Best practice rules for Amazon Route 53
AWS Route 53 is a scalable and highly available Domain Name web service. Route53 provides a reliable and cost effective way to link end users to applications by translating domain names (web addresses) into numeric IP addresses that computers require to connect to one another.
- Amazon Route 53 Configuration Changes
Route 53 configuration changes have been detected within your Amazon Web Services account.
- Enable DNSSEC Signing for Route 53 Hosted Zones
Ensure that DNSSEC signing is enabled for your Amazon Route 53 Hosted Zones.
- Enable Query Logging for Route 53 Hosted Zones
Ensure that DNS query logging is enabled for your Amazon Route 53 hosted zones.
- Privacy Protection
Ensure that Route 53 domains have Privacy Protection enabled.
- Remove AWS Route 53 Dangling DNS Records
Ensure dangling DNS records are removed from your AWS Route 53 hosted zones to avoid domain/subdomain takeover.
- Route 53 Domain Auto Renew
Ensure Route 53 domains are set to auto renew.
- Route 53 Domain Expired
Ensure expired AWS Route 53 domains names are restored.
- Route 53 Domain Expiry 30 Days
Ensure AWS Route 53 domain names are renewed before their expiration.
- Route 53 Domain Expiry 45 Days
Ensure AWS Route 53 domain names are renewed before their expiration (45 days before expiration).
- Route 53 Domain Expiry 7 Days
Ensure AWS Route 53 domain names are renewed before their expiration.
- Route 53 Domain Transfer Lock
Ensure Route 53 domains have the transfer lock set to prevent an unauthorized transfer to another registrar.
- Route 53 In Use
Ensure AWS Route 53 DNS service is in use for highly efficient DNS management.
- Sender Policy Framework In Use
Ensure that Sender Policy Framework (SPF) is used to stop spammers from spoofing your AWS Route 53 domain.