Resolving route53 private hosted zone cnames internally

amazon-route53amazon-web-servicesdomain-name-systeminternal-dnsunbound

We have a DNS server outside of AWS, inside we have route53 with some private hosted zones. I want cnames on the private hosted zones to be available internally (when you access them inside the office).

Due to my limited experience with DNS, I'm not sure what's the best way to go on about this. I have looked at unbound but not sure if it's the right tool. Do I need to forward my requests to the main DNS server when a private hosted zone is requested?

Best Answer

You will need to:

Setup IPsec VPN to connect between AWS and office, and
Setup Dnsmasq in both AWS and office sites to proxy your DNS requests.

The most important option of Dnsmasq in ths case is --domain=, to specify DNS domains to forward. You can use this option to pass DNS requests to your private Route53 domain (office clients -> Dnsmasq/Unbound in office -> Dnsmasq in AWS -> Route53).

Related Solutions

How to determine the ARN of the Amazon route53-hosted zone

This is addressed in Controlling User Access with IAM, specifically in Route 53 ARNs:

Resource is either hostedzone or change, and ID is the ID of the hosted zone or the change.

The following are examples of a hosted zone ARN and a change ARN, respectively.
arn:aws:route53:::hostedzone/Z148QEXAMPLE8V
arn:aws:route53:::change/C2RDJ5EXAMPLE2
You can use wildcards (*) in place of the ID. [...]

The requested ID is listed in column Hosted Zone ID in the top level Hosted Zones summary of the Route 53 section within the AWS Management Console. Alternatively, you can list your hosted zones via an API call as usual (specifically GET ListHostedZones), and the response contains a respective Id element for each HostedZone element in turn.

AWS CloudFormation Create Route 53 Private Hosted Zone

I've been waiting for this too. Looks like it was added a couple of weeks after your post, you can find more information in this article

"DNS": {
  "Type": "AWS::Route53::HostedZone",
  "Properties": {
    "HostedZoneConfig": {
      "Comment": "My hosted zone for example.com"
    },
    "Name": "example.com",
    "VPCs": [{
      "VPCId": "vpc-abcd1234",
      "VPCRegion": "ap-northeast-1"
    },
    {
      "VPCId": "vpc-efgh5678",
      "VPCRegion": "us-west-2"
    }],
    "HostedZoneTags" : [{
      "Key": "SampleKey1",
      "Value": "SampleValue1"
    },
    {
      "Key": "SampleKey2",
      "Value": "SampleValue2"
    }]
  }
}

Best Answer

Related Solutions

How to determine the ARN of the Amazon route53-hosted zone

AWS CloudFormation Create Route 53 Private Hosted Zone

Related Topic