Private DNS precedence?

Question

Tried looking but couldn't find any document that would list precedence of private DNS entries in AWS. Is there any information available?
For example, let's say I have API Gateway VPC endpoint in VPC that has Private DNS enabled, thus pointing execute-api host names to internal IP addresses. If I then add Private hosted zone with an alias pointing to API gateway (that resolves to AWS public IPs), it seems that the private hosted zone has higher priority than VPC endpoint private DNS?

But is this documented feature that can be trusted or was it just by luck? This would be really useful as we could then access public API Gateways from VPC even when Private DNS in VPCE is enabled.

Answer

Thanks for the detailed description.

This document https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/hosted-zone-private-considerations.html#hosted-zone-private-considerations-private-overlapping describes the precedence when pubic/private or private/private hosted zones have overlapping namespaces.

As a side note, the "Connect to public APIs with private DNS enabled" section in https://aws.amazon.com/premiumsupport/knowledge-center/api-gateway-vpc-connections/ also looks relevant to your question.

Hope it helps.

Private DNS precedence?

関連するコンテンツ