Route53 Private Zones support delegation

0

Question about Route53 Private Zones. Customer is trying to retire their BIND infrastructure and go pure r53 but ran into an issue with one of their domains. They use subdomains of (test.com for example) across several accounts and the lack of support for delegation/ns records in private zones is blocking from moving fully into the solution.

Are there any plans to support delegation in private zone in the near future?

AWS
질문됨 3년 전2561회 조회
1개 답변
1
수락된 답변

Delegation of private hosted zone within AWS is usually not necessary as long as you only want to use Private Hosted Zones (PHZ). It is mostly baked into the functionality of R53 and can also be extended to on-premises resolution with R53 Resolver endpoints.

Only if you want to delegate a sub-zone from or to a non-R53 Auth NS, e.g. on-premises, will you face a feature gap. In your case, where the customer wants to retire all non-R53 Auth NS, they shouldn't be facing this issue.

The idea behind DNS delegation is to delegate authority of a part of the namespace to another entity (running their own Auth NS). With R53 you can achieve the same by just using Private Hosted Zones.

As such a central team could be in charge of the PHZ "example.com", while a developer team is in charge of "team1.example.com".

From a resolution perspective, you can now assign both of these above PHZ to the same VPC. While Route 53 considers this setup an "overlapping namespace", the resulting Resolver rules will give you more or less the same behavior as if you would have delegated the subdomain.

If you now deploy a R53 Outbound Resolver endpoint into that same VPC (which has visibility to both of the above zones), will you get the same resolution from on-premises.

In case the above domains of example.com and team1.example.com need to be split across R53 and an on-premises Auth NS, you will face the lack of support for delegating a sub-zone from or to a R53 Private Hosted Zone. In some cases, you can work around this with DNS forwarding.

profile pictureAWS
전문가
답변함 3년 전

로그인하지 않았습니다. 로그인해야 답변을 게시할 수 있습니다.

좋은 답변은 질문에 명확하게 답하고 건설적인 피드백을 제공하며 질문자의 전문적인 성장을 장려합니다.

질문 답변하기에 대한 가이드라인