Dieser Inhalt ist in der ausgewählten Sprache nicht verfügbar

Wir arbeiten ständig daran, Inhalte in der ausgewählten Sprache bereitzustellen. Vielen Dank für deine Geduld.

How do I troubleshoot issues with hosted zones in Route 53 that have the same domain names in different AWS accounts?

Lesedauer: 5 Minute

How do I troubleshoot issues with hosted zones in Amazon Route 53 that have the same domain names in different AWS accounts?

Resolution

Public hosted zones with the same name in two accounts

You can create more than one hosted zone with the same name and add different records to each hosted zone. Route 53 assigns four name servers to every hosted zone, and the name servers are different for each hosted zone. When you update your registrar's name server records, be sure to use the Route 53 name servers for the appropriate hosted zone. You must use the hosted zone that contains the records that Route 53 should use when responding to queries for your domain. Route 53 won't return values for records in other hosted zones that have the same name.

For example:

In Account A, there's a hosted zone with the domain "101.example.com". Route 53 automatically assigned four name servers to the hosted zone:

ns-1701.awsdns-20.co.uk.
ns-487.awsdns-60.com.
ns-1410.awsdns-48.org.
ns-867.awsdns-44.net.

There's also a simple Type A record in Account A with the following details:


Record name	Type	Routing policy	Differentiator	Value/Route traffic to
test1.101.example.com	A	Simple	-	8.8.8.8

In Account B, there's a hosted zone with the same domain name ("101.example.com"). Route 53 automatically assigned four name servers to the hosted zone:

ns-869.awsdns-44.net.
ns-1332.awsdns-38.org.
ns-61.awsdns-07.com.
ns-1707.awsdns-21.co.uk.

This hosted zone also contains a simple Type A record with following details:


Record name	Type	Routing policy	Differentiator	Value/Route traffic to
test2.101.example.com	A	Simple	-	8.8.8.8

If the name servers for the domain (101.example.com) present in Account A are updated in Registrar while the name servers of the same domain (101.example.com) present in Account B are not added in Registrar, you get the following dig output:

Dig output for Account A: NOERROR

# dig test1.101.example.com
; <<>> DiG 9.11.4-P2-RedHat-9.11.4-9.P2.amzn2.0.4 <<>> test1.101.example.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 38973
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;test1.101.example.com.    IN   A

;; ANSWER SECTION:
test1.101.example.com. 300    IN   A      8.8.8.8

Dig output for Account B: NXDOMAIN

dig test2.101.example.com
; <<>> DiG 9.11.4-P2-RedHat-9.11.4-9.P2.amzn2.0.4 <<>> test2.101.example.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NXDOMAIN, id: 34489

Private hosted zones with the same name in two accounts

In Account A, consider a scenario where there's a private hosted zone ("example.com") in Account A associated with VPC-A. The private hosted zone contains a simple Type A record. In this scenario, the dig output of the resource record from an instance in VPC-A of Account A is NOERROR.


Record name	Type	Routing policy	Differentiator	Value/Route traffic to
example.com	NS	Simple	-	ns-1536.awsdns-00.co.uk. ns-0.awsdns-00.com. ns-1024.awsdns-00.org. ns-512.awsdns-00.net
example.com	SOA	Simple	-	ns-1536.awsdns-00.co.uk. awsdns-hostmaster.amazon.com. 1 7200 900 1209600 86400
test1.example.com	A	Simple	-	1.1.1.1

Dig output for Account A: NOERROR

# dig test1.example.com
; <<>> DiG 9.11.4-P2-RedHat-9.11.4-9.P2.amzn2.0.4 <<>> test1.example.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 45251
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;test1.example.com.    IN   A

;; ANSWER SECTION:
test1.example.com.    60   IN   A   1.1.1.1

In Account B, there's another private hosted zone with the same name ("example.com") associated with VPC-B of Account B. This private hosted zone contains a simple Type A record. The dig output of the resource record from an instance in VPC-B of Account B is NOERROR.


Record name	Type	Routing policy	Differentiator	Value/Route traffic to
example.com	NS	Simple	-	ns-1536.awsdns-00.co.uk. ns-0.awsdns-00.com. ns-1024.awsdns-00.org. ns-512.awsdns-00.net.
example.com	SOA	Simple	-	ns-1536.awsdns-00.co.uk. awsdns-hostmaster.amazon.com. 1 7200 900 1209600 86400
test2.example.com	A	Simple	-	2.2.2.2

Dig output for Account B: NOERROR

# dig test2.example.com
; <<>> DiG 9.11.4-P2-RedHat-9.11.4-9.P2.amzn2.0.4 <<>> test2.example.com
;; global options: +cmd
;; Got answer:
;; ->>HEADER<<- opcode: QUERY, status: NOERROR, id: 5377
;; flags: qr rd ra; QUERY: 1, ANSWER: 1, AUTHORITY: 0, ADDITIONAL: 1

;; OPT PSEUDOSECTION:
; EDNS: version: 0, flags:; udp: 4096
;; QUESTION SECTION:
;test2.example.com.    IN   A

;; ANSWER SECTION:
test2.example.com.    60   IN   A   2.2.2.2

Note: The name servers for private hosted zones in Route 53 are the same four name servers. Keep in mind that you can't associate the same VPC to two private hosted zones with the same name.

Themen

Vernetzung & Bereitstellung von Inhalten

Relevanter Inhalt

Wie behebe ich den Fehler „cannot restore index [.kibana]“ (Index [.kibana] kann nicht wiederhergestellt werden) in Amazon OpenSearch Service?
AWS OFFICIALAktualisiert vor 2 Jahren
Wie kann ich Availability Zones mithilfe von AWS Resource Access Manager identifizieren?
AWS OFFICIALAktualisiert vor einem Jahr
Wie lösche ich eine von Route 53 gehostete Zone?
AWS OFFICIALAktualisiert vor einem Jahr
Wie richte ich ExternalDNS mit Amazon EKS ein?
AWS OFFICIALAktualisiert vor 2 Monaten