How can I troubleshoot issues with my Route 53 failover routing policy?
Last updated: 2021-05-20
I configured an Amazon Route 53 failover routing policy. However, when I test the DNS resolution, I'm seeing unexpected results. How can I troubleshoot this issue?
Note: If you receive errors when running AWS Command Line Interface (AWS CLI) commands, make sure that you’re using the most recent AWS CLI version.
When you associate health checks with only the primary failover record:
- If the primary record is unhealthy, the secondary record is returned in response to a DNS query
- If there's no health check for the secondary record, then the secondary record is always treated as healthy
When you associate health checks with both the primary and secondary failover records:
- If the primary record is healthy, the primary record is returned in response to a DNS query
- If the primary record is unhealthy and the secondary record is healthy, then the secondary record is returned in response to a DNS query
- If both records are unhealthy, then the primary record is returned in response to a DNS query
When you're configuring the secondary record, adding a health check is optional. When there's no health check for the secondary record, Route 53 responds to DNS queries using the secondary record if the health check endpoint for the primary record is unhealthy. This behavior applies even when the secondary record is unhealthy if secondary record doesn't have a health check associated with it.
If you have an alias failover record with "Evaluate target health" set to "true", the health of the resource that the alias record references is checked before returning the alias record. If you have a health check associated with the alias record, the health check and your alias’s target health must be healthy to return the alias record.
Note: If your alias target is in the same hosted zone as the record, the target record must have an associated health check. Otherwise, the alias record is considered healthy and is included with possible responses to queries.
1. Use the DNS checking tool to test the configuration of your record set.
2. Use the dig or nslookup tools to query the DNS configuration. Be sure to replace the placeholders in the following commands with your corresponding values.
$ dig abc.example.com +short
$ nslookup abc.example.com
3. Using the information you find in steps 1-2, determine whether the issue is related to the primary or secondary record.
4. Check the health check configuration to determine if health checks are reporting as healthy. For more information, see How Amazon Route 53 checks the health of your resources. If you identify failing health checks, see Viewing health check status and the reason for health check failures.