Route53: Associate VPC with multiple private hosted zones sharing domain

0

Hi all,

is there is a way to associate the same VPC with multiple private hosted zones sharing the same parent domain.

I'm trying to create the following two private hosted zones to share multiple VPC Interface Endpoints between multiple account using Route53 Resolvers and Rules :

 **- sqs.eu-central-1.amazonaws.com**  
 **- athena.eu-central-1.amazonaws.com**  

When I try to associate the private hosted zones with the same VPC, I'm getting the following error message :

Error: error creating Route53 Hosted Zone:
ConflictingDomainExists: The VPC vpc-********
in region eu- central-1 has already been associated with the
hosted zone Z049196228IN3FVDXAHBO with the same
domain name.

as both of them are sharing the same parent domain (eu-central-1.amazonaws.com).

In this case it won't be possibile to create a parent domain with multiple subdomains.

any suggestions to resolve this issue are welcome

Thanks in advance

asked 2 years ago2016 views
1 Answer
0
Accepted Answer

Hi peterskandar

The error you’re receiving “ConflictingDomainExists” might be because you have private DNS option enabled for one of your VPC endpoints.

When you create a VPC Interface Endpoint with Private DNS option enabled, a Private Hosted Zone with the same name as the regional DNS gets associated with the VPC.

So, if you manually try to create a new Private Hosted Zone with the same name and associate it with the VPC then it will result in the same "ConflictingDomainExists" error.

Thus, to resolve the problem, you will need to disable Private DNS option for the VPC endpoint . Once that has been done, the domain name of the hosted zone you are trying to create will be removed from the VPC endpoints Private DNS Names and you will be able to create Private hosted zone with domain name in Route 53 service and successfully associate it to the VPC.

Please follow below steps to disable Private DNS name for a VPC endpoint:

 * Open the Amazon VPC console at https://console.aws.amazon.com/vpc/ 

 * In the navigation pane, choose Endpoints

 * Select your VPC endpoint. 

 * Choose the Actions button, next to Create endpoint and select Modify Private DNS names. 

 * To disable the private DNS option for the interface endpoint, for Enable DNS Name, select the check box. 

 * Click on save 

I hope this helps

References

1] Private DNS for interface endpoints - https://docs.aws.amazon.com/vpc/latest/privatelink/vpce-interface.html#vpce-private-dns

answered 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions