I have a domain registered at GoDaddy. Let's call it acme.com. Servers that are publicly available have their subdomains registered at GoDaddy. Example: www.acme.com and service-a.acme.com.
I have a VPN set up in AWS with private subnets that do not have public ip addresses. How do I register private server subdomains in AWS Route 53? Example service-b.acme.com should only be available when you are connected to the VPN and the subdomain should not be known to the public.
Background: I already attempted to use Route 53 and I setup a private Hosted Zone in Route 53 for acme.com. It worked for accessing private server names via the VPN. When connected the VPN I can access service-b.acme.com. And when not connected the name is not found.
The unexpected consequence is that all AWS servers use the Route 53 DNS server and while they can find service-b.aceme.com they do not fall back to the GoDaddy listings for the public server. They cannot find the public DNS entries for acme.com or service-a.acme.com.
Edit I may have a solution. I deleted my private hosted zone for acme.com that contained two A records for service-b.acme.com and service-c.acme.com. I instead created private hosted zones for each subdomain. So I now have two private hosted zones. One for service-b.acme.com and another for service-c.acme.com. Each contain an empty A record that points the private ip address for each server. It works but is this correct? I was kind of following similar instructions from AWS.
Best Answer
I deleted my private hosted zone for acme.com that contained two A records for service-b.acme.com and service-c.acme.com. I instead created private hosted zones for each subdomain. So I now have two private hosted zones. One for service-b.acme.com and another for service-c.acme.com. Each contain an empty A record that points the private ip address for each server. This works perfectly so far.