Best practice rules for Amazon Route 53
AWS Route 53 is a scalable and highly available Domain Name web service. Route53 provides a reliable and cost effective way to link end users to applications by translating domain names (web addresses) into numeric IP addresses that computers require to connect to one another.
- Amazon Route 53 Configuration Changes
Route 53 configuration changes have been detected within your Amazon Web Services account.
- Check for Root Domain Alias Records that Point to Load Balancers
Ensure that the root domain Alias record points to an Elastic Load Balancer.
- Check for Route 53 Public Zones with Private Records
Ensure that public Route 53 hosted zones don't contain DNS records for private IPs/resources.
- Create Alias DNS Record for Root Domain
Ensure that a DNS Alias record is available for the root domain.
- Enable DNSSEC Signing for Route 53 Hosted Zones
Ensure that DNSSEC signing is enabled for your Amazon Route 53 Hosted Zones.
- Enable Logging of DNS Queries Using Route 53 Resolver
Ensure that DNS query logging using Amazon Route 53 Resolver is enabled in your AWS account.
- Enable Query Logging for Route 53 Hosted Zones
Ensure that DNS query logging is enabled for your Amazon Route 53 hosted zones.
- Privacy Protection
Ensure that Route 53 domains have Privacy Protection enabled.
- Remove AWS Route 53 Dangling DNS Records
Ensure dangling DNS records are removed from your AWS Route 53 hosted zones to avoid domain/subdomain takeover.
- Route 53 Domain Auto Renew
Ensure Route 53 domains are set to auto renew.
- Route 53 Domain Expired
Ensure expired AWS Route 53 domains names are restored.
- Route 53 Domain Expiry 30 Days
Ensure AWS Route 53 domain names are renewed before their expiration.
- Route 53 Domain Expiry 45 Days
Ensure AWS Route 53 domain names are renewed before their expiration (45 days before expiration).
- Route 53 Domain Expiry 7 Days
Ensure AWS Route 53 domain names are renewed before their expiration.
- Route 53 Domain Transfer Lock
Ensure Route 53 domains have the transfer lock set to prevent an unauthorized transfer to another registrar.
- Route 53 In Use
Ensure AWS Route 53 DNS service is in use for highly efficient DNS management.
- Sender Policy Framework DNS Lookup Limit
Ensure that your SPF implementation does not exceed more than 10 DNS lookups.
- Sender Policy Framework In Use
Ensure that Sender Policy Framework (SPF) is used to stop spammers from spoofing your AWS Route 53 domain.