Score:0

How Do I Setup Subdomains in Private AWS VPC?

do flag

I have a domain registered at GoDaddy. Let's call it acme.com. Servers that are publicly available have their subdomains registered at GoDaddy. Example: www.acme.com and service-a.acme.com.

I have a VPN set up in AWS with private subnets that do not have public ip addresses. How do I register private server subdomains in AWS Route 53? Example service-b.acme.com should only be available when you are connected to the VPN and the subdomain should not be known to the public.


Background: I already attempted to use Route 53 and I setup a private Hosted Zone in Route 53 for acme.com. It worked for accessing private server names via the VPN. When connected the VPN I can access service-b.acme.com. And when not connected the name is not found.

The unexpected consequence is that all AWS servers use the Route 53 DNS server and while they can find service-b.aceme.com they do not fall back to the GoDaddy listings for the public server. They cannot find the public DNS entries for acme.com or service-a.acme.com.


Edit I may have a solution. I deleted my private hosted zone for acme.com that contained two A records for service-b.acme.com and service-c.acme.com. I instead created private hosted zones for each subdomain. So I now have two private hosted zones. One for service-b.acme.com and another for service-c.acme.com. Each contain an empty A record that points the private ip address for each server. It works but is this correct? I was kind of following similar instructions from AWS.

vn flag
I'd recommend you delegate `internal.example.com` to the private hosted zone, and have hostnames like `db.internal.example.com`. That way you can leave alone the main domain.
Tim avatar
gp flag
Tim
Please edit your question, it's not really clear. It sounded like you solved the problem in a reasonable way but you made an ambiguous comment "all AWS servers use the Route 53 DNS server and while they can find service-b.aceme.com they do not fall back to the GoDaddy listings for the public server". Do you mean your AWS EC2 instances used the Route53 private zone, and you've defined that zone in two places? You'll need to do some kind of delegation if that's what you need but it's not clear what you're trying to achieve.
Score:0
do flag

I deleted my private hosted zone for acme.com that contained two A records for service-b.acme.com and service-c.acme.com. I instead created private hosted zones for each subdomain. So I now have two private hosted zones. One for service-b.acme.com and another for service-c.acme.com. Each contain an empty A record that points the private ip address for each server. This works perfectly so far.

I sit in a Tesla and translated this thread with Ai:

mangohost

Post an answer

Most people don’t grasp that asking a lot of questions unlocks learning and improves interpersonal bonding. In Alison’s studies, for example, though people could accurately recall how many questions had been asked in their conversations, they didn’t intuit the link between questions and liking. Across four studies, in which participants were engaged in conversations themselves or read transcripts of others’ conversations, people tended not to realize that question asking would influence—or had influenced—the level of amity between the conversationalists.