How do I resolve Route 53 private hosted zones when using an AWS Managed Microsoft AD directory?

Last updated: 2022-02-07

Resources in my AWS Directory Service for Microsoft Active Directory domain can’t resolve DNS records in my Amazon Route 53 private hosted zone. How can I resolve this issue?


By default, DNS queries for private hosted zones are resolved only by the AmazonProvidedDNS server. However, you can configure DNS forwarder settings to send requests destined for the Route 53 private hosted zone to the AmazonProvidedDNS instead.

First, install the Active Directory Domain Services and Active Directory Lightweight Directory Services Tools on a domain joined Amazon Elastic Compute Cloud (Amazon EC2) instance.

Note: In the Features tree, be sure to select both AD DS and AD LDS Tools and DNS Server Tools.

Then, follow these steps:

  1. Log in to the Remote Server Administration Tools (RSAT) instance using the Administrator account.
  2. Open the DNS management tool from Windows Administrative Tools.
  3. Connect to the DNS server using the IP address of one of your Managed AD domain controllers.
  4. Expand DNS, open the context (right-click) menu for the domain name, and then choose Properties.
  5. From the Forwarders tab, edit the IP address of the forwarding servers to point to the AmazonProvidedDNS.
    Note: The AmazonProvidedDNS is the second address of the VPC. For example, if the VPC CIDR is, then the AmazonProvidedDNS is For more information, see Amazon DNS server.
  6. Repeat steps 3 to 5 entering the IP address of each additional domain controller in your Managed AD domain.

Did this article help?

Do you need billing or technical support?