Routing internal and external traffic using the same public subdomain name

0

I have a Windows 2019 server running a database application that is accessible by public users and private users from another Windows 2019 instance. I wish to use the same subdomain name for external and internal access, but find that traffic between the 2 AWS instances gets routed externally, which is less secure and slower, when I use the subdomain name for the connection. How do I configure VPC/Route 53 to ensure that traffic between instances remains private while public traffic is directed correctly using the same subdomain name?

TomG
asked 2 years ago701 views
3 Answers
1

The answer from AC is good; I'd add (based on the further response):

If your web users are connecting to web.sub.domain.com and your database users are conencting to database.sub.domain.com then it's easy to have different IP addresses for those different records - particularly where the web users go to a public IP and database goes to a private IP.

But: If the hostname is the same for both then it's far more difficult because the DNS server has to look at where the query is coming from (private or public) and return a different IP address based on that. And then it's even more difficult because the DNS server doesn't know whether the query is coming from the database application or the web browser - there's no way to tell. So it can only return a single IP address.

Therefore: If you are using the same hostname for both purposes (web/database) then you can't do what you want. Instead, use two hostnames and the PHZ as AC suggests above.

profile pictureAWS
EXPERT
answered 2 years ago
0

Hi, you can create a Private Hosted Zone (PHZ) in Route 53, add the corresponding internal entries (A/AAAA), and associate this PHZ with the said VPC. Here's the landing page that explains the steps/considerations: https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/hosted-zones-private.html

AWS
AC
answered 2 years ago
0

Thanks, AC. I was able to create a private zone as indicated and it worked for the database apps. It led me to a new problem. While I want the database traffic to sub.domain.com to go to the other instance, I need the browser traffic to domain.com to go to the external website. When the hosted zone is active, the browser is unable to resolve DNS. Is there a setting to resolve that?

TomG
answered 2 years ago

You are not logged in. Log in to post an answer.

A good answer clearly answers the question and provides constructive feedback and encourages professional growth in the question asker.

Guidelines for Answering Questions