Quotas - Amazon Route 53

Quotas

Amazon Route 53 API requests and entities are subject to the following quotas (formerly referred to as "limits").

Using Service Quotas to view and manage quotas

You can use the Service Quotas service to view quotas and to request quota increases for many AWS services. For more information, see the Service Quotas User Guide. (You can currently use Service Quotas to view and manage only Route 53 and Route 53 Resolver quotas. Domain registration quotas aren't available.)

Note

To view quotas and request higher quotas for Route 53, you must change the Region to US East (N. Virginia). To view quotas and request higher quotas for Resolver, change to the applicable Region.

Quotas on entities

Amazon Route 53 entities are subject to the following quotas.

For information on getting current quotas (formerly referred to as "limits"), see the following Route 53 actions:

  • GetAccountLimit – Gets quotas on health checks, hosted zones, reusable delegation sets, traffic flow policies, and traffic flow policy records

  • GetHostedZoneLimit – Gets quotas on records in a hosted zone and on Amazon VPCs that you can associate with a private hosted zone

  • GetReusableDelegationSetLimit – Gets the quota on the number of hosted zones that you can associate with a reusable delegation set

Quotas on domains

Entity Quota

Domains

20* per AWS account

Request a higher quota.

*The limit is 20 for new customers as of March 2021.

If you have an existing account and your default limit is 50 now, it will remain at 50.

Quotas on hosted zones

Entity Quota

Hosted zones

500 per AWS account

Request a higher quota.

Hosted zones that can use the same reusable delegation set

100

Request a higher quota.

Amazon VPCs that you can associate with a private hosted zone per hosted zone

300

Request a higher quota.

Private hosted zones that you can associate a VPC with

No quota *

Authorizations that you can create so you can associate VPCs that were created by one account with a hosted zone that was created by another account

100

The number of key signing keys (KSK) that you can create per hosted zone

2

* You can associate a VPC with any or all of the private hosted zones that you control through your AWS accounts. For example, suppose you have three AWS accounts and all three have the default quota of 500 hosted zones. If you create 500 private hosted zones for all three accounts, you can associate a VPC with all 1,500 private hosted zones.

Quotas on records

Entity Quota

Records

10,000 per hosted zone

Request a higher quota.

For a quota greater than 10,000 records in a hosted zone, an additional charge applies.

Values in a record

400 per record

Geolocation, latency, multivalue answer, and weighted records

100 records that have the same name and type

Geoproximity records

30 records that have the same name and type

Quotas on Route 53 Resolver

This section includes all the Route 53 Resolver quotas

Quotas on Route 53 Resolver

Use the following procedure to increase quotas for Route 53 Resolver.

To increase Resolver quotas

  1. Open the Service Quotas console at https://console.aws.amazon.com/servicequotas/home/services/route53resolver/quotas.

  2. Go to the region where you want to increase the limit.

  3. Select the Route 53 Resolver Quota name you want to increase.

  4. Select Request quota increase, enter the quota value, and then select Request.

Quotas on Route 53 Resolver endpoints

Entity Quota

Endpoints per AWS Region

4 per AWS account

Request a higher quota.

IP addresses per endpoint

6

IP addresses per rule

6

Rules per AWS Region

1000 per AWS account

Request a higher quota.

Associations between rules and VPCs per AWS Region

2000 per AWS account

Request a higher quota.

Queries per second per IP address in an endpoint

10,000*

* Each elastic network interface endpoint can process up to 10,000 DNS queries per second (QPS). The number of DNS QPS varies by the type of query, size of the response, health of the target name servers, query response times, and the protocol in use. For example, queries to a target name server that is slow to respond can significantly reduce the capacity of the network interface. Additionally, to ensure high availability, Route 53 Resolver generates redundant outbound queries for each DNS request that it receives. As a result, the QPS for each outbound network interface will not match the QPS sent to Route 53 Resolver. Use CloudWatch metrics to measure how many queries are being sent to each network interface. For more information, see Metrics for Resolver IP addresses. If your maximum query rate exceeds 50% of the capacity for any network interface in the endpoint, you can add more network interfaces to increase the endpoint capacity.

Quotas on Route 53 Resolver query logs

Entity Quota

Query log configurations per AWS Region

20

Query log configuration VPC associations per AWS Region

100

Query log configuration VPC associations per AWS Region (shared using RAM)

100

Quotas on Route 53 Resolver DNS Firewall

Entity Quota

Number of rule groups associated to a VPC for a single account per AWS Region

5

Number of DNS Firewall domains in a single Amazon S3 file for a single account per AWS Region

100,000

Request a higher quota.

Number of DNS Firewall rule groups for a single account per AWS Region

1,000

Request a higher quota.

Number of rules within a rule group for a single account account per AWS Region

100

Request a higher quota.

Number of domain specifications across all DNS Firewall domain lists for a single account per AWS Region

100,000

Request a higher quota.

Quotas on health checks

Entity Quota

Health checks

200 active health checks per AWS account

Request a higher quota.

Child health checks that a calculated health check can monitor

255

Maximum total length of headers in the response to a health check request

16,384 bytes (16K)

Quotas on query log configurations

Entity Quota

Query log configurations

1 per hosted zone

Quotas on traffic flow policies and policy records

Entity Quota

Traffic policies

For more information about Route 53 traffic flow, see Using traffic flow to route DNS traffic.

50 per AWS account

Request a higher quota.

Traffic policy versions

1,000 per traffic policy

Traffic policy records (referred to as "policy instances" in the Route 53 API, AWS SDKs, AWS Command Line Interface, and AWS Tools for Windows PowerShell)

5 per AWS account

Request a higher quota.

Quotas on reusable delegation sets

Entity Quota

Reusable delegation sets

100 per AWS account

Request a higher quota.

Maximums on API requests

Amazon Route 53 API requests are subject to the following maximums.

Number of elements and characters in ChangeResourceRecordSets requests

ResourceRecord elements

A request cannot contain more than 1,000 ResourceRecord elements. When the value of the Action element is UPSERT, each ResourceRecord element is counted twice.

Maximum number of characters

The sum of the number of characters (including spaces) in all Value elements in a request cannot exceed 32,000 characters. When the value of the Action element is UPSERT, each character in a Value element is counted twice.

Frequency of Amazon Route 53 API requests

All requests

Five requests per second per AWS account. If you submit more than five requests per second, Amazon Route 53 returns an HTTP 400 error (Bad request). The response header also includes a Code element with a value of Throttling and a Message element with a value of Rate exceeded.

Note

If your application exceeds this limit, we recommend that you implement exponential backoff for retries. For more information, see Error Retries and Exponential Backoff in AWS in the Amazon Web Services General Reference.

ChangeResourceRecordSets requests

If Route 53 can't process a request before the next request arrives, it will reject subsequent requests for the same hosted zone and return an HTTP 400 error (Bad request). The response header also includes a Code element with a value of PriorRequestNotComplete and a Message element with a value of The request was rejected because Route 53 was still processing a prior request.

CreateHealthCheck requests

You can submit a maximum of 1,000 CreateHealthCheck requests in a 24-hour period.

Frequency of Route 53 Resolver API requests

All requests

Five requests per second per AWS account per Region. If you submit more than five requests per second in a Region, Resolver returns an HTTP 400 error (Bad request). The response header also includes a Code element with a value of Throttling and a Message element with a value of Rate exceeded.

Note

If your application exceeds this limit, we recommend that you implement exponential backoff for retries. For more information, see Error Retries and Exponential Backoff in AWS in the Amazon Web Services General Reference.