Ao usar o AWS re:Post, você concorda com os AWS re:Post Termos de uso
AWS re:Postre:Post

Is there a way to redirect DNS request to the DNS public zone if a record was not found in the DNS private zone?

0

Hello. I use DNS private zone to resolve private Load Balancer name for applications and public DNS zone to resolve public Load Balancer name for end-users. Private DNS zone contain records only to private Load Balancers. If an application needs to resolve some other records in the same domain name, then return NXDOMAIN (non-existent domain), because there is no DNS record in the private zone. But record exist in the public DNS zone. Options for duplicating the required DNS public records in a private zone or using a subdomain for applications, unfortunately, are not suitable in my case. Is there a way to redirect DNS requests from the private zone to the public zone if the record is not found in private zone? Would be grateful for any ideas and suggestions. Thanks in advance.

Tópicos
Rede e entrega de conteúdo
Tags
Amazon Route 53
Idioma
English
Uladzimir Skavinski
feita há 10 meses383 visualizações
2 Respostas
2
Resposta aceita

No, the Route 53 resolver does not support forwarding requests from a private hosted zone to a public hosted zone when the zone names are the same. Both are authoritative within the scope of the network that they "belong" to (private being within the VPC; public being any VPC that has not been assigned that private hosted zone).

The solutions are (as you've suggested) to duplicate records; or to not use overlapping namespaces.

You could run a custom DNS resolver in your VPC which behaves as you suggest; but that would require an instance (two for redundancy). It would need to forward requests to the appropriate DNS resolvers (internal and external) based on rules (and NXDOMAIN responses) as appropriate. There is cost involved in doing this - both in terms of the instance(s) and in time to configure and support.

profile pictureAWS
ESPECIALISTA
Brettski-AWS
respondido há 10 meses
profile picture
ESPECIALISTA
Gary Mclean
avaliado há 10 meses
0

I don’t believe so. You are running split horizon which is basically a view which locks the VPC CIDR range to the private zone and anything else goes to the public zone.

You will need to have a record in the private zone too.

profile picture
ESPECIALISTA
Gary Mclean
respondido há 10 meses

Você não está conectado. Fazer login para postar uma resposta.

Uma boa resposta responde claramente à pergunta, dá feedback construtivo e incentiva o crescimento profissional de quem perguntou.

Diretrizes para responder a perguntas

Conteúdo relevante