AWS Security ChangesHomeSearch

AWS Route53 documentation change

Service: Route53 · 2026-06-25 · Documentation low

File: Route53/latest/DeveloperGuide/resolver-availability-scaling.md

Summary

Fixed typographical error by replacing curly apostrophe with straight apostrophe in 'domain's name servers'

Security assessment

Change is purely cosmetic with no security implications. No security-related content was modified or added.

Diff

diff --git a/Route53/latest/DeveloperGuide/resolver-availability-scaling.md b/Route53/latest/DeveloperGuide/resolver-availability-scaling.md
index 719ba34e2..1b9991021 100644
--- a//Route53/latest/DeveloperGuide/resolver-availability-scaling.md
+++ b//Route53/latest/DeveloperGuide/resolver-availability-scaling.md
@@ -11 +11 @@ Route 53 VPC Resolver, running on the Amazon VPC CIDR + 2 address and fd00:ec2::
-The Nitro Resolver service carries a local cache which can help reduce latency by responding to repeat queries which are made over a short period of time by an instance. When the Nitro Resolver service receives a query which it does not have a cached answer for, it forwards the query to the Zonal Resolver fleet, a highly available fleet of resolvers typically in the same Availability Zone as the instance. When there are failures handling queries by upstream name servers or other components in the path, the Nitro Resolver service is frequently able to handle these failures transparently without impact to the workloads running on the instance. Furthermore, if the Resolver encounters query timeouts, refused connections, or SERVFAILS from the domain’s name servers, it may respond with a cached answer beyond the Time-To-Live (TTL) value to improve availability. Queries between the Nitro Resolver service and Zonal Resolver fleet are restricted to a tightly controlled network outside of the customer VPC, which is inaccessible to customers and subject to rigorous security controls. By handling queries between the Nitro Resolver service and Zonal Resolver fleet outside of the VPC, customers are prevented from intercepting DNS queries inside of their VPC. Queries destined to name servers outside of AWS will traverse the public internet, originating from public IP addresses belonging to the Zonal Resolver fleet. We do not support the EDNS0-Client Subnet attribute today, which means all queries destined to public DNS name servers do not include information about the originating customer IP address. 
+The Nitro Resolver service carries a local cache which can help reduce latency by responding to repeat queries which are made over a short period of time by an instance. When the Nitro Resolver service receives a query which it does not have a cached answer for, it forwards the query to the Zonal Resolver fleet, a highly available fleet of resolvers typically in the same Availability Zone as the instance. When there are failures handling queries by upstream name servers or other components in the path, the Nitro Resolver service is frequently able to handle these failures transparently without impact to the workloads running on the instance. Furthermore, if the Resolver encounters query timeouts, refused connections, or SERVFAILS from the domain's name servers, it may respond with a cached answer beyond the Time-To-Live (TTL) value to improve availability. Queries between the Nitro Resolver service and Zonal Resolver fleet are restricted to a tightly controlled network outside of the customer VPC, which is inaccessible to customers and subject to rigorous security controls. By handling queries between the Nitro Resolver service and Zonal Resolver fleet outside of the VPC, customers are prevented from intercepting DNS queries inside of their VPC. Queries destined to name servers outside of AWS will traverse the public internet, originating from public IP addresses belonging to the Zonal Resolver fleet. We do not support the EDNS0-Client Subnet attribute today, which means all queries destined to public DNS name servers do not include information about the originating customer IP address.