Route 53 Update – Private DNS and More #AWS

Amazon Route 53 is a highly available and scalable Domain Name Service. As you probably
know, it translates domain names in to numerical IP addresses. This level of
indirection allows you to refer to a computer by its name (which usually
remains the same for an extended period of time) instead of by its address
(which could change from minute to minute for any number of reasons).

Up until now, the primary use for Route 53 is for lookup of global,
public names. While it was sometimes possible to use it for private names within an
Amazon Virtual Private Cloud, the names were still globally visible, even if the IP addresses
were internal to the VPC and hence unreachable.

Today we are announcing Private DNS for Route 53. You can now easily manage authoritative
DNS within your Virtual Private Clouds. This allows you to use custom DNS names for
your internal resources without exposing the names or IP addresses to the public

As part of today’s launch, we are upgrading the AWS Management Console so
that it provides you with additional information when a health check
fails. We are also announcing support for reusable delegation sets. This
will simplify management of name servers when you are using Route 53 to
manage multiple domains.

Let’s take a look at each of these new features!

Private DNS
You can now use Route 53 to manage the internal DNS names for your application
resources (web servers, application servers, databases, and so forth) without
exposing this information to the public Internet. This adds an additional layer of
security, and also allows you to fail over from a primary resource to a secondary one (often called
a “flip”) by simply mapping the DNS name to a different IP address.

Route 53 also allows you set up
Split-horizon DNS. Once set up,
a given DNS name will map to one IP address when a lookup is initiated from within a VPC,
and to a different address when the lookup originates elsewhere.

You can get started with Route 53 Private DNS by creating a Route 53 Hosted Zone,
choosing the Private Hosted Zone option, and designating a

The console will display the type of each of your hosted zones:

To learn, read the documentation for
Working with Private Hosted Zones.

Reusable Delegation Sets
When you use Route 53 to host DNS for a domain, it sets up four authoritative name servers collectively known as a delegation set. As part
of today’s release we are simplifying domain management by allowing you to use the same delegation set for any number of your domains. This
is a somewhat advanced, API-only feature that can prove to be useful in a couple of different ways:

  • If you are moving a large group of domains from another provider to Route 53, you can provide them with a single
    list of four name servers and have them applied to all of the domains that you are moving.
  • You can create generic “white label” name servers such as and,
    use them in your delegation set, and point them to your actual Route 53 name servers.

To learn more, read the API documentation for
Actions on Reusable Delegation Sets.

Health Check Failure Reasons
We introduced Health
Checks for Route 53
last year and added
editing and tagging of health checks earlier this year. We are
now extending this feature again and are making the results of each health check available in the Console and
the Route 53 API. Here’s how they appear in the Console:

Note that the health checks cannot connect with services that are running within a private
subnet of a VPC. Similarly, Route 53 Private DNS records can’t be associated with health checks.

Go For It
These features are available now and you can start using them today!


Related posts