Private hosted zones in Amazon Route 53 allow you to create private DNS domains that are only resolvable within your VPC. This guide explains how to properly configure VPC settings and associate private hosted zones for internal DNS resolution.

Understanding Private Hosted Zones

Amazon Route 53 private hosted zones enable you to create a private DNS namespace that is only accessible within your Virtual Private Cloud (VPC). This is particularly useful for internal applications, services, and resources that don’t need to be publicly accessible but still require DNS name resolution.

Private hosted zones allow you to use custom domain names for your internal resources without exposing them to the public internet. For example, you can use domain names like database.internal or app.company.private that resolve only within your VPC.

Prerequisites for Using Private Hosted Zones

Before you can use private hosted zones with your VPC, you must enable two critical DNS settings on your VPC:

1. enableDnsHostnames: This setting enables EC2 instances in your VPC to receive DNS hostnames that correspond to their public IP addresses

2. enableDnsSupport: This setting enables DNS resolution through the Amazon provided DNS server in your VPC

Both settings must be set to true for private hosted zones to function properly.

Enabling DNS Settings on Your VPC

You can enable these settings through the AWS Management Console or AWS CLI:

Using the AWS Management Console:

1. Navigate to the VPC Dashboard
2. Select your VPC from the list
3. Click Actions > Edit VPC settings
4. Check both Enable DNS hostnames and Enable DNS resolution
5. Click Save

Using the AWS CLI:

# Enable DNS hostnames
$ aws ec2 modify-vpc-attribute --vpc-id vpc-xxxxxxxx --enable-dns-hostnames

# Enable DNS support
$ aws ec2 modify-vpc-attribute --vpc-id vpc-xxxxxxxx --enable-dns-support

Creating and Associating a Private Hosted Zone

After enabling the required DNS settings, you can create and associate a private hosted zone with your VPC:

1. Create a Private Hosted Zone:

   • Open the Route 53 console
   • Click Hosted zones > Create hosted zone
   • Enter your domain name (e.g., internal.example.com)
   • For Type, select Private hosted zone
   • Select the VPC to associate with this hosted zone
   • Click Create

2. Associate an Existing Private Hosted Zone with Additional VPCs:

   • Select the private hosted zone
   • Click Associated VPCs > Associate more VPCs
   • Select the VPCs you want to associate
   • Click Associate

Adding DNS Records to Your Private Hosted Zone

Once your private hosted zone is set up, you can add DNS records just as you would with public hosted zones:

1. Select your private hosted zone
2. Click Create record
3. Enter the record details (name, type, value, TTL)
4. Click Create records

Use Cases for Private Hosted Zones

• Internal Applications: Provide friendly URLs for internal web applications
• Database Access: Create consistent DNS names for database instances
• Microservices: Enable service discovery between microservices
• Development Environments: Create separate namespaces for development, testing, and staging environments
• VPC Peering: Resolve DNS names across peered VPCs

Limitations and Considerations

• Private hosted zones are only accessible within the associated VPCs
• You cannot use the same domain name for both public and private hosted zones
• DNS resolution only works for resources within the associated VPCs
• There is a limit to the number of private hosted zones you can create per AWS account
• There is a charge for each private hosted zone and for DNS queries