NTP set up on private AWS subnet within VPC: NTP public server DNS works but not ip, why

I have a NAT server that's in my VPC's public subnet on AWS. It's pretty happy with its NTP setup so I thought, no problem, let's get all my private subnets using this server as their designated time syncing server.

If in /etc/ntp.conf I set the server to my NAT instance's Public DNS everything works dandy. However, if I set it to the NAT instance's Public IP address it doesn't ever make a connection. For example, if a run ntpdate I get no servers can be used.

Regardless if the /etc/ntp.conf is set to the public IP or public DNS if I run ntpq -p, I see that the remote address is pointing to the Public DNS not the IP (not that I see why that would matter unless literal pattern matching is occurring between the IP and the DNS and that's failing which is the cause of this).

I researched this trying to see if it was explicitly stated somewhere that IPs were just a no-go, but I actually found the exact opposite stated.

Add an entry for each server to poll for time synchronization. You can
use a DNS name for this entry or a dotted quad IP address (such as
10.0.0.254). http://docs.aws.amazon.com/AWSEC2/latest/UserGuide/set-time.html

Admittedly that's a private IP, but it seems if the public DNS works the public IP should too since the public DNS is just a look up for the public IP.

It's working and all, but I'm confused. Could someone shed some light? I think I'm missing a basic building block of knowledge here.

EDIT:

To clarify, when I'm modifying the etc/ntp.conf, I'm doing it on the servers on my private subnet. The Public DNS (or IP) I'm referencing is the NAT's since they'll be using that server to sync their times. The NAT server is using the public NTP pool to keep its time on track.