 53 console, choose the name of the new topic from the Notification target list, and
continue with this procedure.
Topic name (Only when you choose to create a new Amazon SNS topic)
Type a name for the new Amazon SNS topic.
Recipient email addresses (Only when you choose to create a new Amazon SNS topic)
Type the email address that you want Amazon Route 53 to send an Amazon SNS notification
to when a health check triggers an alarm.
Alarm target
Choose the value that you want Amazon Route 53 to evaluate for this health check:
• Health check status – Amazon Route 53 health checkers report that the health check is
healthy or unhealthy
• Health checkers that report the endpoint healthy (%) (all health checks except calculated
health checks) – The percentage of Amazon Route 53 health checkers that report that the
status of the health check is healthy
• Number of healthy child health checks (calculated health checks only) – The number of
child health checks in a calculated health check that report that the status of the health check
is healthy
• TCP connection time (HTTP and TCP health checks only) – The time in milliseconds that it
took Amazon Route 53 health checkers to establish a TCP connection with the endpoint
• Time to complete SSL handshake (HTTPS health checks only) – The time in milliseconds
that it took Amazon Route 53 health checkers to complete the SSL handshake
• Time to first byte (HTTP and HTTPS health checks only) – The time in milliseconds that it
took Amazon Route 53 health checkers to receive the first byte of the response to an HTTP
or HTTPS request

API Version 2013-04-01
259

Amazon Route 53 Developer Guide
Monitoring Health Checks Using CloudWatch

Alarm target
For the alarm targets that are based on latency (TCP connection time, Time to complete SSL
handshake, Time to first byte), choose whether you want CloudWatch to calculate latency for
Amazon Route 53 health checkers in a specific region or for all regions (Global).
Note that if you choose a region, Amazon Route 53 measures latency only twice per minute,
and the number of samples will be smaller than if you choose all regions. As a result, outlying
values are more likely. To prevent spurious alarm notifications, we recommend that you specify
a larger number of consecutive periods that the health check must fail before CloudWatch sends
you a notification.
Fulfill condition
Use the following settings to determine when CloudWatch should trigger an alarm:
Alarm Target

Recommended Con- Description
dition

Health check status

Minimum < 1

Amazon Route 53 health checkers report when
the endpoint is unhealthy.

Health checkers that Average < desired
report the endpoint percentage
healthy (%)

For health checks other than calculated health
checks, Amazon Route 53 considers the status
of a health check to be unhealthy when less
than 18% of health checkers report that the
status is healthy.

Number of healthy
child health checks

Minimum < desired
number of healthy
child health checks

The Minimum statistic returns the most conservative value and represents the worst-case
scenario.

TCP connection time Average > desired
time in milliseconds

Average is a more consistent value than other
statistics.

Time to complete
SSL handshake

Average > desired
time in milliseconds

Average is a more consistent value than other
statistics.

Time to first byte

Average > desired
time in milliseconds

Average is a more consistent value than other
statistics.

For at least x consecutive periods of y minutes/hours/day
Specify how many consecutive time periods that the specified value must meet the criteria before
Amazon Route 53 sends notification. Then specify the length of the time period.

6.
7.

When you choose Create, Amazon SNS sends you an email with information about the new Amazon
SNS topic.
In the email, choose Confirm subscription. You must confirm your subscription to begin receiving
CloudWatch notifications.

To view CloudWatch alarm status and edit alarms for Amazon Route 53 (console)
1.
2.
3.

In the navigation pane of the Amazon Route 53 console, choose Health Checks.
Choose the row for any health check.
In the details pane (following x Health Checks Selected), choose the right caret ( ) icon.
The CloudWatch Alarms list contains all of the Amazon Route 53 alarms that you have created
using the current AWS account.

API Version 2013-04-01
260

Amazon Route 53 Developer Guide
Configuring DNS Failover

The State column shows the current status of each alarm:
OK
CloudWatch has accumulated enough statistics from Amazon Route 53 health checks to
determine that the endpoint doesn't meet the alarm threshold.
INSUFFICIENT DATA
CloudWatch hasn't accumulated enough statistics to determine whether the endpoint meets the
alarm threshold. This is the initial state of a new alarm.
ALARM
CloudWatch has accumulated enough statistics from Amazon Route 53 health checks to
determine that the endpoint meets the alarm threshold and to send notification to the specified
email address.

4.

To view or edit settings for an alarm, choose the name of the alarm.

5.

To view an alarm in the CloudWatch console, which provides more detailed information about the
alarm (for example, a history of updates to the alarm and changes in status), choose View in the
More Options column for the alarm.
To view all of the CloudWatch alarms that you have created using the current AWS account, including
alarms for other AWS services, choose View All CloudWatch Alarms.
To view all of the available CloudWatch metrics, including metrics that aren't currently being used
by the current AWS account, choose View All CloudWatch Metrics.

6.
7.

To view Amazon Route 53 metrics on the CloudWatch console
1.
2.
3.
4.

Sign in to the AWS Management Console and open the CloudWatch console at https://
console.aws.amazon.com/cloudwatch/.
Change the current region to US East (N. Virginia). Amazon Route 53 metrics are not available if
you select any other region as the current region.
In the navigation pane, choose Route 53.
Under HealthCheckId, select the check boxes for the applicable metrics.

Configuring DNS Failover
When you have more than one resource performing the same function—for example, more than one
HTTP server or mail server—you can configure Amazon Route 53 to check the health of your resources
and respond to DNS queries using only the healthy resources. For example, suppose your website,
example.com, is hosted on 10 servers, two each in five data centers around the world. You can configure
Amazon Route 53 to check the health of those servers and to respond to DNS queries for example.com
using only the servers that are currently healthy.
You can set up a variety of failover configurations using Amazon Route 53 alias, weighted, latency,
geolocation routing, and failover resource record sets:
• Active-active failover: Use this failover configuration when you want all of your resources to be
available the majority of the time. When a resource becomes unavailable, Amazon Route 53 can detect
that it's unhealthy and stop including it when responding to queries.
• Active-passive failover: Use this failover configuration when you want a primary group of resources
to be available the majority of the time and you want a secondary group of resources to be on standby
in case all of the primary resources become unavailable. When responding to queries, Amazon Route 53
includes only the healthy primary resources. If all of the primary resources are unhealthy, Amazon
Route 53 begins to include only the healthy secondary resources in response to DNS queries.

API Version 2013-04-01
261

Amazon Route 53 Developer Guide
How Health Checks Work in Simple Amazon Route 53
Configurations

• Active-active-passive and other mixed configurations: You can combine alias and non-alias resource
record sets to produce a variety of Amazon Route 53 behaviors.
Amazon Route 53 can check the health of your resources in both simple and complex configurations:
• In all configurations, you create a group of resource record sets that all have the same name and type,
for example, a group of weighted resource record sets for example.com for which the type is A. You
then configure Amazon Route 53 to check the health of the corresponding resources. Amazon Route 53
responds to DNS queries based on the health of your resources. For more information, see How Health
Checks Work in Simple Amazon Route 53 Configurations (p. 262).
• In more complex configurations, you use a combination of alias resource record sets, including weighted
alias, latency alias, geolocation alias, and failover alias resource record sets, to create a tree of resource
record sets. As with a simple configuration, you configure Amazon Route 53 to check the health of your
resources. However, you can also configure the alias resource record sets to respond to the status of
alias targets and to skip to another branch in the tree if all of the alias targets in one branch are unhealthy.
Complex configurations give you more control over how Amazon Route 53 responds to your requests.
For example, you might use latency-based routing to select a region close to a user and use an ELB
load balancer within each region to protect against the failure of a single endpoint or an availability
zone. For more information, see How Health Checks Work in Complex Amazon Route 53
Configurations (p. 264).

How Health Checks Work in Simple Amazon
Route 53 Configurations
The simplest configuration for which checking the health of your resources is useful is when you have
two or more resources that are performing the same function. For example, you might have multiple
Amazon EC2 servers running HTTP server software responding to requests for the example.com website.
In Amazon Route 53, you create a group of resource record sets that have the same name and type,
such as weighted resource record sets or latency resource record sets of type A.You create one resource
record set for each resource, and you configure Amazon Route 53 to check the health of the corresponding
resource. In this configuration, Amazon Route 53 chooses which resource record set will respond to a
DNS query for example.com and bases the choice in part on the health of your resources.
As long as all of the resources are healthy, Amazon Route 53 responds to queries using all of your
example.com weighted resource record sets. When a resource becomes unhealthy, Amazon Route 53
responds to queries using only the healthy resource record sets for example.com.
Here's an overview of how you configure Amazon Route 53 to check the health of your resources in this
simple configuration and how Amazon Route 53 responds to queries based on the health of your resources:
1.

You identify the resources whose health you want Amazon Route 53 to monitor. For example, you
might want to monitor all of the HTTP servers that respond to requests for example.com.

2.

You create health checks for your resources. A health check tells Amazon Route 53 how to send
requests to the endpoint whose health you want to check: which protocol to use (HTTP, HTTPS, or
TCP), which IP address and port to use, and, for HTTP/HTTPS health checks, a domain name and
path.
A common configuration is to create one health check for each resource and to use the same IP
address for the health check endpoint as for the resource. If the IP address for your HTTP server is
192.0.2.117, you create a health check for which the IP address is 192.0.2.117.

Note
Amazon Route 53 cannot check the health of endpoints for which the IP address is in local,
private, nonroutable, or multicast ranges. For more information about IP addresses for which

API Version 2013-04-01
262

Amazon Route 53 Developer Guide
How Health Checks Work in Simple Amazon Route 53
Configurations

you cannot create health checks, see RFC 5735, Special Use IPv4 Addresses and RFC
6598, IANA-Reserved IPv4 Prefix for Shared Address Space.

3.

4.

5.

For more information about creating health checks by using the Amazon Route 53 console, see
Creating, Updating, and Deleting Health Checks (p. 245). For information about creating health checks
by using the Route 53 API, see POST CreateHealthCheck in the Amazon Route 53 API Reference.
You might need to configure router and firewall rules so that Amazon Route 53 can send regular
requests to the endpoints that you specified in your health checks. For more information, see
Configuring Router and Firewall Rules for Amazon Route 53 Health Checks (p. 254).
You create a group of resource record sets for your resources, for example, a group of weighted
resource record sets that all have a type of A. You associate the health checks that you created in
step 2 with the corresponding resource record sets. When you're finished, your configuration looks
similar to the following diagram:

For more information about creating resource record sets by using the Amazon Route 53 console,
see Creating Resource Record Sets by Using the Amazon Route 53 Console (p. 184). For information
about creating resource record sets by using the Amazon Route 53 API, see POST
ChangeResourceRecordSets in the Amazon Route 53 API Reference.
Amazon Route 53 periodically sends a request to each endpoint that you specified when you created
your health checks; it doesn't perform the health check when it receives a DNS query. Based on the
responses, Amazon Route 53 decides whether the endpoints are healthy and uses that information
to determine how to respond to queries. For more information, see How Amazon Route 53 Determines
Whether an Endpoint Is Healthy (p. 254).

Important
Amazon Route 53 doesn't check the health of the resource specified in the resource record
set, such as the IP address specified in an A record for example.com. When you associate
a health check with a resource record set, Amazon Route 53 begins to check the health of
the endpoint that you specified in the health check.
6.

Here's what happens when Amazon Route 53 receives a query for example.com:
a.
b.
c.

d.

Amazon Route 53 chooses a resource record set based on the routing policy. In this case, it
chooses a resource record set based on weight.
It determines the current health of the selected resource record set by checking the status of
the health check for that resource record set.
If the selected resource record set is unhealthy, it repeats the process of choosing a resource
record set based on the routing policy. This time, the unhealthy resource record set isn't
considered.
It responds to the query with the selected healthy resource record set.

The following example shows a group of weighted resource record sets in which the third resource record
set is unhealthy. Initially, Amazon Route 53 selects a resource record set based on the weights of all
three resource record sets. If it happens to select the unhealthy resource record set the first time, Amazon
API Version 2013-04-01
263

Amazon Route 53 Developer Guide
How Health Checks Work in Complex Amazon Route 53
Configurations

Route 53 selects another resource record set, but this time it omits the weight of the third resource record
set from the calculation:
• When Amazon Route 53 initially selects from among all three resource record sets, it responds to
requests using the first resource record set about 20% of the time, 10/(10 + 20 + 20).
• When Amazon Route 53 determines that the third resource record set is unhealthy, it responds to
requests using the first resource record set about 33% of the time, 10/(10 + 20).

If you omit a health check from one or more resource record sets in a group of resource record sets,
Amazon Route 53 treats those resource record sets as healthy. Amazon Route 53 has no basis for
determining the health of the corresponding resource and might choose a resource record set for which
the resource is unhealthy.

How Health Checks Work in Complex Amazon
Route 53 Configurations
Checking the health of resources in complex configurations works much the same way as in simple
configurations. However, in complex configurations, you use a combination of alias resource record sets
(including weighted alias, latency alias, and failover alias) and nonalias resource record sets to build a
decision tree that gives you greater control over how Amazon Route 53 responds to requests. For more
information, see How Health Checks Work in Simple Amazon Route 53 Configurations (p. 262).
For example, you might use latency alias resource record sets to select a region close to a user and use
weighted resource record sets for two or more resources within each region to protect against the failure
of a single endpoint or an Availability Zone. The following diagram shows this configuration.

API Version 2013-04-01
264

Amazon Route 53 Developer Guide
How Health Checks Work in Complex Amazon Route 53
Configurations

Here's how Amazon EC2 and Amazon Route 53 are configured:
• You have Amazon EC2 instances in two regions, us-east-1 and ap-southeast-2. You want Amazon
Route 53 to respond to queries by using the resource record sets in the region that provides the lowest
latency for your customers, so you create a latency alias resource record set for each region. (You
create the latency alias resource record sets after you create resource record sets for the individual
Amazon EC2 instances.)
• Within each region, you have two Amazon EC2 instances. You create a weighted resource record set
for each instance. The name and the type are the same for both of the weighted resource record sets
in each region.
When you have multiple resources in a region, you can create weighted or failover resource record
sets for your resources. You can also create even more complex configurations by creating weighted
alias or failover alias resource record sets that, in turn, refer to multiple resources.
• Each weighted resource record set has an associated health check. The IP address for each health
check matches the IP address for the corresponding resource record set. This isn't required, but it's
the most common configuration.
• For both latency alias resource record sets, you set the value of Evaluate Target Health to Yes.
You use the Evaluate Target Health setting for each latency alias resource record set to make Amazon
Route 53 evaluate the health of the alias targets—the weighted resource record sets—and respond
accordingly.

API Version 2013-04-01
265

Amazon Route 53 Developer Guide
How Health Checks Work in Complex Amazon Route 53
Configurations

The preceding diagram illustrates the following sequence of events:
1.
2.

3.
4.
5.

Amazon Route 53 receives a query for example.com. Based on the latency for the user making the
request, Amazon Route 53 selects the latency alias resource record set for the us-east-1 region.
Amazon Route 53 selects a weighted resource record set based on weight. Evaluate Target Health
is Yes for the latency alias resource record set, so Amazon Route 53 checks the health of the selected
weighted resource record set.
The health check failed, so Amazon Route 53 chooses another weighted resource record set based
on weight and checks its health. That resource record set also is unhealthy.
Amazon Route 53 backs out of that branch of the tree, looks for the latency alias resource record
set with the next-best latency, and chooses the resource record set for ap-southeast-2.
Amazon Route 53 again selects a resource record set based on weight, and then checks the health
of the selected resource record set. The health check passed, so Amazon Route 53 returns the
applicable value in response to the query.

Topics
• What Happens When You Associate a Health Check with an Alias Resource Record Set? (p. 266)
• What Happens When You Omit Health Checks? (p. 267)
• What Happens When You Set Evaluate Target Health to No? (p. 268)

What Happens When You Associate a Health Check with an
Alias Resource Record Set?
You can associate a health check with an alias resource record set instead of or in addition to setting the
value of Evaluate Target Health to Yes. However, it's generally more useful if Amazon Route 53 responds

API Version 2013-04-01
266

Amazon Route 53 Developer Guide
How Health Checks Work in Complex Amazon Route 53
Configurations

to queries based on the health of the underlying resources—the HTTP servers, database servers, and
other resources that your alias resource record sets refer to. For example, suppose the following
configuration:
• You assign a health check to a latency alias resource record set for which the alias target is a group
of weighted resource record sets.
• You set the value of Evaluate Target Health to Yes for the latency alias resource record set.
In this configuration, both of the following must be true before Amazon Route 53 will return the applicable
value for a weighted resource record set:
• The health check associated with the latency alias resource record set must pass.
• At least one weighted resource record set must be considered healthy, either because it's associated
with a health check that passes or because it's not associated with a health check. In the latter case,
Amazon Route 53 always considers the weighted resource record set healthy.

If the health check for the latency alias resource record set fails, Amazon Route 53 stops responding to
queries using any of the weighted resource record sets in the alias target, even if they're all healthy.
Amazon Route 53 doesn't know the status of the weighted resource record sets because it never looks
past the failed health check on the alias resource record set.

What Happens When You Omit Health Checks?
In a complex configuration, it's important to associate health checks with all of the non-alias resource
record sets. Let's return to the preceding example, but assume that a health check is missing on one of
the weighted resource record sets in the us-east-1 region:

API Version 2013-04-01
267

Amazon Route 53 Developer Guide
How Health Checks Work in Complex Amazon Route 53
Configurations

Here's what happens when you omit a health check on a non-alias resource record set in this configuration:
1.
2.

3.

Amazon Route 53 receives a query for example.com. Based on the latency for the user making the
request, Amazon Route 53 selects the latency alias resource record set for the us-east-1 region.
Amazon Route 53 looks up the alias target for the latency alias resource record set, and checks the
status of the corresponding health checks. The health check for one weighted resource record set
failed, so that resource record set is omitted from consideration.
The other weighted resource record set in the alias target for the us-east-1 region has no health
check. The corresponding resource might or might not be healthy, but without a health check, Amazon
Route 53 has no way to know. Amazon Route 53 assumes that the resource is healthy and returns
the applicable value in response to the query.

What Happens When You Set Evaluate Target Health to No?
In general, you also want to set Evaluate Target Health to Yes for all of the alias resource record sets.
In the following example, all of the weighted resource record sets have associated health checks, but
Evaluate Target Health is set to No for the latency alias resource record set for the us-east-1 region:

API Version 2013-04-01
268

Amazon Route 53 Developer Guide
Task List for Configuring DNS Failover

Here's what happens when you set Evaluate Target Health to No for an alias resource record set in this
configuration:
1.
2.
3.

Amazon Route 53 receives a query for example.com. Based on the latency for the user making the
request, Amazon Route 53 selects the latency alias resource record set for the us-east-1 region.
Amazon Route 53 determines what the alias target is for the latency alias resource record set, and
checks the corresponding health checks. They're both failing.
Because the value of Evaluate Target Health is No for the latency alias resource record set for the
us-east-1 region, Amazon Route 53 must choose one resource record set in this branch instead of
backing out of the branch and looking for a healthy resource record set in the ap-southeast-2 region.

Task List for Configuring DNS Failover
To use Amazon Route 53 to configure DNS failover, perform the following tasks:
1.

Draw a complete diagram of your configuration, and indicate which type of resource record set you're
creating (weighted alias, failover, weighted, and so on) for each node:
• In a simple configuration, your diagram will include only weighted, latency, geolocation, or failover
resource record sets; it won't include any alias resource record sets.
• In a complex configuration, your diagram will include a combination of alias resource record sets
(weighted alias, latency alias, geolocation alias, and/or failover alias) and non-alias resource record
sets in a multi-level tree like the examples in the topic How Health Checks Work in Complex
Amazon Route 53 Configurations (p. 264).

API Version 2013-04-01
269

Amazon Route 53 Developer Guide
Configuring Failover in a Private Hosted Zone

2.

Create health checks for each Amazon EC2 server and each non-AWS resource, such as an email
server running in your data center, that you want to include in your configuration. You'll associate
these health checks with your non-alias resource record sets.
For more information, see Creating, Updating, and Deleting Health Checks (p. 245).

3.

Create all of the non-alias resource record sets in your diagram, and associate the health checks
that you created in step 2 with the applicable resource record sets.
You can associate health checks with resource record sets by using the Amazon Route 53 console
or the Amazon Route 53 API. For more information, see the applicable documentation:
• Using the Amazon Route 53 console: See Working with Resource Record Sets (p. 178).
• Using the Amazon Route 53 API: See POST ChangeResourceRecordSets in the Amazon
Route 53 API Reference.

Note
To quickly and easily create resource record sets for complex routing configurations and
associate the resource record sets with health checks, you can use the traffic flow visual
editor and save the configuration as a traffic policy. You can then associate the traffic policy
with one or more domain names (such as example.com) or subdomain names (such as
www.example.com), in the same hosted zone or in multiple hosted zones. In addition, you
can roll back the updates if the new configuration isn't performing as you expected it to. For
more information, see Using Traffic Flow to Route DNS Traffic (p. 234).

4.

5.

If you're configuring DNS failover in a simple configuration, with no alias resource record sets, skip
the remaining tasks.
Starting at the bottom of the tree diagram that you created in step 1, create the alias resource record
sets (including weighted, latency, geolocation routing, and failover alias resource record sets) for
which the alias target is one of the resource record sets that you created in step 3. If you want Amazon
Route 53 to try another branch of the tree when all of the non-alias resource record sets are unhealthy
in a branch of your tree, set the value of Evaluate Target Health to Yes for each of your alias resource
record sets.
If your tree diagram includes nodes for which you have not yet created alias resource record sets,
create the remaining alias resource record sets, working from the bottom of the tree toward the top.
Remember that you cannot create an alias resource record set if the alias target resource record set
doesn't exist yet.

Configuring Failover in a Private Hosted Zone
If you're creating failover resource record sets in a private hosted zone, note the following:
• Amazon Route 53 health checkers are outside the VPC. To check the health of an endpoint within a
VPC by IP address, you must assign a public IP address to the instance in the VPC.
• You can configure a health checker to check the health of an external resource that the instance relies
on, such as a database server.
• You can create a CloudWatch metric, associate an alarm with the metric, and then create a health
check that is based on the state of the alarm. For example, you might create a CloudWatch metric that
checks the status of the EC2 StatusCheckFailed metric, add an alarm to the metric, and then create
a health check that is based on the state of the alarm. For information about creating CloudWatch
metrics and alarms by using the CloudWatch console, see the Amazon CloudWatch Developer Guide.
For more information, see the following topics:

API Version 2013-04-01
270

Amazon Route 53 Developer Guide
Options for Configuring Amazon Route 53 Active-Active
and Active-Passive Failover

• Working with Private Hosted Zones (p. 171)
• Creating and Updating Health Checks (p. 246)
• Working with Resource Record Sets (p. 178)

Options for Configuring Amazon Route 53
Active-Active and Active-Passive Failover
You can configure Amazon Route 53 failover in a variety of ways by using different combinations of
Amazon Route 53 resource record sets. The following sections give a brief overview of how you can
configure simple active-active and active-passive failover.You can also create more complex configurations
by combining types of resource record sets in a larger tree. For more information, see How Health Checks
Work in Complex Amazon Route 53 Configurations (p. 264).
Topics
• Configuring Active-Active or Active-Passive Failover by Using Amazon Route 53 Weighted and
Weighted Alias Resource Record Sets (p. 271)
• Configuring Active-Active Failover by Using Amazon Route 53 Latency and Latency Alias Resource
Record Sets (p. 272)
• Configuring Active-Passive Failover by Using Amazon Route 53 Failover and Failover Alias Resource
Record Sets (p. 273)

Configuring Active-Active or Active-Passive Failover by
Using Amazon Route 53 Weighted and Weighted Alias
Resource Record Sets
If you add health checks to all of the resource record sets in a group of weighted resource record sets,
and you assign nonzero weights to all of the resource record sets, the Amazon Route 53 behavior results
in an active-active failover configuration. Any resource can be returned at any time in response to a DNS
query unless it's unhealthy.
Here's how Amazon Route 53 chooses a healthy resource record set:
1.
2.

3.

Amazon Route 53 selects a weighted resource record set based on the weights that you've assigned
to the resource record sets that have the same name and type.
Amazon Route 53 checks the current status of the health check that you associated with that resource
record set. (Amazon Route 53 periodically checks the health of the endpoint that is specified in a
health check; it doesn't perform the health check when the DNS query arrives.)
If the health check endpoint is healthy, Amazon Route 53 responds to the query with the applicable
value from the resource record set, such as an IP address.
If the health check endpoint is not healthy, Amazon Route 53 selects another weighted resource
record set and repeats the process until it finds a resource record set for which the health check
endpoint is healthy.

If you add health checks to all of the resource record sets in a group of weighted resource record sets,
but you give nonzero weights to some resource record sets and zero weights to others, the Amazon
Route 53 behavior results in an active-passive failover configuration. (If you want an active-passive failover
configuration, we recommend that you use failover resource record sets. For more information, see
Configuring Active-Passive Failover by Using Amazon Route 53 Failover and Failover Alias Resource
Record Sets (p. 273).) Health checks in this configuration work the same as in the active-active
configuration—when all resource record sets have nonzero weights—with the following exceptions:
API Version 2013-04-01
271

Amazon Route 53 Developer Guide
Options for Configuring Amazon Route 53 Active-Active
and Active-Passive Failover

• Amazon Route 53 initially considers only the nonzero weighted resource record sets, if any.
• If all of the resource record sets that have a weight greater than 0 are unhealthy, then Amazon Route 53
considers the zero-weighted resource record sets.
If a resource record set in a group of weighted resource record sets doesn't have an associated health
check, Amazon Route 53 always considers it healthy and always includes it among possible responses
to a query.
If none of the resource record sets in the group of weighted resource record sets are healthy, Amazon
Route 53 needs to return something in response to DNS queries, but it has no basis for choosing one
resource record set over another. In this circumstance, Amazon Route 53 considers all of the resource
record sets in the group to be healthy and selects one based on their assigned weights, omitting the
resource record sets that have a weight of 0.
You can also use weighted alias resource record sets to configure active-active or active-passive failover.
Weighting works the same way as with weighted resource record sets, but the health of a weighted alias
resource record set depends on the health of the alias target or targets. For example, suppose the alias
target for a weighted alias resource record set is a group of weighted resource record sets that all have
nonzero weights. As long as at least one of the weighted resource record sets is healthy, Amazon Route 53
considers the weighted alias resource record set to be healthy. If none of the weighted resource record
sets is healthy, Amazon Route 53 considers the weighted alias resource record set to be unhealthy.
Amazon Route 53 stops considering resource record sets in that branch of the tree until at least one
weighted resource record set becomes healthy again.
For more information about weighted resource record sets, see Weighted Routing (p. 179).

Configuring Active-Active Failover by Using Amazon
Route 53 Latency and Latency Alias Resource Record Sets
If you add health checks to all of the resource record sets in a group of latency resource record sets, the
Amazon Route 53 behavior results in an active-active failover configuration.
Amazon Route 53 considers the health and the latency of the resource record sets when choosing the
resource record set with which to respond to DNS queries:
1.
2.

3.

Amazon Route 53 selects a latency resource record set based on the latency between your users
and the Amazon EC2 regions in which you have resources.
Amazon Route 53 checks the current status of the health check that you associated with that resource
record set. (Amazon Route 53 periodically checks the health of the endpoint that is specified in a
health check; it doesn't perform the health check when the DNS query arrives.)
If the health check endpoint is healthy, Amazon Route 53 responds to the query with the applicable
value from the resource record set, for example, an IP address.
If the health check endpoint is not healthy, Amazon Route 53 selects the latency resource record
set with the next-best latency and repeats the process until it finds a resource record set for which
the health check endpoint is healthy.

If a resource record set in a group of latency resource record sets doesn't have a health check, Amazon
Route 53 always considers it healthy and always includes it among possible responses to a query.
If none of the resource record sets in a latency resource record set are healthy, Amazon Route 53 needs
to return something in response to DNS queries, but it has no basis for choosing one resource record set
over another. In this circumstance, Amazon Route 53 considers all of these resource record sets healthy
and selects a resource record set based on the latency between the user and each region.

API Version 2013-04-01
272

Amazon Route 53 Developer Guide
Options for Configuring Amazon Route 53 Active-Active
and Active-Passive Failover

You can also use latency alias resource record sets to configure active-active failover. Assuming that
you set Evaluate Target Health to true for all of your latency alias resource record sets, the health of a
latency alias resource record set depends on the health of the alias target or targets. For example, suppose
the alias target for a latency alias resource record set is a group of weighted resource record sets that
all have nonzero weights. As long as at least one of the weighted resource record sets is healthy, Amazon
Route 53 considers the latency alias resource record set to be healthy. If none of the weighted resource
record sets is healthy, Amazon Route 53 considers the latency alias resource record set to be unhealthy.
Amazon Route 53 stops considering resource record sets for that region (in that branch of the tree) until
at least one weighted resource record set becomes healthy again. For a more detailed explanation of
this configuration, see How Health Checks Work in Complex Amazon Route 53 Configurations (p. 264).
For more information about latency resource record sets, see Latency-Based Routing (p. 180).

Configuring Active-Passive Failover by Using Amazon
Route 53 Failover and Failover Alias Resource Record Sets
You can create an active-passive failover configuration by using failover resource record sets. You create
a primary and a secondary failover resource record set that have the same name and type, and you
associate a health check with each. The primary and secondary failover resource record sets can refer
to anything from an Amazon S3 bucket that is configured as a website to a complex tree of resource
record sets. When all of the resources that are referenced by the primary failover resource record set are
unhealthy, Amazon Route 53 automatically begins responding to queries by using the resources that are
referenced by the secondary failover resource record set.
For example, you might create a pair of failover resource record sets for example.com. After the
configuration is complete, Amazon Route 53 responds to queries for example.com based on the health
of the endpoints that you associated with the primary and secondary resource record sets. If you associate
health checks with both the primary and secondary failover resource record sets, here's how Amazon
Route 53 responds to requests:
• If Amazon Route 53 considers the primary resource record set healthy (if the health check endpoint is
healthy), Amazon Route 53 returns only the primary resource record set in response to a DNS query.
• If Amazon Route 53 considers the primary resource record set unhealthy and the secondary resource
record set healthy, Amazon Route 53 returns the secondary resource record set instead.
• If Amazon Route 53 considers both the primary and secondary resource record sets unhealthy, Amazon
Route 53 returns the primary resource record set.
When you're configuring the secondary resource record set, adding a health check is optional. If you omit
the health check for the secondary resource record set, and if the health check endpoint for the primary
resource record set is unhealthy, Amazon Route 53 always responds to DNS queries by using the
secondary resource record set. This is true even if the secondary is unhealthy. When there is no health
check on the secondary resource record set, Amazon Route 53 doesn't know that the associated resource
is unhealthy and always assumes that it's healthy.
Use failover resource record sets when you have two resources and you want one of the resources to
handle all requests whenever it's available. For example, you might have two HTTP servers running on
Amazon EC2 servers in different regions, and you want Amazon Route 53 to respond to queries with the
IP address of the HTTP server in the US West (Oregon) region whenever that server is available. You
specify that server in the primary failover resource record set, and you specify the server in the US West
(N. California) region in the secondary failover resource record set.
Use failover alias resource record sets when you have two groups of resource record sets (for example,
groups of weighted or latency resource record sets), and you want Amazon Route 53 to respond to queries
using resources in the primary group as long as at least one of those resources is available. If health
checks for all of the resources in the primary group are failing, Amazon Route 53 will begin to respond
to queries using resources in the secondary group.

API Version 2013-04-01
273

Amazon Route 53 Developer Guide
How Amazon Route 53 Averts Failover Problems

You can also combine a failover resource record set and a failover alias resource record set. Either
resource record set, the primary or the secondary, can be the failover alias resource record set. For
example, you might create a failover resource record set for a single HTTP server, and create a failover
alias resource record set for an Amazon S3 bucket that is configured as a website; in this configuration,
the Amazon S3 bucket might only display a message saying that your website is unavailable.
You can create failover and failover alias resource record sets using the Amazon Route 53 console or
the Amazon Route 53 API. For information about using the console, see Creating Resource Record Sets
by Using the Amazon Route 53 Console (p. 184). For information about using the Amazon Route 53 API,
see POST ChangeResourceRecordSets in the Amazon Route 53 API Reference.

How Amazon Route 53 Averts Failover Problems
The failover algorithms implemented by Amazon Route 53 are designed not only to route traffic to endpoints
that are healthy, but also to avoid making disaster scenarios worse due to misconfigured health checks
and applications, endpoint overloads, and partition failures.

How Amazon Route 53 Averts Cascading Failures
As a first defense against cascading failures, each request routing algorithm (weighted, latency, geolocation
routing, and failover) has a mode of last resort. In this special mode, when all resource record sets are
considered unhealthy, the Amazon Route 53 algorithm reverts to considering all resource record sets
healthy.
For example, if all instances of an application, on several hosts, are rejecting health check requests,
Amazon Route 53 DNS servers will choose an answer anyway and return it rather than returning no DNS
answer or returning an NXDOMAIN (non-existent domain) response. An application can respond to users
but still fail health checks, so this provides some protection against misconfiguration.
Similarly, if an application is overloaded, and one out of three endpoints fails its health checks, so that
it's excluded from Amazon Route 53 DNS responses, Amazon Route 53 distributes responses between
the two remaining endpoints. If the remaining endpoints are unable to handle the additional load and they
fail, Amazon Route 53 reverts to distributing requests to all three endpoints.

How Amazon Route 53 Handles Internet Partitions
Although uncommon, there are occasionally significant Internet partitions, meaning that large geographic
regions can't communicate with one another over the Internet. During these partitions, Amazon Route 53
locations might reach different conclusions about the health status of an endpoint and might differ from
the status reported to CloudWatch. Amazon Route 53 health checkers in each AWS region are constantly
sending health check statuses to all Amazon Route 53 locations. During Internet partitions, each Amazon
Route 53 location might have access only to a partial set of these statuses, usually from its closest regions.
For example, during an Internet partition that affects connectivity to and from South America, the Amazon
Route 53 DNS servers in the Amazon Route 53 South America (São Paulo) location might have good
access to the health check endpoints in the South America (São Paulo) AWS region, but poor access to
endpoints elsewhere. At the same time, Amazon Route 53 in US East (N.Virginia) might have poor access
to health check endpoints in the South America (São Paulo) region, and conclude that the corresponding
resource record sets are unhealthy.
Partitions such as these can give rise to situations where Amazon Route 53 locations make different
conclusions about the health status of endpoints, based on their local visibility of those endpoints. This
is why each Amazon Route 53 location considers an endpoint healthy when only a portion of reachable
health checkers consider it healthy.

API Version 2013-04-01
274

Amazon Route 53 Developer Guide
Naming and Tagging Health Checks

Naming and Tagging Health Checks
You can add tags to Amazon Route 53 health checks, which lets you give each health check a name that
is more comprehensible than the health check ID. These are the same tags that AWS Billing and Cost
Management provides for organizing your AWS bill to reflect your own cost structure. For more information
about using tags for cost allocation, see Use Cost Allocation Tags for Custom Billing Reports in the AWS
Billing and Cost Management User Guide.
Each tag consists of a key (the name of the tag) and a value, both of which you define. When you add
tags to a health check, we recommend that you add one tag for which the key is Name and the value is
the name that you want to give to the health check. The value of the Name tag appears in the list of health
checks in the Amazon Route 53 console, which lets you readily distinguish health checks from one another.
You can view other tags in the console, but you need to select a health check to see tags other than the
Name tag.
For more information about tags, see the following topics:
• To add, edit, or delete the Name tag when you add or edit health checks in the Amazon Route 53
console, see Creating, Updating, and Deleting Health Checks (p. 245).
• To add, edit, or delete tags for health checks and hosted zones by using the Amazon Route 53 API,
see POST ChangeTagsForResource in the Amazon Route 53 API Reference.
• For an overview of tagging Amazon Route 53 resources, see Tagging Amazon Route 53
Resources (p. 302).

Tag Restrictions
The following basic restrictions apply to tags:
•
•
•
•

Maximum number of tags per resource – 10
Maximum Key length – 128 Unicode characters
Maximum Value length – 256 Unicode characters
Valid values for Key and Value – uppercase and lowercase letters in the UTF-8 character set, numbers,
space, and the following characters: _ . : / = + - and @
• Tag keys and values are case sensitive
• Don't use the aws: prefix for either keys or values; it's reserved for AWS use

Adding, Editing, and Deleting Tags for Health
Checks
The following procedures show you how to use tags for your health checks in the Amazon Route 53
console.

To add tags to health checks
1.
2.
3.
4.

Sign in to the AWS Management Console and open the Amazon Route 53 console at https://
console.aws.amazon.com/route53/.
In the navigation pane, choose Health Checks.
Select a health check, or select multiple health checks if you want to add the same tag to more than
one health check.
In the bottom pane, choose the Tags tab, and then choose Add/Edit Tags.

API Version 2013-04-01
275

Amazon Route 53 Developer Guide
Using API Versions Before 2012-12-12

5.
6.

In the Add/Edit Tags dialog box, enter a name for the tag in the Key field, and enter a value in the
Value field.
Choose Apply changes.

To edit tags for health checks
1.
2.

Sign in to the AWS Management Console and open the Amazon Route 53 console at https://
console.aws.amazon.com/route53/.
In the navigation pane, choose Health Checks.

3.

Select a health check.
If you select multiple health checks that share the same tag, you cannot edit the value for all the tags
simultaneously. Note, however, that you can edit the value of a tag that appears in multiple health
checks if you select health checks that have the tag and at least one than doesn't.

4.
5.
6.

For example, suppose you select multiple health checks that have a Cost Center tag and one that
doesn't. You choose the option to add a tag, and you specify Cost Center for the key and 777 for
the value. For the selected health checks that already have a Cost Center tag, Amazon Route 53
changes the value to 777. For the one health check that doesn't have a Cost Center tag, Amazon
Route 53 adds one and sets the value to 777.
In the bottom pane, choose the Tags tab, and then choose Add/Edit Tags.
In the Add/Edit Tags dialog box, edit the value.
Choose Save.

To delete tags for health checks
1.

4.
5.

Sign in to the AWS Management Console and open the Amazon Route 53 console at https://
console.aws.amazon.com/route53/.
In the navigation pane, choose Health Checks.
Select a health check, or select multiple health checks if you want to delete the same tag from more
than one health check.
In the bottom pane, choose the Tags tab, and then choose Add/Edit Tags.
In the Add/Edit Tags dialog box, choose the X next to the tag that you want to delete.

6.

Choose Save.

2.
3.

Using Health Checks with Amazon Route 53 API
Versions Earlier than 2012-12-12
Health checks are supported starting with the 2012-12-12 version of the Amazon Route 53 API. If a hosted
zone contains resource record sets for which health checks are configured, we recommend that you use
only the 2012-12-12 API or later. Note the following restrictions on using health checks with earlier API
versions.
• The ChangeResourceRecordSets action cannot create or delete resource record sets that include
the EvaluateTargetHealth, Failover, or HealthCheckId elements.
• The ListResourceRecordSets action can list resource record sets that include these elements, but
the elements are not included in the output. Instead, the Value element of the response contains a
message that says the resource record set includes an unsupported attribute.

API Version 2013-04-01
276

Amazon Route 53 Developer Guide
Authentication

Authentication and Access Control
for Amazon Route 53
To perform any operation on Amazon Route 53 resources, such as registering a domain or updating a
resource record set, AWS Identity and Access Management (IAM) requires you to authenticate that you're
an approved AWS user. If you're using the Amazon Route 53 console, you authenticate your identity by
providing your AWS user name and a password. If you're accessing Amazon Route 53 programmatically,
your application authenticates your identity for you by using access keys or by signing requests.
After you authenticate your identity, IAM controls your access to AWS by verifying that you have
permissions to perform operations and to access resources. If you are an account administrator, you can
use IAM to control the access of other users to the resources that are associated with your account.
This chapter explains how to use IAM and Amazon Route 53 to help secure your resources.
Topics
• Authentication (p. 277)
• Access Control (p. 278)

Authentication
You can access AWS as any of the following types of identities:
• AWS account root user – When you sign up for AWS, you provide an email address and password
that is associated with your AWS account. These are your root credentials and they provide complete
access to all of your AWS resources.

Important
For security reasons, we recommend that you use the root credentials only to create an
administrator user, which is an IAM user with full permissions to your AWS account. Then,
you can use this administrator user to create other IAM users and roles with limited permissions.
For more information, see IAM Best Practices and Creating an Admin User and Group in the
IAM User Guide.
• IAM user – An IAM user is simply an identity within your AWS account that has specific custom
permissions (for example, permissions to create a hosted zone in Amazon Route 53). You can use an

API Version 2013-04-01
277

Amazon Route 53 Developer Guide
Access Control

IAM user name and password to sign in to secure AWS webpages like the AWS Management Console,
AWS Discussion Forums, or the AWS Support Center.

In addition to a user name and password, you can also generate access keys for each user. You can
use these keys when you access AWS services programmatically, either through one of the several
SDKs or by using the AWS Command Line Interface (CLI). The SDK and CLI tools use the access
keys to cryptographically sign your request. If you don’t use the AWS tools, you must sign the request
yourself. Amazon Route 53 supports Signature Version 4, a protocol for authenticating inbound API
requests. For more information about authenticating requests, see Signature Version 4 Signing Process
in the AWS General Reference.

• IAM role – An IAM role is another IAM identity you can create in your account that has specific
permissions. It is similar to an IAM user, but it is not associated with a specific person. An IAM role
enables you to obtain temporary access keys that can be used to access AWS services and resources.
IAM roles with temporary credentials are useful in the following situations:

• Federated user access – Instead of creating an IAM user, you can use preexisting user identities
from AWS Directory Service, your enterprise user directory, or a web identity provider. These are
known as federated users. AWS assigns a role to a federated user when access is requested through
an identity provider. For more information about federated users, see Federated Users and Roles in
the IAM User Guide.

• Cross-account access – You can use an IAM role in your account to grant another AWS account
permissions to access your account’s resources. For an example, see Tutorial: Delegate Access
Across AWS Accounts Using IAM Roles in the IAM User Guide.

• AWS service access – You can use an IAM role in your account to grant an AWS service permissions
to access your account’s resources. For example, you can create a role that allows Amazon Redshift
to access an Amazon S3 bucket on your behalf and then load data stored in the bucket into an
Amazon Redshift cluster. For more information, see Creating a Role to Delegate Permissions to an
AWS Service in the IAM User Guide.

• Applications running on Amazon EC2 – Instead of storing access keys within the EC2 instance
for use by applications running on the instance and making AWS API requests, you can use an IAM
role to manage temporary credentials for these applications. To assign an AWS role to an EC2
instance and make it available to all of its applications, you can create an instance profile that is
attached to the instance. An instance profile contains the role and enables programs running on the
EC2 instance to get temporary credentials. For more information, see Using Roles for Applications
on Amazon EC2 in the IAM User Guide.

Access Control
To create, update, delete, or list Amazon Route 53 resources, you need permissions to perform the
operation, and you need permission to access the corresponding resources. In addition, to perform the
operation programmatically, you need valid access keys.
The following sections describe how to manage permissions for Amazon Route 53. We recommend that
you read the overview first.
API Version 2013-04-01
278

Amazon Route 53 Developer Guide
Overview of Managing Access

• Overview of Managing Access Permissions to Your Amazon Route 53 Resources (p. 279)
• Using Identity-Based Policies (IAM Policies) for Amazon Route 53 (p. 283)
• Amazon Route 53 API Permissions: Actions, Resources, and Conditions Reference (p. 288)

Overview of Managing Access Permissions to
Your Amazon Route 53 Resources
Every AWS resource is owned by an AWS account, and permissions to create or access a resource are
governed by permissions policies.

Note
An account administrator (or administrator user) is a user that has administrator privileges. For
more information about administrators, see IAM Best Practices in the IAM User Guide.
When you grant permissions, you decide who gets the permissions, the resources they get permissions
for, and the actions that they get permissions to perform.
Topics
• ARNs for Amazon Route 53 Resources (p. 279)
• Understanding Resource Ownership (p. 280)
• Managing Access to Resources (p. 280)
• Specifying Policy Elements: Resources, Actions, Effects, and Principals (p. 282)
• Specifying Conditions in a Policy (p. 282)

ARNs for Amazon Route 53 Resources
Amazon Route 53 supports a variety of resource types for DNS, health checking, and domain registration.
Most of these resources have unique Amazon Resource Names (ARNs). In a policy, you use an ARN to
identify the resource that the policy applies to.
The following table shows the resource types and their ARN formats.
Resource Type

ARN Format

Health Checks

arn:aws:route53:::healthcheck/health check id

Hosted Zones

arn:aws:route53:::hostedzone/hosted zone id

Geolocations (used when
creating geolocation resource record sets)

arn:aws:route53:::geolocation

Traffic Policies

arn:aws:route53:::trafficpolicy/traffic policy id

Traffic Policy Instances

arn:aws:route53:::trafficpolicyinstance/traffic policy
instance id

Reusable Delegation Sets

arn:aws:route53:::delegationset/delegation set id

Status of a Resource Record Set Change Batch
(API only)

arn:aws:route53:::change/change id

API Version 2013-04-01
279

Amazon Route 53 Developer Guide
Understanding Resource Ownership

Note
Not all Amazon Route 53 resources support permissions. You can't grant or deny access to the
following resources:
• Domains
• Individual resource record sets
• Tags for domains
• Tags for health checks
• Tags for hosted zones
Amazon Route 53 provides API actions to work with each of these types of resources. For more information,
see the Amazon Route 53 API Reference. For a list of actions and the ARN that you specify to grant or
deny permission to use each action, see Amazon Route 53 API Permissions: Actions, Resources, and
Conditions Reference (p. 288).

Understanding Resource Ownership
An AWS account owns the resources that are created in the account, regardless of who created the
resources. Specifically, the resource owner is the AWS account of the principal entity (that is, the root
account, an IAM user, or an IAM role) that authenticates the resource creation request.
The following examples illustrate how this works:
• If you use the root account credentials of your AWS account to create a hosted zone, your AWS account
is the owner of the resource.
• If you create an IAM user in your AWS account and grant permissions to create a hosted zone to that
user, the user can create a hosted zone. However, your AWS account, to which the user belongs, owns
the hosted zone resource.
• If you create an IAM role in your AWS account with permissions to create a hosted zone, anyone who
can assume the role can create a hosted zone. Your AWS account, to which the role belongs, owns
the hosted zone resource.

Managing Access to Resources
A permissions policy specifies who has access to what. This section explains the options for creating
permissions policies for Amazon Route 53. For general information about IAM policy syntax and
descriptions, see the AWS IAM Policy Reference in the IAM User Guide.
Policies attached to an IAM identity are referred to as identity-based policies (IAM policies), and policies
attached to a resource are referred to as resource-based policies. Amazon Route 53 supports only
identity-based policies (IAM policies).
Topics
• Identity-Based Policies (IAM Policies) (p. 280)
• Resource-Based Policies (p. 282)

Identity-Based Policies (IAM Policies)
You can attach policies to IAM identities. For example, you can do the following:
• Attach a permissions policy to a user or a group in your account – An account administrator can
use a permissions policy that is associated with a particular user to grant permissions for that user to
create Amazon Route 53 resources.
API Version 2013-04-01
280

Amazon Route 53 Developer Guide
Managing Access to Resources

• Attach a permissions policy to a role (grant cross-account permissions) – You can grant permission
to perform Amazon Route 53 actions to a user that was created by another AWS account. To do so,
you attach a permissions policy to an IAM role, and then you allow the user in the other account to
assume the role. The following example explains how this works for two AWS accounts, account A and
account B:
1. Account A administrator creates an IAM role and attaches to the role a permissions policy that grants
permissions to create or access resources that are owned by account A.
2. Account A administrator attaches a trust policy to the role. The trust policy identifies account B as
the principal that can assume the role.
3. Account B administrator can then delegate permissions to assume the role to users or groups in
Account B. This allows users in account B to create or access resources in account A.
For more information about how to delegate permissions to users in another AWS account, see Access
Management in the IAM User Guide.
The following example policy allows a user to perform the CreateHostedZone action to create a public
hosted zone for any AWS account:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"route53:CreateHostedZone"
],
"Resource":"arn:aws:route53:::hostedzone/*"
}
]
}

If you want the policy to also apply to private hosted zones, you need to grant permissions to use the
Amazon Route 53 AssociateVPCWithHostedZone action and two Amazon EC2 actions, DescribeVpcs
and DescribeRegion, as shown in the following example:
{
"Version": "2012-10-17",
"Statement": [
{
"Effect": "Allow",
"Action": [
"route53:CreateHostedZone",
"route53:AssociateVPCWithHostedZone",
],
"Resource":"arn:aws:route53:::hostedzone/*"
},
{
"Effect": "Allow",
"Action": [
"ec2:DescribeVpcs",
"ec2:DescribeRegion"
],
"Resource":"*"
},

API Version 2013-04-01
281

Amazon Route 53 Developer Guide
Specifying Policy Elements: Resources, Actions, Effects,
and Principals
]
}

For more information about attaching policies to identities for Amazon Route 53, see Using Identity-Based
Policies (IAM Policies) for Amazon Route 53 (p. 283). For more information about users, groups, roles,
and permissions, see Identities (Users, Groups, and Roles) in the IAM User Guide.

Resource-Based Policies
Other services, such as Amazon S3, also support attaching permissions policies to resources. For example,
you can attach a policy to an S3 bucket to manage access permissions to that bucket. Amazon Route 53
doesn't support attaching policies to resources.

Specifying Policy Elements: Resources, Actions,
Effects, and Principals
Amazon Route 53 includes API actions (see the Amazon Route 53 API Reference) that you can use on
each Amazon Route 53 resource (see ARNs for Amazon Route 53 Resources (p. 279)). You can grant a
user or a federated user permissions to perform any or all of these actions. Note that some API actions,
such as registering a domain, require permissions to perform more than one action.
The following are the basic policy elements:
• Resource – You use an Amazon Resource Name (ARN) to identify the resource that the policy applies
to. For more information, see ARNs for Amazon Route 53 Resources (p. 279).
• Action – You use action keywords to identify resource operations that you want to allow or deny. For
example, depending on the specified Effect, the route53:CreateHostedZone permission allows
or denies a user the ability to perform the Amazon Route 53 CreateHostedZone action.
• Effect – You specify the effect, either allow or deny, when a user tries to perform the action on the
specified resource. If you don't explicitly grant access to an action, access is implicitly denied. You can
also explicitly deny access to a resource, which you might do to make sure that a user cannot access
it, even if a different policy grants access.
• Principal – In identity-based policies (IAM policies), the user that the policy is attached to is the implicit
principal. For resource-based policies, you specify the user, account, service, or other entity that you
want to receive permissions (applies to resource-based policies only). Amazon Route 53 doesn't support
resource-based policies.
For more information about IAM policy syntax and descriptions, see the AWS IAM Policy Reference in
the IAM User Guide.
For a list showing all of the Amazon Route 53 API operations and the resources that they apply to, see
Amazon Route 53 API Permissions: Actions, Resources, and Conditions Reference (p. 288).

Specifying Conditions in a Policy
When you grant permissions, you can use the IAM policy language to specify when a policy should take
effect. For example, you might want a policy to be applied only after a specific date. For more information
about specifying conditions in a policy language, see Condition in the IAM User Guide.
To express conditions, you use predefined condition keys. There are no condition keys specific to Amazon
Route 53. However, there are AWS-wide condition keys that you can use as needed. For a complete list
of AWS-wide keys, see Available Keys for Conditions in the IAM User Guide.

API Version 2013-04-01
282

Amazon Route 53 Developer Guide
Using IAM Policies for Amazon Route 53

Using Identity-Based Policies (IAM Policies) for
Amazon Route 53
This topic provides examples of identity-based policies that demonstrate how an account administrator
can attach permissions policies to IAM identities (users, groups, and roles) and thereby grant permissions
to perform operations on Amazon Route 53 resources.

Important
We recommend that you first review the introductory topics that explain the basic concepts and
options to manage access to your Amazon Route 53 resources. For more information, see
Overview of Managing Access Permissions to Your Amazon Route 53 Resources (p. 279).
Topics
• Permissions Required to Use the Amazon Route 53 Console (p. 284)
• AWS Managed (Predefined) Policies for Amazon Route 53 (p. 286)
• Customer Managed Policy Examples (p. 286)
The following example shows a permissions policy. The Sid, or statement ID, is optional:
{
"Version": "2012-10-17",
"Statement": [
{
"Sid" : "AllowPublicHostedZonePermissions",
"Effect": "Allow",
"Action": [
"route53:CreateHostedZone",
"route53:UpdateHostedZoneComment",
"route53:GetHostedZone",
"route53:ListHostedZones",
"route53:ListHostedZonesByName",
"route53:GetHostedZoneCount",
"route53:DeleteHostedZone",
"route53:ChangeResourceRecordSets",
"route53:ListResourceRecordSets"
],
"Resource": "arn:aws:route53:::hostedzone/*"
},
{
"Sid": "AllowGeoResourceRecordSets",
"Effect": "Allow",
"Action": [
"route53:GetGeoLocation",
"route53:ListGeoLocations"
],
"Resource": "arn:aws:route53:::geolocation/*"
},
{
"Sid" : "AllowHealthCheckPermissions",
"Effect": "Allow",
"Action": [
"route53:CreateHealthCheck",
"route53:UpdateHealthCheck",
"route53:GetHealthCheck",

API Version 2013-04-01
283

Amazon Route 53 Developer Guide
Permissions Required to Use the Amazon Route 53
Console
"route53:ListHealthChecks",
"route53:DeleteHealthCheck",
"route53:GetCheckerIpRanges",
"route53:GetHealthCheckCount",
"route53:GetHealthCheckStatus",
"route53:GetHealthCheckLastFailureReason"
],
"Resource": "arn:aws:route53:::healthcheck/*"
}
]
}

The policy includes three statements:
• The first statement grants permissions to all the actions required to create and manage public hosted
zones and their resource record sets. The wildcard character (*) in the Amazon Resource Name (ARN)
grants access to all the hosted zones that are owned by the current AWS account.
• The second statement grants permissions to the actions that are required to create geolocation resource
record sets.
• The third statement grants permissions to all the actions that are required to create and manage health
checks.
For a list of actions and the ARN that you specify to grant or deny permission to use each action, see
Amazon Route 53 API Permissions: Actions, Resources, and Conditions Reference (p. 288).

Permissions Required to Use the Amazon Route 53
Console
To grant full access to the Amazon Route 53 console, you grant the permissions in the following
permissions policy:
{
"Version": "2012-10-17",
"Statement":[
{
"Effect":"Allow",
"Action":[
"route53:*",
"route53domains:*",
"cloudfront:ListDistributions",
"elasticloadbalancing:DescribeLoadBalancers",
"elasticbeanstalk:DescribeEnvironments",
"s3:ListBucket",
"s3:GetBucketLocation",
"s3:GetBucketWebsiteConfiguration",
"ec2:DescribeVpcs",
"ec2:DescribeRegions",
"sns:ListTopics",
"sns:ListSubscriptionsByTopic",
"sns:CreateTopic",
"cloudwatch:DescribeAlarms",
"cloudwatch:PutMetricAlarm",
"cloudwatch:DeleteAlarms",
"cloudwatch:GetMetricStatistics"

API Version 2013-04-01
284

Amazon Route 53 Developer Guide
Permissions Required to Use the Amazon Route 53
Console
],
"Resource":"*"
}
]
}

Here's why the permissions are required:
route53:*
Lets you perform all Amazon Route 53 actions except the following:

• Create and update alias resource record sets for which the value of Alias Target is a CloudFront
distribution, an Elastic Load Balancing load balancer, an Elastic Beanstalk environment, or an
Amazon S3 bucket. (With these permissions, you can create alias resource records sets for which
the value of Alias Target is another resource record set in the same hosted zone.)
• Work with private hosted zones.
• Work with domains.
• Create, delete, and view CloudWatch alarms.
• Render CloudWatch metrics in the Amazon Route 53 console.
route53domains:*
Lets you work with domains.

Important
If you list route53 actions individually, you must include route53:CreateHostedZone
to work with domains. When you register a domain, a hosted zone is created at the same
time, so a policy that includes permissions to register domains also requires permission to
create hosted zones.
For domain registration, Amazon Route 53 doesn't support granting or denying permissions to
individual resources.
cloudfront:ListDistributions
Lets you create and update alias resource record sets for which the value of Alias Target is a
CloudFront distribution.
These permissions aren't required if you aren't using the Amazon Route 53 console. Amazon Route 53
uses it only to get a list of distributions to display in the console.
elasticloadbalancing:DescribeLoadBalancers
Lets you create and update alias resource record sets for which the value of Alias Target is an ELB
load balancer.
These permissions aren't required if you aren't using the Amazon Route 53 console. Amazon Route 53
uses it only to get a list of load balancers to display in the console.
elasticbeanstalk:DescribeEnvironments
Lets you create and update alias resource record sets for which the value of Alias Target is an
Elastic Beanstalk environment.

These permissions aren't required if you aren't using the Amazon Route 53 console. Amazon Route 53
uses it only to get a list of environments to display in the console.
s3:ListBucket, s3:GetBucketLocation, and s3:GetBucketWebsiteConfiguration
Let you create and update alias resource record sets for which the value of Alias Target is an Amazon
S3 bucket. (You can create an alias to an Amazon S3 bucket only if the bucket is configured as a
website endpoint; s3:GetBucketWebsiteConfiguration gets the required configuration
information.)
These permissions aren't required if you aren't using the Amazon Route 53 console. Amazon Route 53
uses it only to get a list of buckets to display in the console.

API Version 2013-04-01
285

Amazon Route 53 Developer Guide
AWS Managed (Predefined) Policies for Amazon
Route 53
ec2:DescribeVpcs and ec2:DescribeRegions
Let you work with private hosted zones.
sns:ListTopics, sns:ListSubscriptionsByTopic, sns:CreateTopic,
cloudwatch:DescribeAlarms, cloudwatch:PutMetricAlarm, cloudwatch:DeleteAlarms
Let you create, delete, and view CloudWatch alarms.
cloudwatch:GetMetricStatistics
Lets you create CloudWatch metric health checks.

These permissions aren't required if you aren't using the Amazon Route 53 console. Amazon Route 53
uses it only to get statistics to display in the console.

AWS Managed (Predefined) Policies for Amazon
Route 53
AWS addresses many common use cases by providing standalone IAM policies that are created and
administered by AWS.These AWS managed policies grant necessary permissions for common use cases
so that you can avoid having to investigate what permissions are needed. For more information, see AWS
Managed Policies in the IAM User Guide. For Amazon Route 53, IAM provides four managed policies:
• AmazonRoute53FullAccess – Grants full access to Amazon Route 53 resources.
• AmazonRoute53ReadOnlyAccess – Grants read-only access to Amazon Route 53 resources.
• AmazonRoute53DomainsFullAccess – Grants full access to Amazon Route 53 domain registration
resources.
• AmazonRoute53DomainsReadOnlyAccess – Grants read-only access to Amazon Route 53 domain
registration resources.

Note
You can review these permissions policies by signing in to the IAM console and searching for
specific policies there. You can also create your own custom IAM policies to allow permissions
for Amazon Route 53 API operations. You can attach these custom policies to the IAM users or
groups that require those permissions.

Customer Managed Policy Examples
You can create your own custom IAM policies to allow permissions for Amazon Route 53 actions. You
can attach these custom policies to the IAM users or groups that require the specified permissions. These
policies work when you are using the Amazon Route 53 API, the AWS SDKs, or the AWS CLI. The
following examples show permissions for several common use cases. For the policy that grants a user
full access to Amazon Route 53, see Permissions Required to Use the Amazon Route 53 Console (p. 284).
Examples
• Example 1: Allow Read Access to All Hosted Zones (p. 286)
• Example 2: Allow Creation and Deletion of Hosted Zones (p. 287)
• Example 3: Allow Changes to Resource Record Sets in a Specified Hosted Zone (p. 287)
• Example 4: Allow Full Access to All Domains (Public Hosted Zones Only) (p. 288)

Example 1: Allow Read Access to All Hosted Zones
The following permissions policy grants the user permissions to list all hosted zones and view all the
resource record sets in a hosted zone.

API Version 2013-04-01
286

Amazon Route 53 Developer Guide
Customer Managed Policy Examples

{
"Version": "2012-10-17",
"Statement":[
{
"Effect":"Allow",
"Action":[
"route53:GetHostedZone",
"route53:ListResourceRecordSets"
],
"Resource":"arn:aws:route53:::hostedzone/*"
},
{
"Effect":"Allow",
"Action":["route53:ListHostedZones"],
"Resource":"*"
}
]
}

Example 2: Allow Creation and Deletion of Hosted Zones
The following permissions policy allows users to create and delete hosted zones, and to track the progress
of the change.
{
"Version": "2012-10-17",
"Statement":[
{
"Effect":"Allow",
"Action":["route53:CreateHostedZone"],
"Resource":"*"
},
{
"Effect":"Allow",
"Action":["route53:DeleteHostedZone"],
"Resource":"arn:aws:route53:::change/*"
},
{
"Effect":"Allow",
"Action":["route53:GetChange"],
"Resource":"arn:aws:route53:::change/*"
}
]
}

The value of Resource is * for CreateHostedZone because a hosted zone doesn't have an ID until
you create it.

Example 3: Allow Changes to Resource Record Sets in a
Specified Hosted Zone
The following permissions policy allows users to add, change, and delete resource record sets in a
specified hosted zone. It also allows users to request the status of changes:

API Version 2013-04-01
287

Amazon Route 53 Developer Guide
Amazon Route 53 API Permissions Reference

{
"Version": "2012-10-17",
"Statement":[
{
"Effect":"Allow",
"Action":["route53:ChangeResourceRecordSets"],
"Resource":"arn:aws:route53:::hostedzone/Z148QEXAMPLE8V"
},
{
"Effect":"Allow",
"Action":["route53:GetChange"],
"Resource":"arn:aws:route53:::change/*"
}
]
}

Example 4: Allow Full Access to All Domains (Public Hosted
Zones Only)
The following permissions policy allows users to perform all actions on domain registrations, including
permissions to register domains and create hosted zones.
{
"Version": "2012-10-17",
"Statement":[
{
"Effect":"Allow",
"Action":[
"route53domains:*",
"route53:CreateHostedZone"
],
"Resource":"*"
}
]
}

When you register a domain, a hosted zone is created at the same time, so a policy that includes
permissions to register domains also requires permissions to create hosted zones. (For domain registration,
Amazon Route 53 doesn't support granting permissions to individual resources.)
For information about permissions that are required to work with private hosted zones, see Permissions
Required to Use the Amazon Route 53 Console (p. 284).

Amazon Route 53 API Permissions: Actions,
Resources, and Conditions Reference
When you are setting up Access Control (p. 278) and writing a permissions policy that you can attach to
an IAM identity (identity-based policies), you can use the following lists as a reference. The lists include
each Amazon Route 53 API operation, the corresponding actions for which you can grant permissions
to perform the action, and the AWS resource for which you can grant the permissions. You specify the
actions in the policy's Action field, and you specify the resource value in the policy's Resource field.

API Version 2013-04-01
288

Amazon Route 53 Developer Guide
Required Permissions for Actions on Public Hosted
Zones

You can use AWS-wide condition keys in your Amazon Route 53 policies to express conditions. For a
complete list of AWS-wide keys, see Available Keys in the IAM User Guide.

Note
To specify an action, use the applicable prefix (route53: or route53domains) followed by
the API operation name (for example, route53:CreateHostedZone or
route53domains:RegisterDomain).
Topics
• Required Permissions for Actions on Public Hosted Zones (p. 289)
• Required Permissions for Actions on Private Hosted Zones (p. 290)
• Required Permissions for Actions on Reusable Delegation Sets (p. 290)
• Required Permissions for Actions on Resource Record Sets (p. 291)
• Required Permissions for Actions on Traffic Policies (p. 291)
• Required Permissions for Actions on Traffic Policy Instances (p. 292)
• Required Permissions for Actions on Health Checks (p. 293)
• Required Permissions for Actions on Domain Registrations (p. 293)
• Required Permissions for Actions on Tags for Hosted Zones and Health Checks (p. 295)
• Required Permissions for Actions on Tags for Domains (p. 295)

Required Permissions for Actions on Public
Hosted Zones
CreateHostedZone
Required Permissions (API Action): route53:CreateHostedZone
Resources: arn:aws:route53:::hostedzone/*
DeleteHostedZone
Required Permissions (API Action): route53:DeleteHostedZone
Resources: arn:aws:route53:::hostedzone/hosted zone ID
GetHostedZone
Required Permissions (API Action): route53:GetHostedZone
Resources: arn:aws:route53:::hostedzone/hosted zone ID
GetHostedZoneCount
Required Permissions (API Action): route53:GetHostedZoneCount
Resources: arn:aws:route53:::hostedzonecount
ListHostedZones
Required Permissions (API Action): route53:ListHostedZones
Resources: arn:aws:route53:::hostedzone/*
ListHostedZonesByName
Required Permissions (API Action): route53:ListHostedZonesByName
Resources: arn:aws:route53:::hostedzonesbyname
UpdateHostedZoneComment
Required Permissions (API Action): route53:UpdateHostedZoneComment
Resources: arn:aws:route53:::hostedzone/hosted zone ID

API Version 2013-04-01
289

Amazon Route 53 Developer Guide
Required Permissions for Actions on Private Hosted
Zones

Required Permissions for Actions on Private
Hosted Zones
CreateHostedZone
Required Permissions (API Action): route53:CreateHostedZone, ec2:DescribeVpcs,
ec2:DescribeRegions
Resources: arn:aws:route53:::hostedzone/*, arn:aws:ec2::optional account id:*
DeleteHostedZone
Required Permissions (API Action): route53:DeleteHostedZone
Resources: arn:aws:route53:::hostedzone/hosted zone ID
AssociateVPCWithHostedZone
Required Permissions (API Action): route53:AssociateVPCWithHostedZone
Resources: arn:aws:route53:::hostedzone/hosted zone ID/associatevpc
DisassociateVPCFromHostedZone
Required Permissions (API Action): route53:DisassociateVPCFromHostedZone
Resources: arn:aws:route53:::hostedzone/hosted zone ID/disassociatevpc
GetHostedZone
Required Permissions (API Action): route53:GetHostedZone
Resources: arn:aws:route53:::hostedzone/hosted zone ID
GetHostedZoneCount
Required Permissions (API Action): route53:GetHostedZoneCount
Resources: arn:aws:route53:::hostedzonecount
ListHostedZones
Required Permissions (API Action): route53:ListHostedZones
Resources: arn:aws:route53:::hostedzone/*
ListHostedZonesByName
Required Permissions (API Action): route53:ListHostedZonesByName
Resources: arn:aws:route53:::hostedzonesbyname
UpdateHostedZoneComment
Required Permissions (API Action): route53:UpdateHostedZoneComment
Resources: arn:aws:route53:::hostedzone/hosted zone ID

Required Permissions for Actions on Reusable
Delegation Sets
CreateReusableDelegationSet
Required Permissions (API Action): route53:CreateReusableDelegationSet
Resources: arn:aws:route53:::delegationset/*
DeleteReusableDelegationSet
Required Permissions (API Action): route53:DeleteReusableDelegationSet
Resources: arn:aws:route53:::delegationset/delegation set ID

API Version 2013-04-01
290

Amazon Route 53 Developer Guide
Required Permissions for Actions on Resource Record
Sets

GetReusableDelegationSet
Required Permissions (API Action): route53:GetReusableDelegationSet
Resources: arn:aws:route53:::delegationset/delegation set ID
ListReusableDelegationSets
Required Permissions (API Action): route53:ListReusableDelegationSets
Resources: arn:aws:route53:::delegationset/*

Required Permissions for Actions on Resource
Record Sets
ChangeResourceRecordSets
Required Permissions (API Action): route53:ChangeResourceRecordSets
Resources: arn:aws:route53:::hostedzone/hosted zone ID/rrset
GetChange
Required Permissions (API Action): route53:GetChange
Resources: arn:aws:route53:::change/change ID
GetGeoLocation
Required Permissions (API Action): route53:GetGeoLocation
Resources: arn:aws:route53:::geolocation/*
ListGeoLocations
Required Permissions (API Action): route53:ListGeoLocations
Resources: arn:aws:route53:::geolocations/*
ListResourceRecordSets
Required Permissions (API Action): route53:ListResourceRecordSets
Resources: arn:aws:route53:::hostedzone/hosted zone ID/rrset

Required Permissions for Actions on Traffic
Policies
CreateTrafficPolicy
Required Permissions (API Action): route53:CreateTrafficPolicy
Resources: arn:aws:route53:::trafficpolicy/*
CreateTrafficPolicyVersion
Required Permissions (API Action): route53:CreateTrafficPolicyVersion
Resources: arn:aws:route53:::trafficpolicy/traffic policy ID
DeleteTrafficPolicy
Required Permissions (API Action): route53:DeleteTrafficPolicy
Resources: arn:aws:route53:::trafficpolicy/traffic policy ID/traffic policy
version number
GetTrafficPolicy
Required Permissions (API Action): route53:GetTrafficPolicy

API Version 2013-04-01
291

Amazon Route 53 Developer Guide
Required Permissions for Actions on Traffic Policy
Instances

Resources: arn:aws:route53:::trafficpolicy/traffic policy ID/traffic policy
version number
ListTrafficPolicies
Required Permissions (API Action): route53:ListTrafficPolicies
Resources: arn:aws:route53:::trafficpolicies/*
ListTrafficPolicyVersions
Required Permissions (API Action): route53:ListTrafficPolicyVersions
Resources: arn:aws:route53:::trafficpolicy/traffic policy ID
UpdateTrafficPolicyComment
Required Permissions (API Action): route53:UpdateTrafficPolicyComment
Resources: arn:aws:route53:::trafficpolicy/*

Required Permissions for Actions on Traffic Policy
Instances
CreateTrafficPolicyInstance
Required Permissions (API Action): route53:CreateTrafficPolicyInstance
Resources: arn:aws:route53:::trafficpolicyinstance/*
DeleteTrafficPolicyInstance
Required Permissions (API Action): route53:DeleteTrafficPolicyInstance
Resources: arn:aws:route53:::trafficpolicyinstance/traffic policy instance ID
GetTrafficPolicyInstance
Required Permissions (API Action): route53:GetTrafficPolicyInstance
Resources: arn:aws:route53:::trafficpolicyinstance/traffic policy instance ID
GetTrafficPolicyInstanceCount
Required Permissions (API Action): route53:GetTrafficPolicyInstanceCount
Resources: arn:aws:route53:::trafficpolicyinstance/*
ListTrafficPolicyInstances
Required Permissions (API Action): route53:ListTrafficPolicyInstances
Resources: arn:aws:route53:::trafficpolicyinstance/*
ListTrafficPolicyInstancesByHostedZone
Required Permissions (API Action): route53:ListTrafficPolicyInstancesByHostedZone
Resources: arn:aws:route53:::trafficpolicyinstance/hosted zone ID
ListTrafficPolicyInstancesByPolicy
Required Permissions (API Action): route53:ListTrafficPolicyInstancesByPolicy
Resources: arn:aws:route53:::trafficpolicyinstance/traffic policy ID
UpdateTrafficPolicyInstance
Required Permissions (API Action): route53:UpdateTrafficPolicyInstance
Resources: arn:aws:route53:::trafficpolicyinstance/traffic policy instance ID

API Version 2013-04-01
292

Amazon Route 53 Developer Guide
Required Permissions for Actions on Health Checks

Required Permissions for Actions on Health
Checks
CreateHealthCheck
Required Permissions (API Action): route53:CreateHealthCheck
Resources: arn:aws:route53:::healthcheck/*
DeleteHealthCheck
Required Permissions (API Action): route53:DeleteHealthCheck
Resources: arn:aws:route53:::healthcheck/health check ID
GetCheckerIpRanges
Required Permissions (API Action): route53:GetCheckerIpRanges
Resources: arn:aws:route53:::checkeripranges/*
GetHealthCheck
Required Permissions (API Action): route53:GetHealthCheck
Resources: arn:aws:route53:::healthcheck/health check ID
GetHealthCheckCount
Required Permissions (API Action): route53:GetHealthCheckCount
Resources: arn:aws:route53:::healthcheck/*
GetHealthCheckLastFailureReason
Required Permissions (API Action): route53:GetHealthCheckLastFailureReason
Resources: arn:aws:route53:::healthcheck/health check ID
GetHealthCheckStatus
Required Permissions (API Action): route53:GetHealthCheckStatus
Resources: arn:aws:route53:::healthcheck/health check ID
ListHealthChecks
Required Permissions (API Action): route53:ListHealthChecks
Resources: arn:aws:route53:::healthcheck/*
UpdateHealthCheck
Required Permissions (API Action): route53:UpdateHealthCheck
Resources: arn:aws:route53:::healthcheck/health check ID

Required Permissions for Actions on Domain
Registrations
CheckDomainAvailability
Required Permissions (API Action): route53domains:CheckDomainAvailability
Resources: arn:aws:route53domains:::*
DisableDomainAutoRenew
Required Permissions (API Action): route53domains:DisableDomainAutoRenew
Resources: arn:aws:route53domains:::*

API Version 2013-04-01
293

Amazon Route 53 Developer Guide
Required Permissions for Actions on Domain
Registrations

DisableDomainTransferLock
Required Permissions (API Action): route53domains:DisableDomainTransferLock
Resources: arn:aws:route53domains:::*
EnableDomainAutoRenew
Required Permissions (API Action): route53domains:EnableDomainAutoRenew
Resources: arn:aws:route53domains:::*
EnableDomainTransferLock
Required Permissions (API Action): route53domains:EnableDomainTransferLock
Resources: arn:aws:route53domains:::*
GetContactReachabilityStatus
Required Permissions (API Action): route53domains:GetContactReachabilityStatus
Resources: arn:aws:route53domains:::*
GetDomainDetail
Required Permissions (API Action): route53domains:GetDomainDetail
Resources: arn:aws:route53domains:::*
GetOperationDetail
Required Permissions (API Action): route53domains:GetOperationDetail
Resources: arn:aws:route53domains:::*
ListDomains
Required Permissions (API Action): route53domains:ListDomains
Resources: arn:aws:route53domains:::*
ListOperations
Required Permissions (API Action): route53domains:ListOperations
Resources: arn:aws:route53domains:::*
RegisterDomain
Required Permissions (API Action): route53domains:RegisterDomain
Resources: arn:aws:route53domains:::*
ResendContactReachabilityEmail
Required Permissions (API Action): route53domains:ResendContactReachabilityEmail
Resources: arn:aws:route53domains:::*
RetrieveDomainAuthCode
Required Permissions (API Action): route53domains:RetrieveDomainAuthCode
Resources: arn:aws:route53domains:::*
TransferDomain
Required Permissions (API Action): route53domains:TransferDomain
Resources: arn:aws:route53domains:::*
UpdateDomainContact
Required Permissions (API Action): route53domains:UpdateDomainContact
Resources: arn:aws:route53domains:::*
UpdateDomainContactPrivacy
Required Permissions (API Action): route53domains:UpdateDomainContactPrivacy
Resources: arn:aws:route53domains:::*

API Version 2013-04-01
294

Amazon Route 53 Developer Guide
Required Permissions for Actions on Tags for Hosted
Zones and Health Checks

UpdateDomainNameservers
Required Permissions (API Action): route53domains:UpdateDomainNameservers
Resources: arn:aws:route53domains:::*
ViewBilling
Required Permissions (API Action): route53domains:ViewBilling
Resources: arn:aws:route53domains:::*

Required Permissions for Actions on Tags for
Hosted Zones and Health Checks
ChangeTagsForResource
Required Permissions (API Action): route53:ChangeTagsForResource
Resources: arn:aws:route53:::tags/[healthcheck | hostedzone]/[health check ID
| hosted zone ID]
ListTagsForResource
Required Permissions (API Action): route53:ListTagsForResource
Resources: arn:aws:route53:::tags/[healthcheck | hostedzone]/[health check ID
| hosted zone ID]
ListTagsForResources
Required Permissions (API Action): route53:ListTagsForResources
Resources: arn:aws:route53:::tags/[healthcheck | hostedzone]/*

Required Permissions for Actions on Tags for
Domains
DeleteTagsForDomain
Required Permissions (API Action): route53domains:DeleteTagsForDomain
Resources: arn:aws:route53domains:::tags/*
ListTagsForDomain
Required Permissions (API Action): route53domains:ListTagsForDomain
Resources: arn:aws:route53domains:::tags/*
UpdateTagsForDomain
Required Permissions (API Action): route53domains:UpdateTagsForDomain
Resources: arn:aws:route53domains:::tags/*

API Version 2013-04-01
295

Amazon Route 53 Developer Guide
Configuring CloudTrail for Amazon Route 53

Using AWS CloudTrail to Capture
Requests Sent to the Amazon
Route 53 API
Amazon Route 53 is integrated with CloudTrail, an AWS service that captures information about every
request that is sent to the Amazon Route 53 API by your AWS account, including your IAM users. CloudTrail
periodically saves log files of these requests to an Amazon S3 bucket that you specify. CloudTrail captures
information about all requests, whether they were made using the Amazon Route 53 console, the Amazon
Route 53 API, the AWS SDKs, the Amazon Route 53 CLI, or another service, such as AWS
CloudFormation.
You can use information in the CloudTrail log files to determine which requests were made to Amazon
Route 53, the source IP address from which each request was made, who made the request, when it
was made, and so on. To learn more about CloudTrail, including how to configure and enable it, see the
AWS CloudTrail User Guide.
Topics
• Configuring CloudTrail for Amazon Route 53 (p. 296)
• Amazon Route 53 Information in CloudTrail Log Files (p. 297)
• Understanding Amazon Route 53 Log File Entries (p. 297)

Configuring CloudTrail for Amazon Route 53
When you configure CloudTrail to capture information about API requests made by AWS accounts, you
start by choosing a region. For Amazon Route 53, you must choose US East (N. Virginia) as the region,
or you won't get any log entries for Amazon Route 53 API requests.

API Version 2013-04-01
296

Amazon Route 53 Developer Guide
Amazon Route 53 Information in CloudTrail Log Files

Amazon Route 53 Information in CloudTrail Log
Files
When you enable CloudTrail, CloudTrail captures every request made to every AWS service that CloudTrail
supports. (For a list of supported services, see Supported Services in the AWS CloudTrail User Guide.)
The log files aren't organized or sorted by service; each log file might contain records from more than
one service. CloudTrail determines when to create a new log file.
Every log file entry contains information about who made the request. The user identity information in the
log file helps you determine whether the request was made by a user with root or IAM user credentials,
by a user with temporary security credentials, or by another AWS service, such as AWS CloudFormation.
For more information, see userIdentity Element in the AWS CloudTrail User Guide.
You can store log files for as long as you want. You can also define Amazon S3 lifecycle rules to archive
or delete log files automatically.
By default, your log files are encrypted by using Amazon S3 server-side encryption (SSE).
If you want to review log files as soon as CloudTrail delivers them to your Amazon S3 bucket, you can
choose to have CloudTrail publish Amazon SNS notifications when new log files are delivered. For more
information, see Configuring Amazon SNS Notifications in the AWS CloudTrail User Guide.
You can also aggregate log files from multiple AWS regions and multiple AWS accounts into a single
Amazon S3 bucket. For more information, see Aggregating CloudTrail Log Files to a Single Amazon S3
Bucket in the AWS CloudTrail User Guide.

Understanding Amazon Route 53 Log File
Entries
Each JSON-formatted CloudTrail log file can contain one or more log entries. A log entry represents a
single request from any source and includes information about the requested action, including any
parameters, the date and time of the action, and so on. The log entries are not guaranteed to be in any
particular order; they are not an ordered stack trace of API calls.

Important
Don't use CloudTrail log entries to reconstruct a hosted zone or to revert a hosted zone to a prior
state. Although extremely rare, it is possible that an Amazon Route 53 API request is not
successfully recorded in the CloudTrail log. If you try to reproduce a hosted zone and a log entry
is missing, the resource record set that you don't create or update could adversely affect the
availability of your domain.
The eventName element identifies the action that occurred. CloudTrail supports all Amazon Route 53
API actions. The following example shows a CloudTrail log entry that demonstrates four actions:
• Listing the hosted zones that are associated with an AWS account
• Creating a health check
• Creating two resource record sets
• Deleting a hosted zone

{
"Records": [

API Version 2013-04-01
297

Amazon Route 53 Developer Guide
Understanding Amazon Route 53 Log File Entries

{
"apiVersion": "2013-04-01",
"awsRegion": "us-east-1",
"eventID": "1cdbea14-e162-43bb-8853-f9f86d4739ca",
"eventName": "ListHostedZones",
"eventSource": "route53.amazonaws.com",
"eventTime": "2015-01-16T00:41:48Z",
"eventType": "AwsApiCall",
"eventVersion": "1.02",
"recipientAccountId": "444455556666",
"requestID": "741e0df7-9d18-11e4-b752-f9c6311f3510",
"requestParameters": null,
"responseElements": null,
"sourceIPAddress": "192.0.2.92",
"userAgent": "Apache-HttpClient/4.3 (java 1.5)",
"userIdentity": {
"accessKeyId": "AKIAIOSFODNN7EXAMPLE",
"accountId": "111122223333",
"arn": "arn:aws:iam::111122223333:user/smithj",
"principalId": "A1B2C3D4E5F6G7EXAMPLE",
"type": "IAMUser",
"userName": "smithj"
}
},
{
"apiVersion": "2013-04-01",
"awsRegion": "us-east-1",
"eventID": "45ec906a-1325-4f61-b133-3ef1012b0cbc",
"eventName": "CreateHealthCheck",
"eventSource": "route53.amazonaws.com",
"eventTime": "2015-01-16T00:41:57Z",
"eventType": "AwsApiCall",
"eventVersion": "1.02",
"recipientAccountId": "444455556666",
"requestID": "79915168-9d18-11e4-b752-f9c6311f3510",
"requestParameters": {
"callerReference": "2014-05-06 64832",
"healthCheckConfig": {
"iPAddress": "192.0.2.249",
"port": 80,
"type": "TCP"
}
},
"responseElements": {
"healthCheck": {
"callerReference": "2014-05-06 64847",
"healthCheckConfig": {
"failureThreshold": 3,
"iPAddress": "192.0.2.249",
"port": 80,
"requestInterval": 30,
"type": "TCP"
},
"healthCheckVersion": 1,
"id": "b3c9cbc6-cd18-43bc-93f8-9e557example"
},
"location": "https://route53.amazonaws.com/2013-0401/healthcheck/b3c9cbc6-cd18-43bc-93f8-9e557example"

API Version 2013-04-01
298

Amazon Route 53 Developer Guide
Understanding Amazon Route 53 Log File Entries

},
"sourceIPAddress": "192.0.2.92",
"userAgent": "Apache-HttpClient/4.3 (java 1.5)",
"userIdentity": {
"accessKeyId": "AKIAIOSFODNN7EXAMPLE",
"accountId": "111122223333",
"arn": "arn:aws:iam::111122223333:user/smithj",
"principalId": "A1B2C3D4E5F6G7EXAMPLE",
"type": "IAMUser",
"userName": "smithj"
}
},
{
"additionalEventData": {
"Note": "Do not use to reconstruct hosted zone"
},
"apiVersion": "2013-04-01",
"awsRegion": "us-east-1",
"eventID": "883b14d9-2f84-4005-8bc5-c7bf0cebc116",
"eventName": "ChangeResourceRecordSets",
"eventSource": "route53.amazonaws.com",
"eventTime": "2015-01-16T00:41:43Z",
"eventType": "AwsApiCall",
"eventVersion": "1.02",
"recipientAccountId": "444455556666",
"requestID": "7081d4c6-9d18-11e4-b752-f9c6311f3510",
"requestParameters": {
"changeBatch": {
"changes": [
{
"action": "CREATE",
"resourceRecordSet": {
"name": "prod.example.com.",
"resourceRecords": [
{
"value": "192.0.1.1"
},
{
"value": "192.0.1.2"
},
{
"value": "192.0.1.3"
},
{
"value": "192.0.1.4"
}
],
"tTL": 300,
"type": "A"
}
},
{
"action": "CREATE",
"resourceRecordSet": {
"name": "test.example.com.",
"resourceRecords": [
{
"value": "192.0.1.1"

API Version 2013-04-01
299

Amazon Route 53 Developer Guide
Understanding Amazon Route 53 Log File Entries

},
{
"value": "192.0.1.2"
},
{
"value": "192.0.1.3"
},
{
"value": "192.0.1.4"
}
],
"tTL": 300,
"type": "A"
}
}
],
"comment": "Adding subdomains"
},
"hostedZoneId": "Z1PA6795UKMFR9"
},
"responseElements": {
"changeInfo": {
"comment": "Adding subdomains",
"id": "/change/C156SRE0X2ZB10",
"status": "PENDING",
"submittedAt": "Jan 16, 2015 12:41:43 AM"
}
},
"sourceIPAddress": "192.0.2.92",
"userAgent": "Apache-HttpClient/4.3 (java 1.5)",
"userIdentity": {
"accessKeyId": "AKIAIOSFODNN7EXAMPLE",
"accountId": "111122223333",
"arn": "arn:aws:iam::111122223333:user/smithj",
"principalId": "A1B2C3D4E5F6G7EXAMPLE",
"type": "IAMUser",
"userName": "smithj"
}
},
{
"apiVersion": "2013-04-01",
"awsRegion": "us-east-1",
"eventID": "0cb87544-ebee-40a9-9812-e9dda1962cb2",
"eventName": "DeleteHostedZone",
"eventSource": "route53.amazonaws.com",
"eventTime": "2015-01-16T00:41:37Z",
"eventType": "AwsApiCall",
"eventVersion": "1.02",
"recipientAccountId": "444455556666",
"requestID": "6d5d149f-9d18-11e4-b752-f9c6311f3510",
"requestParameters": {
"id": "Z1PA6795UKMFR9"
},
"responseElements": {
"changeInfo": {
"id": "/change/C1SIJYUYIKVJWP",
"status": "PENDING",
"submittedAt": "Jan 16, 2015 12:41:36 AM"

API Version 2013-04-01
300

Amazon Route 53 Developer Guide
Understanding Amazon Route 53 Log File Entries

}
},
"sourceIPAddress": "192.0.2.92",
"userAgent": "Apache-HttpClient/4.3 (java 1.5)",
"userIdentity": {
"accessKeyId": "AKIAIOSFODNN7EXAMPLE",
"accountId": "111122223333",
"arn": "arn:aws:iam::111122223333:user/smithj",
"principalId": "A1B2C3D4E5F6G7EXAMPLE",
"type": "IAMUser",
"userName": "smithj"
}
}
]
}

API Version 2013-04-01
301

Amazon Route 53 Developer Guide

Tagging Amazon Route 53
Resources
A tag is a label that you assign to an AWS resource. Each tag consists of a key and a value, both of which
you define. For example, the key might be "domain" and the value might be "example.com". You can use
tags for a variety of purposes; one common use is to categorize and track your Amazon Route 53 costs.
When you apply tags to Amazon Route 53 hosted zones, domains, and health checks, AWS generates
a cost allocation report as a comma-separated value (CSV) file with your usage and costs aggregated
by your tags. You can apply tags that represent business categories (such as cost centers, application
names, or owners) to organize your costs across multiple services. For more information about using
tags for cost allocation, see Use Cost Allocation Tags in the AWS Billing and Cost Management User
Guide.
For ease of use and best results, use Tag Editor in the AWS Management Console, which provides a
central, unified way to create and manage your tags. For more information, see Working with Tag Editor
in Getting Started with the AWS Management Console. For health checks, you can also apply tags in the
Amazon Route 53 console. For more information, see Naming and Tagging Health Checks (p. 275).
You can also apply tags to resources by using the Amazon Route 53 API. For more information, see
Tagging Hosted Zones and Health Checks and Tagging Domains in the Amazon Route 53 API Reference.

API Version 2013-04-01
302

Amazon Route 53 Developer Guide
Transitioning to Latency-Based Routing in Amazon
Route 53

Tutorials
Topics
• Transitioning to Latency-Based Routing in Amazon Route 53 (p. 303)
• Adding Another Region to Your Latency-Based Routing in Amazon Route 53 (p. 305)
• Using Latency and Weighted Resource Record Sets in Amazon Route 53 to Route Traffic to Multiple
Amazon EC2 Instances in a Region (p. 306)
• Managing Over 100 Weighted Resource Record Sets in Amazon Route 53 (p. 307)
• Weighting Fault-Tolerant Multi-Record Answers in Amazon Route 53 (p. 307)

Transitioning to Latency-Based Routing in
Amazon Route 53
With latency-based routing, Amazon Route 53 can direct your users to the lowest-latency AWS endpoint
available. For example, you may associate a DNS name like www.example.com with ELB load balancers
or with Amazon EC2 instances or Elastic IP addresses that are hosted in the US East (N. Virginia) and
EU (Ireland) regions. The Amazon Route 53 DNS servers decide, based on network conditions of the
past couple of weeks, which instances in which regions should serve particular users. A user in London
will likely be directed to the EU (Ireland) instance, a user in Chicago will likely be directed to the US East
(N. Virginia) instance, and so on. Amazon Route 53 supports latency-based routing for A, AAAA, TXT,
and CNAME resource record sets, as well as aliases to A and AAAA resource record sets.
For a smooth, low-risk transition, you can combine weighted and latency resource record sets to gradually
migrate from standard routing to latency-based routing with full control and rollback capability at each
stage. Let's consider an example in which www.example.com is currently hosted on an Amazon EC2
instance in the US East (N. Virginia) region. The instance has the Elastic IP address W.W.W.W. Suppose
you want to continue routing traffic to the US East (N. Virginia) region when applicable while also beginning
to direct users to additional Amazon EC2 instances in the US West (N. California) region (Elastic IP
X.X.X.X) and in the EU (Ireland) region (Elastic IP Y.Y.Y.Y). The Amazon Route 53 hosted zone for
example.com already has a resource record set for www.example.com that has a Type of A and a
Value (an IP address) of W.W.W.W.
When you're finished with the following example, you'll have two weighted alias resource record sets:
• You'll convert your existing resource record set for www.example.com into a weighted alias resource
record set that continues to direct the majority of your traffic to your existing Amazon EC2 instance in
the US East (N. Virginia) region.
API Version 2013-04-01
303

Amazon Route 53 Developer Guide
Transitioning to Latency-Based Routing in Amazon
Route 53

• You'll create another weighted alias resource record set that initially directs only a small portion of your
traffic to your latency resource record sets, which route traffic to all three regions.
By updating the weights in these weighted alias resource record sets, you can gradually shift from routing
traffic only to the US East (N. Virginia) region to routing traffic to all three regions in which you have
Amazon EC2 instances.

To Transition to Latency-Based Routing
1.

Make a copy of the resource record set for www.example.com, but use a new domain name, for
example, copy-www.example.com. Give the new resource record set the same Type (A) and Value
(W.W.W.W) as the resource record set for www.example.com.

2.

Update the existing A record for www.example.com to make it a weighted alias resource record set:
• For the value of Alias Target, specify copy-www.example.com.
• For the value of Weight, specify 100.
When you're finished with the update, Amazon Route 53 will continue to use this resource record
set to route all traffic to the resource that has an IP address of W.W.W.W.

3.

Create a latency resource record set for each of your Amazon EC2 instances, for example:
• US East (N. Virginia), Elastic IP address W.W.W.W
• US West (N. California), Elastic IP address X.X.X.X
• EU (Ireland), Elastic IP address Y.Y.Y.Y
Give all of the latency resource record sets the same domain name, for example,
www-lbr.example.com and the same type, A.
When you're finished creating the latency resource record sets, Amazon Route 53 will continue to
route traffic using the resource record set that you updated in Step 2.

4.

You can use www-lbr.example.com for validation testing, for example, to ensure that each endpoint
can accept requests.
Let's now add the www-lbr.example.com latency resource record set into the www.example.com
weighted resource record set and begin routing limited traffic to the corresponding Amazon EC2
instances. This means that the Amazon EC2 instance in the US East (N. Virginia) region will be
getting traffic from both weighted resource record sets.
Create another weighted alias resource record set for www.example.com:
• For the value of Alias Target, specify www-lbr.example.com.
• For the value of Weight, specify 1.
When you finish and your changes are synchronized to Amazon Route 53 servers, Amazon Route 53
will begin to route a tiny fraction of your traffic (1/101) to the Amazon EC2 instances for which you
created latency resource record sets in Step 3.

5.

As you develop confidence that your endpoints are adequately scaled for the incoming traffic, adjust
the weights accordingly. For example, if you want 10% of your requests to be based on latency-based
routing, change the weights to 90 and 10, respectively.

For more information about creating latency resource record sets, see Creating Resource Record Sets
by Using the Amazon Route 53 Console (p. 184).

API Version 2013-04-01
304

Amazon Route 53 Developer Guide
Adding Another Region to Your Latency-Based Routing
in Amazon Route 53

Adding Another Region to Your Latency-Based
Routing in Amazon Route 53
If you're using latency based routing and you want to add an instance in a new region, you can gradually
shift traffic to the new region in the same way that you gradually shifted traffic to latency-based routing
in Transitioning to Latency-Based Routing in Amazon Route 53 (p. 303).
For example, suppose you're using latency-based routing to route traffic for www.example.com, and you
want to add an Amazon EC2 instance in Asia Pacific (Tokyo) to your instances in US East (N. Virginia),
US West (N. California), and EU (Ireland). The following example procedure explains one way that you
could add an instance in another region.
For this example, the Amazon Route 53 hosted zone for example.com already has a weighted alias
resource record set for www.example.com that is routing traffic to the latency-based resource record
sets for www-lbr.example.com:
• US East (N. Virginia), Elastic IP address W.W.W.W
• US West (N. California), Elastic IP address X.X.X.X
• EU (Ireland), Elastic IP address Y.Y.Y.Y
The weighted alias resource record set has a weight of 100. After you transitioned to latency-based
routing, assume that you deleted the other weighted resource record set that you used for the transition.

To Add Another Region to Your Latency-Based Routing in Amazon Route 53
1.

Create four new latency-based resource record sets that include the three original regions as well
as the new region to which you want to start routing traffic.
• US East (N. Virginia), Elastic IP address W.W.W.W
• US West (N. California), Elastic IP address X.X.X.X
• EU (Ireland), Elastic IP address Y.Y.Y.Y
• Asia Pacific (Tokyo), Elastic IP address Z.Z.Z.Z
Give all of the latency resource record sets the same new domain name, for example,
www-lbr-2012-04-30.example.com, and the same type, A.
When you're finished creating the latency resource record sets, Amazon Route 53 will continue to
route traffic using the original weighted alias resource record set (www.example.com) and latency
resource record sets (www-lbr.example.com).

2.

You can use the www-lbr-2012-04-30.example.com resource record sets for validation testing,
for example, to ensure that each endpoint can accept requests.
Create a weighted alias resource record set for the new latency resource record sets:
• For the domain name, specify the name for the existing weighted alias resource record set,
www.example.com.
• For the value of Alias Target, specify www-lbr-2012-04-30.example.com.
• For the value of Weight, specify 1.
When you finish, Amazon Route 53 will begin to route a tiny fraction of your traffic (1/101) to the
Amazon EC2 instances for which you created the www-lbr-2012-04-30.example.com latency
resource record sets in Step 1. The remainder of the traffic will continue to be routed to the

API Version 2013-04-01
305

Amazon Route 53 Developer Guide
Using Latency and Weighted Resource Record Sets in
Amazon Route 53 to Route Traffic to Multiple Amazon
EC2 Instances in a Region
www-lbr.example.com latency resource record sets, which do not include the Amazon EC2 instance
in the Asia Pacific (Tokyo) region.

3.

As you develop confidence that your endpoints are adequately scaled for the incoming traffic, adjust
the weights accordingly. For example, if you want 10% of your requests to be routed to the latency
resource record sets that include the Tokyo region, change the weight for www-lbr.example.com
from 100 to 90 and the weight for www-lbr-2012-04-30.example.com from 1 to 10.

For more information about creating resource record sets, see Creating Resource Record Sets by Using
the Amazon Route 53 Console (p. 184).

Using Latency and Weighted Resource Record
Sets in Amazon Route 53 to Route Traffic to
Multiple Amazon EC2 Instances in a Region
If your application is running on Amazon EC2 instances in two or more Amazon EC2 regions, and if you
have more than one Amazon EC2 instance in one or more regions, you can use latency-based routing
to route traffic to the correct region and then use weighted resource record sets to route traffic to instances
within the region based on weights that you specify.
For example, suppose you have three Amazon EC2 instances with Elastic IP addresses in the US East
(N. Virginia) region and you want to distribute requests across all three IPs evenly for users for whom US
East (N. Virginia) is the appropriate region. Just one Amazon EC2 instance is sufficient in the other
regions, although you can apply the same technique to many regions at once.

To use latency and weighted resource record sets in Amazon Route 53 to route traffic to
multiple Amazon EC2 instances in a region
1.

Create a group of weighted resource record sets for the Amazon EC2 instances in the region. Note
the following:
• Give each weighted resource record set the same value for Name (for example,
us-east.example.com) and Type.
• For Value, specify the value of one of the Elastic IP addresses.
• If you want to weight the Amazon EC2 instances equally, specify the same value for Weight.
• Specify a unique value for Set ID for each resource record set.

2.

If you have multiple Amazon EC2 instances in other regions, repeat Step 1 for the other regions.
Specify a different value for Name in each region.

3.

For each region in which you have multiple Amazon EC2 instances (for example, US East (N.
Virginia)), create a latency alias resource record set. For the value of Alias Target, specify the value
of the Name field (for example, us-east.example.com) that you assigned to the weighted resource
record sets in that region.

4.

For each region in which you have one Amazon EC2 instance, create a latency resource record set.
For the value of Name, specify the same value that you specified for the latency alias resource record
sets that you created in Step 3. For Value, specify the Elastic IP address of the Amazon EC2 instance
in that region.

For more information about creating resource record sets, see Creating Resource Record Sets by Using
the Amazon Route 53 Console (p. 184).

API Version 2013-04-01
306

Amazon Route 53 Developer Guide
Managing Over 100 Weighted Resource Record Sets in
Amazon Route 53

Managing Over 100 Weighted Resource Record
Sets in Amazon Route 53
Amazon Route 53 lets you configure weighted resource record sets. For a given name and type (for
example, www.example.com, type A), you can configure up to 100 alternative responses, each with its
own weight. When responding to queries for www.example.com, Amazon Route 53 DNS servers select
a weighted random response to return to DNS resolvers. The value of a weighted resource record set
that has a weight of 2 is returned, on average, twice as often as the value of a weighted resource record
set that has a weight of 1.
If you need to direct traffic to more than 100 endpoints, one way to achieve this is to use a tree of weighted
alias resource record sets and weighted resource record sets. For example, the first "level" of the tree
may be up to 100 weighted alias resource record sets, each of which can, in turn, point to up to 100
weighted resource record sets. Amazon Route 53 permits up to three levels of recursion, allowing you
to manage up to 1,000,000 unique weighted endpoints.
A simple two-level tree might look like this:
Weighted alias resource record sets
• www.example.com aliases to www-a.example.com with a weight of 1
• www.example.com aliases to www-b.example.com with a weight of 1
Weighted resource record sets
• www-a.example.com, type A, value 192.0.2.1, weight 1
• www-a.example.com, type A, value 192.0.2.2, weight 1
• www-b.example.com, type A, value 192.0.2.3, weight 1
• www-b.example.com, type A, value 192.0.2.4, weight 1
For more information about creating resource record sets, see Working with Resource Record Sets (p. 178).

Weighting Fault-Tolerant Multi-Record Answers
in Amazon Route 53
An Amazon Route 53 weighted resource record set can only be associated with one record, meaning a
combination of one name (for example, example.com) and one record type (for example, A). But it is
often desirable to weight DNS responses that contain multiple records.
For example, you might have eight Amazon EC2 instances or Elastic IP endpoints for a service. If the
clients of that service support connection retries (as all common browsers do), then providing multiple IP
addresses in DNS responses provides those clients with alternative endpoints in the event of the failure
of any particular endpoint. You can even protect against the failure of an availability zone if you configure
responses to contain a mix of IPs hosted in two or more availability zones.
Multi-record answers are also useful when a large number of clients (for example, mobile web applications)
share a small set of DNS caches. In this case, multi-record answers allow clients to direct requests to
several endpoints even if they receive a common DNS response from the shared cache.

API Version 2013-04-01
307

Amazon Route 53 Developer Guide
Weighting Fault-Tolerant Multi-Record Answers in
Amazon Route 53

These types of weighted multi-record answers can be achieved by using a combination of resource record
sets and weighted alias resource record sets. You can group eight endpoints into two distinct record sets
containing four IP addresses each:
endpoint-a.example.com, type A, with the following values:

• 192.0.2.1
• 192.0.2.2
• 192.0.2.128
• 192.0.2.129
endpoint-b.example.com, type A, with the following values:

• 192.0.2.3
• 192.0.2.4
• 192.0.2.130
• 192.0.2.131
You can then create a weighted alias resource record set that points to each group:
• www.example.com aliases to endpoint-a.example.com, type A, weight 1
• www.example.com aliases to endpoint-b.example.com, type A, weight 1
For more information about creating resource record sets, see Working with Resource Record Sets (p. 178).

API Version 2013-04-01
308

Amazon Route 53 Developer Guide
Limits on API Requests

Limits
Amazon Route 53 API requests and entities are subject to the following limits.
Topics
• Limits on API Requests (p. 309)
• Limits on Entities (p. 310)

Limits on API Requests
Amazon Route 53 API requests are subject to the following limits.
ChangeResourceRecordSets requests

• A request cannot contain more than 100 Change elements.
• A request cannot contain more than 1000 ResourceRecord elements.
• The sum of the number of characters (including spaces) in all Value elements in a request cannot
exceed 32,000 characters.

Note
If the value of the Action element in a ChangeResourceRecordSets request is UPSERT
and the resource record set already exists, Amazon Route 53 automatically performs a
DELETE request and a CREATE request. When Amazon Route 53 calculates the number
of characters in the Value elements of a change batch request, it adds the number of
characters in the Value element of the resource record set being deleted and the number
of characters in the Value element of the resource record set being created.
Amazon Route 53 API requests
• All requests – Five requests per second per AWS account. If you submit more than five requests
per second, Amazon Route 53 returns an HTTP 400 error (Bad request). The response header
also includes a Code element with a value of Throttling and a Message element with a value
of Rate exceeded.
• ChangeResourceRecordSets requests – If Amazon Route 53 can't process a request before the
next request arrives, it will reject subsequent requests for the same hosted zone and return an
HTTP 400 error (Bad request). The response header also includes a Code element with a value
of PriorRequestNotComplete and a Message element with a value of The request was
rejected because Route 53 was still processing a prior request.
• CreateHealthCheck requests – You can submit a maximum of 1000 CreateHealthCheck requests
in a 24-hour period.
API Version 2013-04-01
309

Amazon Route 53 Developer Guide
Limits on Entities

Limits on Entities
Amazon Route 53 entities are subject to the following limits.
Entity

Limit

Hosted zones

500 per AWS account
Request a higher limit.

Domains

50 per AWS account
Request a higher limit.

Reusable delegation sets

100 per AWS account
Request a higher limit.

Hosted zones that can use the same
reusable delegation set

100
Request a higher limit.

Amazon VPCs that you can associate
with a private hosted zone

100
Request a higher limit.

Resource record sets

10,000 per hosted zone
Request a higher limit.

Weighted and geolocation resource record sets

100 resource record sets that have the same name and type

Resource records

100 per resource record set

Health checks

50 active health checks per AWS account
Request a higher limit.

Traffic policies

50 per AWS account
Request a higher limit.

Policy records

5 per AWS account
Request a higher limit.

API Version 2013-04-01
310

Amazon Route 53 Developer Guide
AWS Resources

Resources for Amazon Route 53
The following related resources can help you as you work with this service.
Topics
• AWS Resources (p. 311)
• Third-Party Tools and Libraries (p. 312)
• Graphical User Interfaces (p. 313)

AWS Resources
Several helpful guides, forums, and other resources are available from Amazon Web Services.
• Amazon Route 53 API Reference – A reference guide that includes the schema location; complete
descriptions of the API actions, parameters, and data types; and a list of errors that the service returns.
• Amazon Route 53 Release Notes – A high-level overview of the current release noting any new
features, corrections, and known issues.
• AWS::Route53::RecordSet Type in the AWS CloudFormation User Guide – A property for using
Amazon Route 53 with CloudFormation to create customized DNS names for your AWS CloudFormation
stacks.
• Discussion Forums – A community-based forum for developers to discuss technical questions related
to Amazon Route 53.
• AWS Support Center – This site brings together information about your recent support cases and results
from AWS Trusted Advisor and health checks, as well as providing links to discussion forums, technical
FAQs, the service health dashboard, and information about AWS support plans.
• AWS Premium Support Information – The primary web page for information about AWS Premium
Support, a one-on-one, fast-response support channel to help you build and run applications on AWS
Infrastructure Services.
• Contact Us – Links for inquiring about your billing or account. For technical questions, use the discussion
forums or support links above.
• Amazon Route 53 product information – The primary web page for information about Amazon
Route 53, including features, pricing, and more.
• AWS Training and Courses – Links to role-based and specialty courses as well as self-paced labs
to help sharpen your AWS skills and gain practical experience.

API Version 2013-04-01
311

Amazon Route 53 Developer Guide
Third-Party Tools and Libraries

• AWS Developer Tools – Links to developer tools and resources that provide documentation, code
samples, release notes, and other information to help you build innovative applications with AWS.
• AWS Support Center – The hub for creating and managing your AWS Support cases. Also includes
links to other helpful resources, such as forums, technical FAQs, service health status, and AWS
Trusted Advisor.
• AWS Support – The primary web page for information about AWS Support, a one-on-one, fast-response
support channel to help you build and run applications in the cloud.
• Contact Us – A central contact point for inquiries concerning AWS billing, account, events, abuse, and
other issues.
• AWS Site Terms – Detailed information about our copyright and trademark; your account, license, and
site access; and other topics.

Third-Party Tools and Libraries
In addition to AWS resources, you can find a variety of third-party tools and libraries that work with Amazon
Route 53.
• Amazon Route 53 to BIND Conversion Tool
A BIND zone file describes a DNS zone in a common text-based format. This Perl script converts the
XML-formatted text that is returned by the Amazon Route 53 ListResourceRecordSets API action
to BIND zone file format.
• Amazon Route 53 Zone Creation Tool
This Perl script generates CreatedHostedZoneRequest XML for a given zone origin to create a zone
in Amazon Route 53.
• AmazonRoute53AppsScript (via webos-goodies)
Google spreadsheet management of Amazon Route 53.
• AWS Component for .NET (via SprightlySoft)
SprightlySoft .NET Component for Amazon Web Services with support for REST operations and Amazon
Route 53.
• BIND to Amazon Route 53 Conversion Tool
A BIND zone file describes a DNS zone in a common text-based format. This Perl script converts a
BIND zone file to the XML-formatted text that is required by the Amazon Route 53
ChangeResourceRecordSets API action to add or remove records from Amazon Route 53.
• Boto API download (via github)
Boto Python interface to Amazon Web Services.
• cli53 (via github)
Command line interface for Amazon Route 53.
• Dasein Cloud API
Java-based API.
• easyRoute53 (easyDNS)
GUI tools, registrar services, and zone transfer services.
• PHP library for Query-based Amazon Route 53 requests
A simple PHP library for interacting with Amazon Route 53.
• R53.py (via github)
API Version 2013-04-01
312

Amazon Route 53 Developer Guide
Graphical User Interfaces

Maintains your own canonical version of your DNS configs under source control, and calculates the
minimal changeset required to accomplish a DNS change.
• RIAForge
ColdFusion based components for managing DNS using Amazon Route 53.
• RightScripts (via RightScale)
Scripts to configure or update your RightScale server for use with Amazon Route 53.
• RightScale Support Tutorials
RightScale tutorial for domain setup with Amazon Route 53.
• route53d
DNS front-end to Amazon Route 53 API (enables incremental zone transfer (IXFR)).
• Route53Manager (via github)
Web-based interface.
• Ruby Fog (via github)
The Ruby cloud services library.
• Valet (via github)
Java API, including a one-way-sync utility for Windows DNS server files.
• WebService::Amazon::Route53 (via CPAN)
Perl interface to Amazon Route 53 API.

Graphical User Interfaces
The following third-party tools provide graphical user interfaces (GUIs) for working with Amazon Route 53:
•
•
•
•

easyRoute53 (easyDNS)
Nephelai
R53 Fox
Ylastic

API Version 2013-04-01
313

Amazon Route 53 Developer Guide

Document History
The following table describes the important changes to the documentation since the last release of Amazon
Route 53.
• API Version – 2013-04-01
• Latest documentation update – May 26, 2016

API Version 2013-04-01
314

Amazon Route 53 Developer Guide

The following table describes important changes in each release of the Amazon Route 53 Developer
Guide.
Change

API Version Description

Release Date

New Features

2013-04-01

May 26, 2016

With this release, Amazon Route 53 adds the following
new features:
• Domain billing report – You can now download a report
that lists all domain registration charges, by domain, for
a specified time period. The report includes all domain
registration operations for which there is a fee, including
registering domains, transferring domains to Amazon
Route 53, renewing domain registration, and (for some
TLDs), changing the owner of a domain. For more information, see the following documentation:
• Amazon Route 53 console – See Downloading a
Domain Billing Report (p. 40)
• Amazon Route 53 API – See ViewBilling in the
Amazon Route 53 API Reference.
• New TLDs – You can now register domains that have
the following TLDs: .college, .consulting, .host, .name,
.online, .republican, .rocks, .sucks, .trade, .website, and
.uk. For more information, see Domains that You Can
Register with Amazon Route 53 (p. 41).
• New APIs for domain registration – For operations
that require confirmation that the email address for the
registrant contact is valid, such as registering a new
domain, you can now programmatically determine
whether the registrant contact has clicked the link in the
confirmation email and, if not, whether the link is still
valid. You can also programmatically request that we
send another confirmation email. For more information,
see the following documentation in the Amazon Route 53
API Reference:
• GetContactReachabilityStatus
• ResendContactReachabilityEmail

API Version 2013-04-01
315

Amazon Route 53 Developer Guide

Change

API Version Description

Release Date

New Features

2013-04-01

April 5, 2016

API Version 2013-04-01
316

Amazon Route 53 Developer Guide

Change

API Version Description
With this release, Amazon Route 53 adds the following
new features:
• Health checks based on CloudWatch metrics – You
can now create health checks that are based on the
alarm state of any CloudWatch metric. This is useful for
checking the health of endpoints that can't be reached
by a standard Amazon Route 53 health check, such as
instances within an Amazon Virtual Private Cloud (VPC)
that have only private IP addresses. For more information, see the following documentation:
• Amazon Route 53 console – See Monitoring a
CloudWatch Alarm (p. 250) in the "Values that You
Specify When You Create or Update Health Checks"
topic.
• Amazon Route 53 API – See POST CreateHealthCheck and POST UpdateHealthCheck in the
Amazon Route 53 API Reference.
• Configurable health check locations – You can now
choose the Amazon Route 53 health checking regions
that check the health of your resources, which reduces
the load on the endpoint from health checks. This is
useful if your customers are concentrated in one or a
few geographic regions. For more information, see the
following documentation:
• Amazon Route 53 console – See Health checker
regions in the "Values that You Specify When You
Create or Update Health Checks" topic.
• Amazon Route 53 API – See the Regions element
for POST CreateHealthCheck and POST UpdateHealthCheck in the Amazon Route 53 API Reference.
• Failover in private hosted zones – You can now create
failover and failover alias resource record sets in a
private hosted zone. When you combine this feature
with metric-based health checks, you can configure DNS
failover even for endpoints that have only private IP addresses and can't be reached by using standard Amazon
Route 53 health checks. For more information, see the
following documentation:
• Amazon Route 53 console – See Configuring Failover in a Private Hosted Zone (p. 270).
• Amazon Route 53 API – See POST
ChangeResourceRecordSets in the Amazon Route 53
API Reference.
• Alias resource record sets in private hosted zones
– In the past, you could create alias resource record
sets that route DNS queries only to other Amazon
Route 53 resource record sets in the same hosted zone.
With this release, you can also create alias resource
record sets that route DNS queries to Elastic Beanstalk
environments that have regionalized subdomains,
Elastic Load Balancing load balancers, and Amazon S3
buckets. (You still can't create alias resource record sets

API Version 2013-04-01
317

Release Date

Amazon Route 53 Developer Guide

Change

API Version Description

Release Date

that route DNS queries to a CloudFront distribution.) For
more information, see the following documentation:
• Amazon Route 53 console – See Choosing Between
Alias and Non-Alias Resource Record Sets (p. 182).
• Amazon Route 53 API – See POST
ChangeResourceRecordSets in the Amazon Route 53
API Reference.

New Feature 2013-04-01

When you create or update HTTPS health checks, you
February 23,
can now configure Amazon Route 53 to send the host
2016
name to the endpoint during TLS negotiation. This allows
the endpoint to respond to the HTTPS request with the
applicable SSL/TLS certificate. For more information, see
the description for the Enable SNI field in the "Values that
You Specify When You Create or Update Health Checks"
topic. For information about how to enable SNI when you
use the API to create or update a health check, see POST
CreateHealthCheck and POST UpdateHealthCheck in the
Amazon Route 53 API Reference.

New Feature 2013-04-01

You can now register domains for over 100 additional top- January 27,
level domains (TLDs) such as .accountants, .band, and
2016
.city. For a complete list of supported TLDs, see Domains
that You Can Register with Amazon Route 53 (p. 41).

New Feature 2013-04-01

You can now create alias resource record sets that route January 19,
traffic to Elastic Beanstalk environments. For information 2016
about creating resource record sets by using the Amazon
Route 53 console, see Creating Resource Record Sets
by Using the Amazon Route 53 Console (p. 184). For information about using the API to create resource record
sets, see POST ChangeResourceRecordSets in the
Amazon Route 53 API Reference.

New Features

The Amazon Route 53 console now includes a visual editor December 3,
that lets you quickly create complex routing configurations 2015
that use a combination of Amazon Route 53 weighted,
latency, failover, and geolocation routing policies. You can
then associate the configuration with one or more domain
names (such as example.com) or subdomain names (such
as www.example.com), in the same hosted zone or in
multiple hosted zones. In addition, you can roll back the
updates if the new configuration isn't performing as you
expected it to. The same functionality is available by using
the Amazon Route 53 API, AWS SDKs, the AWS CLI, and
AWS Tools for Windows PowerShell. For information about
using the visual editor, see Using Traffic Flow to Route
DNS Traffic (p. 234). For information about using the API
to create traffic flow configurations, see Actions on Traffic
Policies and Traffic Policy Instances in the Amazon
Route 53 API Reference.

2013-04-01

API Version 2013-04-01
318

Amazon Route 53 Developer Guide

Change

API Version Description

Release Date

New Features

2013-04-01

October 19,
2015

With this release, Amazon Route 53 adds the following
new features:
• Domain registration for .com and .net domains by
Amazon Registrar, Inc. – Amazon is now an ICANNaccredited registrar for the .com and .net top-level domains (TLDs) through Amazon Registrar, Inc. When you
use Amazon Route 53 to register a .com or .net domain,
Amazon Registrar will be the registrar of record and will
be listed as the "Sponsoring Registrar" in your Whois
query results. For information about using Amazon
Route 53 to register domains, see Registering Domain
Names Using Amazon Route 53 (p. 13).
• Privacy protection for .com and .net domains – When
you register a .com or .net domain with Amazon
Route 53, all of your personal information, including first
and last name, is now hidden. First and last name are
not hidden for other domains that you register with
Amazon Route 53. For more information about privacy
protection, see Privacy Protection for Contact Information (p. 22).

New Features

2013-04-01

• Calculated health checks – You now can create health September
checks whose status is determined by the health status 15, 2015
of other health checks. For more information, see Creating and Updating Health Checks (p. 246). In addition,
see POST CreateHealthCheck in the Amazon Route 53
API Reference.
• Latency measurements for health checks – You now
can configure Amazon Route 53 to measure the latency
between health checkers and your endpoint. Latency
data appears in Amazon CloudWatch graphs in the
Amazon Route 53 console. To enable latency measurements for new health checks, see the Latency measurements setting under Advanced Configuration
("Monitor an endpoint" Only) (p. 250) in the topic Values
that You Specify When You Create or Update Health
Checks (p. 246). (You can't enable latency measurements
for existing health checks.) In addition, see MeasureLatency in the topic POST CreateHealthCheck in the
Amazon Route 53 API Reference.
• Updates to the health checks dashboard in the
Amazon Route 53 console – The dashboard for monitoring health checks has been improved in a variety of
ways, including CloudWatch graphs for monitoring
latency between Amazon Route 53 health checkers and
your endpoints. For more information, see Monitoring
Health Check Status and Getting Notifications (p. 255).

API Version 2013-04-01
319

Amazon Route 53 Developer Guide

Change

API Version Description

New Documentation

2013-04-01

Release Date

The Amazon Route 53 Developer Guide now explains how March 3,
to configure white label name servers for Amazon Route 53 2015
hosted zones. For more information, see Configuring White
Label Name Servers (p. 165).

New Feature 2013-04-01

You now can use the Amazon Route 53 API to list the
February 26,
hosted zones that are associated with an AWS account in 2015
alphabetical order by name. You can also get a count of
the hosted zones that are associated with an account. For
more information, see GET ListHostedZonesByName and
GET GetHostedZoneCount in the Amazon Route 53 API
Reference.

New Features

With this release, Amazon Route 53 adds the following
new features:

2013-04-01

February 11,
2015

• Health Check Status – The health checks page in the
Amazon Route 53 console now includes a Status
column that lets you view the overall status of all of your
health checks. For more information, see Viewing Health
Check Status and the Reason for Health Check Failures (p. 255).
• Integration with AWS CloudTrail – Amazon Route 53
now works with CloudTrail to capture information about
every request that your AWS account (including your
IAM users) sends to the Amazon Route 53 API. Integrating Amazon Route 53 and CloudTrail lets you determine
which requests were made to the Amazon Route 53
API, the source IP address from which each request
was made, who made the request, when it was made,
and more. For more information, see Using AWS
CloudTrail to Capture Requests Sent to the Amazon
Route 53 API (p. 296).
• Quick Alarms for Health Checks – When you create
a health check by using the Amazon Route 53 console,
you can now simultaneously create an Amazon CloudWatch alarm for the health check and specify who to
notify when Amazon Route 53 considers the endpoint
unhealthy for one minute. For more information, see
Creating and Updating Health Checks (p. 246).
• Tagging for Hosted Zones and Domains – You can
now assign tags, which are commonly used for cost allocation, to Amazon Route 53 hosted zones and domains. For more information, see Tagging Amazon
Route 53 Resources (p. 302).

New Feature 2013-04-01

You now can use the Amazon Route 53 console to update February 5,
contact information for a domain. For more information,
2015
see Values that You Specify When You Register a Domain
or Edit Domain Settings (p. 16).

API Version 2013-04-01
320

Amazon Route 53 Developer Guide

Change

API Version Description

Release Date

New Feature 2013-04-01

You now can specify internationalized domain names when January 22,
you're registering a new domain name with Amazon
2015
Route 53. (Amazon Route 53 already supported internationalized domain names for hosted zones and resource
record sets.) For more information, see DNS Domain Name
Format (p. 2).

New Feature 2013-04-01

With this release, you now can edit the comment that you November
specified for a hosted zone when you created it. In the
25, 2014
console, you just click the pencil icon next to the Comment
field and enter a new value. For more information about
changing the comment by using the Amazon Route 53
API, see POST UpdateHostedZoneComment in the
Amazon Route 53 API Reference.

New Features

With this release, Amazon Route 53 adds the following
new features:

2013-04-01

• Private DNS for Amazon Virtual Private Clouds–You
now can use Amazon Route 53 to manage your internal
domain names for Amazon Virtual Private Clouds
(VPCs) without exposing DNS data to the public Internet.
For more information, see Working with Private Hosted
Zones (p. 171).
• Health check failure reasons–You can now see the
current status of a selected health check, as well as
details on why the health check last failed, as reported
by each of the Amazon Route 53 health checkers. The
status includes the HTTP status code, and failure reasons include information about numerous types of failures, such as string matching failures and response
timeouts. For more information, see Viewing Health
Check Status and the Reason for Health Check Failures (p. 255).
• Reusable delegation sets–You can now apply the
same set of four authoritative name servers, known
collectively as a delegation set, to multiple hosted zones
that correspond with different domain names. This
greatly simplifies the process of migrating DNS service
to Amazon Route 53 and managing large numbers of
hosted zones. Using reusable delegation sets currently
requires that you use the Amazon Route 53 API or an
AWS SDK. For more information, see Actions on Reusable Delegation Sets in the Amazon Route 53 API
Reference.
• Improved geolocation routing–We further improved
the accuracy of geolocation routing by adding support
for the edns-client-subnet extension of EDNS0. For more
information, see Geolocation Routing (p. 181).
• Support for Signature v4–You can now sign all
Amazon Route 53 API requests using Signature version
4. For more information, see Signing Amazon Route 53
API Requests in the Amazon Route 53 API Reference.

API Version 2013-04-01
321

November 5,
2014

Amazon Route 53 Developer Guide

Change

API Version Description

Release Date

New Features

2013-04-01

July 31, 2014

With this release, you now can do the following:
• Register domain names using Amazon Route 53. For
more information, see Registering Domain Names Using
Amazon Route 53 (p. 13).
• Configure Amazon Route 53 to respond to DNS queries
based on the geographic location that the queries originate from. For more information, see Geolocation Routing (p. 181).

New Features

2013-04-01

With this release, you now can do the following:

July 2, 2014

• Edit most values in health checks. For more information,
see Creating, Updating, and Deleting Health
Checks (p. 245).
• Use the Amazon Route 53 API to get a list of the IP
ranges that Amazon Route 53 health checkers use to
check the health of your resources. You can use these
IP addresses to configure your router and firewall rules
to allow health checkers to check the health of your resources. For more information, see GET GetCheckerIpRanges in the Amazon Route 53 API Reference.
• Assign cost allocation tags to health checks, which also
lets you assign a name to health checks. For more information, see Naming and Tagging Health
Checks (p. 275).
• Use the Amazon Route 53 API to get the number of
health checks that are associated with your AWS account. For more information, see GET
GetHealthCheckCount in the Amazon Route 53 API
Reference.

New Fea2013-04-01
ture, Updated Documentation

With this release, you can now create health checks and April 30, 2014
use a domain name instead of an IP address to specify
the endpoint. This is helpful when an endpoint's IP address
either is not fixed or is served by multiple IPs, such as
Amazon EC2 or Amazon RDS instances. For more information, see Creating and Updating Health Checks (p. 246).
In addition, some information about using the Amazon
Route 53 API that formerly appeared in the Amazon
Route 53 Developer Guide has been moved. Now all API
documentation appears in the Amazon Route 53 API
Reference.

API Version 2013-04-01
322

Amazon Route 53 Developer Guide

Change

API Version Description

Updated
2013-04-01
Host header
value for HTTPS health
checks

Release Date

With this release, Amazon Route 53 passes a different
April 18, 2014
value in the Host header when the health check Port value
is 443 and the Protocol value is HTTPS. During a health
check, Amazon Route 53 now passes to the endpoint a
Host header that contains the value of the Host Name
field. If you created the health check by using the CreateHealthCheck API action, this is the value of the
FullyQualifiedDomainName element.
For more information, see Creating, Updating, and Deleting
Health Checks (p. 245).

New Features

2013-04-01

With this release, you can now view what percentage of April 9, 2014
Amazon Route 53 health checkers are currently reporting
that an endpoint is healthy.
In addition, behavior of the Health Check Status metric in
Amazon CloudWatch now shows only zero (if your endpoint was unhealthy during a given time period) or one (if
the endpoint was healthy for that time period). The metric
no longer shows values between 0 and 1 reflecting the
portion of Amazon Route 53 health checks that are reporting the endpoint as healthy.
For more information, see Monitoring Health Checks Using
CloudWatch (p. 257).

New Features

2013-04-01

With this release, Amazon Route 53 adds the following
features:
• Health check failover threshold: You can now specify
how many consecutive health checks an endpoint must
fail before Amazon Route 53 considers the endpoint
unhealthy, between 1 and 10 consecutive checks. An
unhealthy endpoint must pass the same number of
checks to be considered healthy. For more information,
see How Amazon Route 53 Determines Whether an
Endpoint Is Healthy (p. 254).
• Health check request interval: You can now specify
how frequently Amazon Route 53 sends requests to an
endpoint to determine whether the endpoint is healthy.
Valid settings are 10 seconds and 30 seconds. For more
information, see How Amazon Route 53 Determines
Whether an Endpoint Is Healthy (p. 254).

API Version 2013-04-01
323

February 18,
2014

Amazon Route 53 Developer Guide

Change

API Version Description

Release Date

New Features

2013-04-01

January 30,
2014

With this release, Amazon Route 53 adds the following
features:
• HTTP and HTTPS string-match health checks:
Amazon Route 53 now supports health checks that determine the health of an endpoint based on the appearance of a specified string in the response body. For more
information, see How Amazon Route 53 Determines
Whether an Endpoint Is Healthy (p. 254).
• HTTPS health checks: Amazon Route 53 now supports
health checks for secure, SSL-only websites. For more
information, see How Amazon Route 53 Determines
Whether an Endpoint Is Healthy (p. 254).
• UPSERT for the ChangeResourceRecordSets API
Action: When creating or changing resource record
sets using the ChangeResourceRecordSets API action, you can now use the UPSERT action either to create
a new resource record set if none exists with a given
name and type, or to update an existing resource record
set. For more information, see POST
ChangeResourceRecordSets in the Amazon Route 53
API Reference.

New Feature 2013-04-01

With this release, Amazon Route 53 adds support for
health checks that determine the health of an endpoint
based on whether a specified string appears in the response body. For more information, see How Amazon
Route 53 Determines Whether an Endpoint Is
Healthy (p. 254).

New Feature 2012-12-12

With this release, Amazon Route 53 adds support for cre- August 14,
ating resource record sets by importing a BIND-formatted 2013
zone file. For more information, see Creating Resource
Record Sets By Importing a Zone File (p. 230).
In addition, CloudWatch metrics for Amazon Route 53
health checks have been integrated into the Amazon
Route 53 console and streamlined. For more information,
see Monitoring Health Checks Using CloudWatch (p. 257).

API Version 2013-04-01
324

January 7,
2014

Amazon Route 53 Developer Guide

Change

API Version Description

New Feature 2012-12-12

With this release, Amazon Route 53 adds support for integrating health checks with CloudWatch metrics so you
can do the following:

Release Date
June 26,
2013

• Verify that a health check is properly configured.
• Review the health of a health check endpoint over a
specified period of time.
• Configure CloudWatch to send an Amazon Simple Notification Service (Amazon SNS) alert when all Amazon
Route 53 health checkers consider your specified endpoint to be unhealthy.
For more information, see Monitoring Health Checks Using
CloudWatch (p. 257).
New Feature 2012-12-12

With this release, Amazon Route 53 adds support for cre- June 11,
ating alias resource record sets that route DNS queries to 2013
alternate domain names for Amazon CloudFront distributions. You can use this feature both for alternate domain
names at the zone apex (example.com) and alternate domain names for subdomains (www.example.com). For
more information, see Routing Traffic to an Amazon
CloudFront Distribution (Public Hosted Zones Only) (p. 151).

New Feature 2012-12-12

With this release, Amazon Route 53 adds support for
May 30, 2013
evaluating the health of ELB load balancers and the associated Amazon EC2 instances. For more information, see
Amazon Route 53 Health Checks and DNS Failover (p. 245).

Updated
2012-12-12
Documentation

The documentation about health checks and failover was March 28,
rewritten to enhance usability. For more information, see 2013
Amazon Route 53 Health Checks and DNS Failover (p. 245).

New Feature 2012-12-12

With this release, Amazon Route 53 adds support for fail- February 11,
over and health checks. For more information, see Amazon 2013
Route 53 Health Checks and DNS Failover (p. 245).

New Feature 2012-02-29

With this release, Amazon Route 53 lets you create latency March 21,
resource record sets. For more information, see Latency- 2012
Based Routing (p. 180).

New Feature 2011-05-05

With this release, the Amazon Route 53 console in the
December
AWS Management Console lets you create an alias re21, 2011
source record set by choosing an Elastic Load Balancer
from a list instead of manually entering the hosted zone
ID and the DNS name of the load balancer. New functionality is documented in the Amazon Route 53 Developer
Guide.

API Version 2013-04-01
325

Amazon Route 53 Developer Guide

Change

API Version Description

Release Date

New Feature 2011-05-05

With this release, you can use the Amazon Route 53
console in the AWS Management Console to create and
delete hosted zones, and to create, change, and delete
resource record sets. New functionality is documented
throughout the Amazon Route 53 Developer Guide, as
applicable.

Updated
2011-05-05
Documentation

The Amazon Route 53 Getting Started Guide was merged October 18,
into the Amazon Route 53 Developer Guide, and the De- 2011
veloper Guide was reorganized to enhance usability.

New Feature 2011-05-05

This release of Amazon Route 53 introduces alias resource May 24, 2011
record sets, which allow you to create zone apex aliases;
weighted resource record sets; a new API (2011-05-05);
and a service-level agreement. In addition, after six months
in beta, Amazon Route 53 is now generally available. For
more information, see the Amazon Route 53 product page
and Choosing Between Alias and Non-Alias Resource
Record Sets (p. 182) in the Amazon Route 53 Developer
Guide.

Initial Release

This is the first release of Amazon Route 53 Developer
Guide.

2010-10-01

API Version 2013-04-01
326

November
16, 2011

December 5,
2010

Amazon Route 53 Developer Guide

AWS Glossary
For the latest AWS terminology, see the AWS Glossary in the AWS General Reference.

API Version 2013-04-01
327



Source Exif Data:
File Type                       : PDF
File Type Extension             : pdf
MIME Type                       : application/pdf
PDF Version                     : 1.4
Linearized                      : No
Author                          : Unknown
Trapped                         : False
Create Date                     : 2016:08:09 17:26:25Z
Modify Date                     : 2016:08:09 17:26:25Z
Page Count                      : 333
Page Layout                     : OneColumn
Page Mode                       : UseOutlines
Format                          : application/pdf
Title                           : Amazon Route 53 Developer Guide
Creator                         : Unknown
Producer                        : XEP 4.18 build 20100322
Creator Tool                    : DocBook Xsl V 1.76, with Amazon Web Services Internal Tweaks
EXIF Metadata provided by EXIF.tools

Navigation menu