The Route 53 control plane is no longer strictly single-region.
AWS has in fact replicated it in part, thereby reducing dependence on the us-east-1 cloud region.
Against this backdrop, the October incident. It took root in that cloud region, (re)highlighting the vulnerability it represents. Among other things, because a number of services rely on its control plane.
An “Accelerated” Recovery…
The partial replication of Route 53’s control plane translates into an option for “accelerated recovery.” It can be activated for each public hosted zone (the container of records defining how traffic for a specific domain is routed across the Internet). A copy of the zone is then retained in the us-west-1 region.
… with a 60-minute RTO
If there is a prolonged outage in the us-east-1 region, a failover is expected to occur within 60 minutes. Access to the full set of API methods is not available. But the core ones are accessible: listing zones, records and delegation sets, submitting and tracking changes, etc.
During the failover period, it is not possible to create or delete zones. DNSSEC signing cannot be (de)activated. And AWS PrivateLink connections do not work. Later on, to delete a zone, you must first disable the “accelerated recovery” option. The latter, to be precise, does not apply to Route 53’s private DNS component.
