Reputation: 981
AWS Route53: Private and public hosted zones under the same domain
I've read through all the AWS docs I can find. And Google too has not resulted in anything.
My case here is - we have one domain "example.com", used only for public records, so far. There is one Hosted Zone set to Public. Now, I want to create a subdomain for private records to be used inside of our VPC group for our application (e.g. to point at an ElastiCache instance).
I attempted to create "private.example.com" as a Private Hosted Zone pointing at our VPC. Then created "cache.private.example.com" as a record under it. But it did not resolve.
I am curious if I can configure a subdomain of our main domain somehow?
example.com - Public
** app.example.com
private.example.com - Private
** cache.private.example.com - VPC
OR
Can I also create a Private Hosted Zone with the same top level domain example.com? I am nervous to try that because I do not want to affect the application.
example.com - Public
** app.example.com
example.com - Private
** cache.example.com - VPC'
Upvotes: 25
Views: 18226
Answers (2)
Reputation: 5828
For Googlers trying to "subsetting" a public host zone, or to make a private host zone "fallback" or "extend" to public. Read on.
Firstly, R53 is authoritative, means you have to provide exact resolution, so the common way of using different BIND views will not work. Also when host zone names overlap, the private one prevails.
Secondly, R53 will determine which host zone to use based on "specificity". So when user asks for www.example.com, then a host zone named www.example.com prevails another named example.com. This is something we can make use of.
Follow the procedure:
- Create a public host zone for your public DNS record (e.g.
example.com), or just use any other public DNS record and skip this step - Create a private host zone for each of your sub domain name that has a local / private mirror / cache (e.g.
www.example.com) - Create a default record set for each of the private host zones (leaving the "Name" field empty) and point them to local addresses
- Attach the private host zones to your selected VPC's
In this way, if your machine asks for www.example.com, and a private host zone matches, it will return local addresses, otherwise, it will fallback to use the public host zone.
The pitfall for this solution is that R53 charges you by number of host zones, so you will have to pay a bit more. Also this is a bit hacky. Otherwise it eliminates the complexity of creating and managing your own BIND server, syncing public records, etc.
Upvotes: 11
Reputation: 230
You will need to have a different domain for the private zone. Something like "example.internal" Then you could have "cache.example.internal"
cache.private.example.com will not resolve in your current setup, because it will be looking to example.com to resolve that dns. Also note it will only resolve inside the VPC.
Upvotes: 8
Related Questions
- Understand public hosted zone aws route53
- Terraform cannot create AWS private hosted route53 zone
- Create 2 hosted zones with same names under same AWS account
- Multiple AWS hosted zones for one domain
- Ansible route53_zone doesn't create private and public hosted zones
- AWS Route53 Private Hosted Zones and Reverse Lookup
- AWS - Route53 - Hosted Zones and Sub domains