When you associate health checks with only the primary failover record, the following scenarios occur:
If the primary record is unhealthy, then a DNS query returns the secondary record.
If there's no health check for the secondary record, then the secondary record is always treated as healthy.
If the primary health check becomes healthy again, then Route 53 fails over to the primary record and provides a response to a DNS query.
When you associate health checks with both the primary and secondary failover records, the following scenarios occur:
If the primary record is healthy, then a DNS query returns the primary record.
If the primary record is unhealthy and the secondary record is healthy, then a DNS query returns the secondary record.
If both records are unhealthy, then a DNS query returns the primary record.
When you configure the secondary record, adding a health check is optional. When there's no health check for the secondary record and the primary record is unhealthy, Route 53 responds to DNS queries using the secondary record. This applies even when the resources that are mapped to the secondary record are unhealthy. If the secondary record doesn't have a health check associated with it, then Route 53 returns the secondary record.
Suppose that you configure the health check for an alias record type and set Evaluate target health (ETH) to true. In this case, Route 53 checks the health of the resource that the alias record references before it returns the alias record. If you associate a health check with alias record, then the health check and your alias’s ETH must be healthy to return the alias record.
Note: If your alias record set points towards another record (target) in same hosted zone, then the target record must have an associated health check. Otherwise, Route 53 considers the alias record healthy and includes it with possible responses to queries.
5. If you see that the health check is healthy but you still see unexpected results, then check the record resolution. To do this, send the query to one of your domain hosted zone authoritative name servers or another public resolver: