SYSTEM Cited by 2 sources

Amazon Route 53

Amazon Route 53 is AWS's managed DNS service. It hosts public DNS zones for customer domains and private hosted zones scoped to VPCs. Inside a VPC, queries for Route-53-hosted private domains are resolved via the VPC resolver.

Stub page. See the 2024-12-12 Stripe source for one canonical deployment shape: Unbound on every host forwards domain queries to the VPC resolver, which in turn forwards to Route 53 for configured private zones.

Failure modes

• Mass hosted-zone deletion — Zalando's 2022 metadpata incident: a typo in YAML configuration fed to an account-lifecycle supertool caused fleet-wide Route 53 hosted-zone deletion across AWS accounts, taking the Zalando shop offline and locking most of the organisation out of internal tools that resolved through the deleted zones. Recovery from cached DNS entries before TTL expiry, tiered essential-tooling → core-infra → on-site. See concepts/dns-outage-recovery and sources/2024-01-22-zalando-tale-of-metadpata-the-revenge-of-the-supertools. The remediation stack includes a scream test using DNS delegation removal (+ Network ACL isolation) as the reversible pre-delete state — one week in that state before real decommissioning.

Related

• systems/aws-vpc-resolver
• concepts/dns-outage-recovery
• patterns/scream-test-before-destructive-delete
• sources/2024-12-12-stripe-the-secret-life-of-dns-packets-investigating-complex-networks
• sources/2024-01-22-zalando-tale-of-metadpata-the-revenge-of-the-supertools