What is Amazon Route 53 Global Resolver?
Amazon Route 53 Global Resolver is an internet-reachable DNS resolver that provides secure and reliable DNS resolution for authorized clients in your organization, regardless of their location. The service resolves queries for both public internet domains and private domains in Amazon Route 53 private hosted zones, so it is not limited to a single VPC or region. Route 53 Global Resolver uses anycast IP addresses that automatically route DNS queries to the closest AWS Region for low latency and high availability.
This addresses a core challenge in distributed and hybrid environments: delivering consistent DNS security for remote staff, branch offices and on-premises workloads without complex DNS infrastructure at each location. Instead of running separate DNS servers or security appliances per site, teams configure private and public domain resolution and consistent filtering policies in a single solution. The resolver also protects clients against DNS-based data exfiltration by filtering queries to potentially malicious domains.
Core Features
- Anycast DNS resolution: Anycast IP addresses automatically route DNS queries to the nearest AWS Region for low latency and high availability; private and public domains resolve from any location.
- Multiple protocols: Support for DNS over port 53 (Do53), DNS over TLS (DoT) and DNS over HTTPS (DoH), plus IPv4 and IPv6 query traffic.
- DNS security and filtering: Blocking of potentially malicious and not-safe-for-work domains as well as advanced threats such as DNS tunneling, Domain Generation Algorithms (DGA) and dictionary DGA; protection against DNS-based data exfiltration.
- Views, access control and monitoring: Configurable DNS views for private and public resolution, access controls for authorized clients and centralized query logging for organization-wide DNS activity monitoring.
Typical Use Cases
Secure DNS resolution for remote work: Remote and home-office staff use a centrally managed, filtered resolver that consistently resolves private corporate domains and public domains, without requiring local DNS servers at each endpoint.
Centralized filtering for branch and remote offices: Consistent filtering policies apply across all sites and reduce the need for dedicated DNS security appliances per branch, while resolution scales automatically.
Protecting hybrid environments from DNS threats: On-premises clients and cloud workloads are secured against DNS tunneling, DGA-based attacks and DNS data exfiltration, with centralized logging for audit and threat analysis.
Benefits
- Consistent DNS security and filtering for distributed and hybrid environments from a single solution.
- Reduced infrastructure by eliminating local DNS servers and security appliances at each location.
- Automatic scaling for growing remote workforces and cloud workloads through anycast architecture.
Integration with innFactory
As an AWS Reseller, innFactory supports you with the adoption and operation of this service.
Typical Use Cases
Frequently Asked Questions
What is Amazon Route 53 Global Resolver?
Amazon Route 53 Global Resolver is an internet-reachable DNS resolver that provides secure DNS resolution for authorized clients in branch offices, home offices and on-premises environments. It resolves both public internet domains and private domains in Route 53 private hosted zones, and it uses a global anycast architecture for low latency and high availability.
When should I use Amazon Route 53 Global Resolver?
Use it when you need consistent, filtered DNS resolution for a distributed workforce or multiple sites without operating dedicated DNS appliances at each location. Typical scenarios include remote staff, branch networks and hybrid environments that need to resolve private and public domains centrally and protect clients against malicious domains.
How much does Amazon Route 53 Global Resolver cost?
Billing combines an hourly fee per region with usage-based per-query charges. AWS offers a bundled fee for the first two regions, a lower-cost variant without DNS filtering, and additional regions at an hourly rate. DNS queries above a monthly free allowance are billed per million queries. A 30-day free trial is available. See the official pricing page for current rates.
Which protocols and security features does Route 53 Global Resolver support?
Global Resolver supports DNS over port 53 (Do53), DNS over TLS (DoT) and DNS over HTTPS (DoH), as well as IPv4 and IPv6 traffic. On the security side it filters potentially malicious and not-safe-for-work domains and blocks advanced threats such as DNS tunneling and Domain Generation Algorithms (DGA). Configurable DNS views, access controls and centralized query logging support governance and monitoring.