AWS Security ChangesHomeSearch

AWS Route53 documentation change

Service: Route53 · 2026-03-25 · Documentation low

File: Route53/latest/DeveloperGuide/gr-cloud-resolver-use-cases.md

Summary

Minor wording changes in two paragraphs about DNS security and high availability features, with slight rephrasing of security and reliability statements.

Security assessment

These are minor editorial changes to existing security documentation. The changes maintain the same security concepts (DNS exfiltration protection, encryption, DNSSEC) with slightly different wording. No new security issues are addressed.

Diff

diff --git a/Route53/latest/DeveloperGuide/gr-cloud-resolver-use-cases.md b/Route53/latest/DeveloperGuide/gr-cloud-resolver-use-cases.md
index e72465bfb..c126635bb 100644
--- a//Route53/latest/DeveloperGuide/gr-cloud-resolver-use-cases.md
+++ b//Route53/latest/DeveloperGuide/gr-cloud-resolver-use-cases.md
@@ -17 +17 @@ Securing DNS traffic from DNS exfiltration attacks
-Protect remote locations and branch offices from DNS-based data exfiltration attacks by filtering queries to malicious domains. Improve privacy by encrypting DNS traffic in-transit using DNS-over-HTTPS (DoH) and DNS-over-TLS (DoT) to ensure only authorized clients can access your DNS services. Apply security policies to block threats like DNS tunneling and Domain Generation Algorithms (DGAs). Validate DNS response authenticity using DNSSEC (Domain Name System Security Extensions) for DNSSEC-signed domains to protect against DNS spoofing and cache poisoning attacks.
+Protect remote locations and branch offices from DNS-based data exfiltration attacks by filtering queries to malicious domains. Improve privacy by encrypting DNS traffic in-transit using DNS-over-HTTPS (DoH) and DNS-over-TLS (DoT) so that only authorized clients can access your DNS services. Apply security policies to block threats like DNS tunneling and Domain Generation Algorithms (DGAs). Validate DNS response authenticity using DNSSEC (Domain Name System Security Extensions) for DNSSEC-signed domains to protect against DNS spoofing and cache poisoning attacks.
@@ -22 +22 @@ High availability and global presence
-Achieve high availability through global deployment and maintain consistent DNS configuration worldwide from a single management interface. Route 53 Global Resolver runs across the AWS Regions you choose, using anycast IP addresses that automatically route queries to the nearest available Region for optimal performance and reliability. Global enterprises can configure and manage DNS policies centrally while providing clients with a single set of IP addresses that work globally with automatic geographic optimization. Built-in redundancy ensures service continuity even if individual Regions become unavailable.
+Achieve high availability through global deployment and maintain consistent DNS configuration worldwide from a single management interface. Route 53 Global Resolver runs across the AWS Regions you choose, using anycast IP addresses that automatically route queries to the nearest available Region for optimal performance and reliability. Global enterprises can configure and manage DNS policies centrally while providing clients with a single set of IP addresses that work globally with automatic geographic optimization. Built-in redundancy is designed to help maintain service continuity even if individual Regions become unavailable.