AWS News Blog

Route 53 Update – Private DNS and More

Amazon Route 53 is a highly available and scalable Domain Name Service. As you probably know, it translates domain names in to numerical IP addresses. This level of indirection allows you to refer to a computer by its name (which usually remains the same for an extended period of time) instead of by its address (which could change from minute to minute for any number of reasons).

Up until now, the primary use for [r53_u] is for lookup of global, public names. While it was sometimes possible to use it for private names within an Amazon Virtual Private Cloud (Amazon VPC), the names were still globally visible, even if the IP addresses were internal to the VPC and hence unreachable.

Today we are announcing Private DNS for Route 53. You can now easily manage authoritative DNS within your Virtual Private Clouds. This allows you to use custom DNS names for your internal resources without exposing the names or IP addresses to the public Internet.

As part of today’s launch, we are upgrading the AWS Management Console so that it provides you with additional information when a health check fails. We are also announcing support for reusable delegation sets. This will simplify management of name servers when you are using Route 53 to manage multiple domains.

Let’s take a look at each of these new features!

Private DNS
You can now use Route 53 to manage the internal DNS names for your application resources (web servers, application servers, databases, and so forth) without exposing this information to the public Internet. This adds an additional layer of security, and also allows you to fail over from a primary resource to a secondary one (often called a “flip”) by simply mapping the DNS name to a different IP address.

Route 53 also allows you set up Split-horizon DNS. Once set up, a given DNS name will map to one IP address when a lookup is initiated from within a VPC, and to a different address when the lookup originates elsewhere.

You can get started with Route 53 Private DNS by creating a Route 53 Hosted Zone, choosing the Private Hosted Zone option, and designating a VPC:

The console will display the type of each of your hosted zones:

To learn, read the documentation for Working with Private Hosted Zones.

Reusable Delegation Sets
When you use Route 53 to host DNS for a domain, it sets up four authoritative name servers collectively known as a delegation set. As part of today’s release we are simplifying domain management by allowing you to use the same delegation set for any number of your domains. This is a somewhat advanced, API-only feature that can prove to be useful in a couple of different ways:

  • If you are moving a large group of domains from another provider to Route 53, you can provide them with a single list of four name servers and have them applied to all of the domains that you are moving.
  • You can create generic “white label” name servers such as and, use them in your delegation set, and point them to your actual Route 53 name servers.

To learn more, read the API documentation for Actions on Reusable Delegation Sets.

Health Check Failure Reasons
We introduced Health Checks for Route 53 last year and added editing and tagging of health checks earlier this year. We are now extending this feature again and are making the results of each health check available in the Console and the Route 53 API. Here’s how they appear in the Console:

Note that the health checks cannot connect with services that are running within a private subnet of a VPC. Similarly, Route 53 Private DNS records cant be associated with health checks.

Go For It
These features are available now and you can start using them today!