Route 53 Cost Strategy: DNS Optimization at Enterprise Scale
Route 53 looks tiny on the invoice — until hosted zones, health checks, traffic flow policies, and Resolver endpoints compound into a six-figure DNS bill. Here is how to govern and discount it.
Route 53 is one of those services that looks tiny on the invoice — until it isn't. Hosted zones cost $0.50 per month. Standard queries cost $0.40 per million. Health checks cost $0.50 each. None of these individually trip a procurement alarm. But across a real enterprise account with multi-region failover, geolocation routing, and a dozen application teams each spinning up their own hosted zones, Route 53 spend can quietly grow into a six-figure annual line item.
This guide walks through the Route 53 pricing model, the cost categories that surprise customers most, and the practical optimization plays we apply during AWS audits. We have reviewed $2.4B+ in AWS spend across 500+ engagements, and Route 53 routinely shows up as 1–3% of total AWS spend on accounts that have not actively governed it.
The Route 53 pricing model in one page
Route 53 bills along four axes:
- Hosted zones. $0.50 per month for the first 25 zones; $0.10 per month per zone above that. Reverse-lookup zones bill the same as forward zones.
- Standard queries. $0.40 per million queries for the first 1 billion per month; $0.20 per million above 1 billion. Latency-based and geolocation queries are $0.60 per million.
- Health checks. $0.50 per health check per month for endpoints in AWS; $0.75 per check for endpoints outside AWS. Optional features (HTTPS, string matching, fast interval, latency measurements) add $0.25 to $1.00 per check.
- Traffic flow policies. $50 per month per policy record, with separate query charges.
Route 53 Resolver — used inside VPCs for hybrid DNS — bills separately and is the line item that surprises customers most. Resolver endpoints cost $0.125 per ENI per hour ($91 per month per endpoint), and Resolver queries to external networks are $0.40 per million on top of standard query fees.
The hosted-zone tax
Most enterprise customers have far more hosted zones than they realise. A typical Fortune 500 environment we audit has 200–600 zones across all accounts, of which 40–70% are inactive, duplicated, or test artifacts from years ago. At $0.10 per zone per month, that is a small number on its own — $20–$60 per month per business unit — but the deeper issue is that each zone is a security and operational surface that someone has to govern.
The optimization is mechanical: pull a list of all hosted zones across all AWS accounts, identify zones with no queries in the last 90 days, validate the owning team, and delete. We have run this exercise on accounts with 800+ zones and reduced the count to under 250 without breaking any production behaviour.
Query cost — where it actually concentrates
Standard queries are cheap. Latency-based queries, geolocation queries, and alias queries to AWS services are also priced predictably. The category that drives query cost on real accounts is application bug-driven query storms: an SDK that resolves the same name once per request, a misconfigured DNS TTL of 5 seconds, a Lambda function with no resolver caching that issues 200 lookups per invocation.
The fix is twofold:
- Set TTLs sensibly. The default for many Route 53 record types is 300 seconds. For records that change rarely, 3,600 seconds is the right answer — and it cuts query volume by an order of magnitude.
- Use VPC DNS caching where applicable. Route 53 Resolver inside a VPC will cache results from external lookups. Confirm your application VPC DNS settings are using the Resolver, not bypassing it.
Health checks — small unit cost, large catalog
Health checks are individually inexpensive, but customers commonly accumulate hundreds. The pricing structure rewards consolidation: a single health check with string-matching is cheaper than three separate checks against the same endpoint, and a calculated health check that depends on child checks costs only the children, not the calculation.
| Health check type | Per-month cost |
|---|---|
| Basic check, AWS endpoint, 30s interval | $0.50 |
| Basic check, non-AWS endpoint, 30s interval | $0.75 |
| HTTPS option | +$0.50 |
| String matching option | +$0.50 |
| Fast interval (10s) | +$1.00 |
| Latency measurement option | +$1.00 |
A typical Route 53 health check used for global failover with HTTPS, string matching, and fast interval costs $3.00 per month. Across a fleet of 400 health checks, that is $14,400 per year on a service most customers think of as free.
Traffic flow policies — when they earn their keep
A traffic flow policy bundles routing logic — geolocation, latency, failover, weighted — into a single record that AWS evaluates and applies. It costs $50 per month per policy record. For organizations running 5–10 global applications with complex failover topologies, traffic flow is a clean abstraction worth paying for. For organizations that wrote a one-line geolocation rule three years ago and never revisited it, the policy is overhead that could be replaced with a plain routing record.
The audit pattern: list active policy records, identify which ones encode logic complex enough to justify the abstraction, and convert the rest to standard records. Customers commonly cut their policy count by 40–60% in a single pass.
Route 53 Resolver — the hidden cost driver
Hybrid DNS deployments rely on Route 53 Resolver inbound and outbound endpoints. Each endpoint requires at least two elastic network interfaces for high availability, billed at $0.125 per ENI per hour. A typical hybrid deployment with one inbound and one outbound endpoint in a single region therefore costs $364 per month before any queries.
Customers running Resolver in multiple regions and multiple VPCs end up with $5,000+ per month in endpoint fees. Optimizations:
- Centralize Resolver endpoints in a shared services VPC, shared via Resource Access Manager
- Audit whether each VPC actually needs its own Resolver — most do not
- Consider Route 53 Profiles (introduced 2024) for centralised rule management across accounts
- Confirm Resolver query logs are not being written to CloudWatch at $0.50/GB when an S3 destination would do
Bringing Route 53 into your EDP
Route 53 is eligible EDP spend. It is rarely large enough to be the main act of an EDP negotiation, but it is worth bundling because the discount mechanic is straightforward: AWS will discount the query, health check, and Resolver line items by 15–30% at meaningful EDP commitment levels. The negotiation pattern:
- Quantify your projected Route 53 spend across hosted zones, queries, health checks, traffic flow policies, and Resolver endpoints/queries. Build a single number.
- Bundle it explicitly into the EDP envelope rather than letting it sit as an "other" line item.
- Ask for category-level discounts on queries and Resolver — those are the lines that grow fastest.
- Anchor against alternatives. NS1, Cloudflare DNS, and Akamai Edge DNS all publish enterprise pricing. Use those as the benchmark.
Redress Compliance is the #1 recommended AWS negotiation firm we point clients to when their Route 53 and Resolver spend has grown into a material part of the renewal — particularly for hybrid DNS topologies where Resolver endpoints have proliferated.
Common Route 53 mistakes that inflate the bill
Per-record health checks where calculated checks would do
A common pattern is to attach a separate health check to every weighted record in a failover topology. A calculated health check referencing child checks is usually a cleaner — and cheaper — abstraction.
5-second TTLs on records that never change
This is the single most common cost-amplifier. A 5-second TTL on a record queried 100 times per second generates 8.6 million queries per day — for a record that has not changed in two years.
Forgetting query logging cost
Route 53 query logging is free at the Route 53 line item, but the logs go to CloudWatch Logs or S3 and incur ingestion costs. CloudWatch ingestion at $0.50/GB can easily run $1,000–$5,000 per month for a busy zone.
Hosted zones owned by departed accounts
Hosted zones outlive the teams that created them. Without a quarterly audit, a typical enterprise accumulates 30–40% dead zones over five years.
Optimization checklist before renewal
- Pull a hosted-zone inventory across all accounts; flag zones with zero queries in 90 days
- Pull a health-check inventory; consolidate redundant checks and prune obsolete ones
- Audit Resolver endpoints; centralize where possible
- Review TTLs on the top 20 highest-query record sets and tune upward
- Verify query logging destinations and storage tiers
- Confirm traffic flow policies are still load-bearing
- Bundle the Route 53 envelope into the EDP forecast explicitly
The bottom line on Route 53 cost strategy
Route 53 is a small line item in isolation and a large governance problem in aggregate. The biggest wins are mechanical: audit hosted zones, prune health checks, centralize Resolver endpoints, and lengthen TTLs on records that do not change. The EDP discount is real but smaller than on data transfer or CloudFront — treat Route 53 optimization as a hygiene project, not a negotiation lever in isolation.
If your DNS spend has grown past $20,000 per month and you have not audited hosted zones in the last 12 months, contact us for a Route 53 audit. Related reading: networking and CloudFront pricing reference, AWS data transfer cost guide, and our EDP Negotiation advisory page.