route53 private zone forward to public zone

Question

Hi,

I just migrated a public DNS zone (example.com) to AWS Route53, everything works as excpeted.
Now I want to create a private DNS zone for this domain.
I've setup a private zone for example.com.
My problem is: if I have an entry (onlypublic.example.com) in the public zone but not in the private zone, I won't be able to resolve that name from the VPC. It behave like the private zone says "I don't know that entry" without forwarding it to the public zone.

How could I achieve that ? I know that using a sub domain (xxx.private.example.com) for private entries would help, but I don't want to use that.

Before the migration to AWS, I used RPZ in Bind9 to acheive this.

Thanks !

Accepted Answer

Hi,

Route53 currently does not have this capability. Depending on the volatility I can see two approaches to get you there:

1. Duplication: If it is a single, static DNS entry your easiest approach might be to just duplicate the DNS entry to the private zone. 
2. Sync via additional automation: If there are multiple entries, or if they change regularly, an approach might be to write a custom Lambda which syncs the selected public entries to the private zone.

If this is cross account you might have issues with alias entries, as you cannot use them in an account where the resource does not reside.

route53 private zone forward to public zone

相关内容