By using AWS re:Post, you agree to the AWS re:Post Terms of Use
AWS re:Postre:Post

Is there a way to redirect DNS request to the DNS public zone if a record was not found in the DNS private zone?

0

Hello. I use DNS private zone to resolve private Load Balancer name for applications and public DNS zone to resolve public Load Balancer name for end-users. Private DNS zone contain records only to private Load Balancers. If an application needs to resolve some other records in the same domain name, then return NXDOMAIN (non-existent domain), because there is no DNS record in the private zone. But record exist in the public DNS zone. Options for duplicating the required DNS public records in a private zone or using a subdomain for applications, unfortunately, are not suitable in my case. Is there a way to redirect DNS requests from the private zone to the public zone if the record is not found in private zone? Would be grateful for any ideas and suggestions. Thanks in advance.

Topics
Networking & Content Delivery
Tags
Amazon Route 53
Language
English
Uladzimir Skavinski
asked 9 months ago359 views
2 Answers
2
Accepted Answer

No, the Route 53 resolver does not support forwarding requests from a private hosted zone to a public hosted zone when the zone names are the same. Both are authoritative within the scope of the network that they "belong" to (private being within the VPC; public being any VPC that has not been assigned that private hosted zone).

The solutions are (as you've suggested) to duplicate records; or to not use overlapping namespaces.

You could run a custom DNS resolver in your VPC which behaves as you suggest; but that would require an instance (two for redundancy). It would need to forward requests to the appropriate DNS resolvers (internal and external) based on rules (and NXDOMAIN responses) as appropriate. There is cost involved in doing this - both in terms of the instance(s) and in time to configure and support.

profile pictureAWS
EXPERT
Brettski-AWS
answered 9 months ago
profile picture
EXPERT
Gary Mclean
reviewed 9 months ago
0

I don’t believe so. You are running split horizon which is basically a view which locks the VPC CIDR range to the private zone and anything else goes to the public zone.

You will need to have a record in the private zone too.

profile picture
EXPERT
Gary Mclean
answered 9 months ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions

Relevant content