Subdomain on route53 private hosted Zone

amazon-route53dns-zoneinternal-dns

I have been trying to setup a Private Hosted Zone in route53 with current associated VPCs in eu-west-1 and will soon add more. I have conformed that my VPC has DNS resolution option set to yes and necessary DHCP option sets are also created. I have added a DNS record under the domain.local domain and it works fine. However, the issue comes when I tried to created a sub-damain dev.domain.local and tried to associate with the same VPC. I see the following error "A conflicting domain is already associated with the given VPC or Delegation Set."

My intention is to have one parent private zone as zorotools.local and several subdomain such as dev.domain.local, staging.domain.local, prod.domain.local etc.

I would then associate ec2 instances with these DNS names.

So, please let me know what mistake I am making and how should I proceed.

Best Answer

Creating a private hosted zone in Route 53 essentially applies a "hook" in the DNS resolver for your VPC so that queries for that domain are routed directly to the assigned Route 53 nameservers instead of being resolved normally by traversing down starting at the global root servers.

In light of that, I suppose it makes sense for the system to consider a subdomain to be a conflict, and this is a documented limitation:

ConflictingDomainExists

You specified an Amazon VPC that you're already using for another hosted zone, and the domain that you specified for one of the hosted zones is a subdomain of the domain that you specified for the other hosted zone. For example, you cannot use the same Amazon VPC if you're creating hosted zones for example.com and test.example.com.

http://docs.aws.amazon.com/Route53/latest/APIReference/API-create-hosted-zone-private.html

The following (untested) workaround should allow you to achieve the same functionality, though... assuming domain.local is configured as a private hosted zone:

Create dev.domain.local as a public zone in Route 53.
Note the 4 NS records assigned to the new zone by Route 53.
Back in the domain.local private zone, create a record for host "dev," type "NS," and paste the 4 nameservers assigned to dev.domain.local in the box.

This configuration should cause the VPC resolver to consult the private parent domain, learn the delegation, recurse to the delegated nameservers for the correct record, and return the expected response.

Related Solutions

How to Delegate a subdomain to Route53

It looks like you're trying to set up a zone transfer which you can't do, as ChrisV said.

To do a delegation for a sub domain you need only create NS records for the sub in the parent's zone.

So in starshine.org's zonefile:

aws    IN  NS    ns-1494.awsdns-58.org.
aws    IN  NS    ns-773.awsdns-32.net.
aws    IN  NS    ns-1751.awsdns-26.co.uk.
aws    IN  NS    ns-111.awsdns-13.com.

Then you define all your records for the aws.starshine.org. zone in the route 53 name servers.

How to set up an internal domain with Route53 on AWS

Turns out you need to configure this in your VPC settings. Go to Services > VPC > DHCP Options Set and select the set with domain-name-servers = AmazonProvidedDNS.

Best Answer

Related Solutions

How to Delegate a subdomain to Route53

How to set up an internal domain with Route53 on AWS

Related Topic