Navigating AWS Route 53 Private Hosted Zones: A Detailed Walkthrough


Understanding Route 53 Private Hosted Zones

Today’s discussion revolves around Route 53 Private Hosted Zones. Before we delve into the intricacies of private hosted zones, we recommend watching our previous video on the Domain Name System (DNS). This foundational knowledge will serve as a prerequisite for understanding the workings of Route 53 hosted zones.

To summarize, AWS Route 53 is a scalable and highly available Domain Name System web service designed to route end-user requests to globally distributed endpoints. In the context of private hosted zones, when you create a Route 53 hosted zone, the service internally associates and allocates four different namespace servers (NS servers). These servers hold zone files, which are essentially records that dictate how domain names are resolved to IP addresses. These records can include A records (IPv4 addresses), AAAA records (IPv6 addresses), CNAME records, MX records, TXT records, and more.

DNS Resolution Path for AWS Instances

When an AWS EC2 instance attempts to resolve a domain name, it follows a specific path. First, it sends a request to the VPC’s DNS resolver (usually at dot-2 address). From there, the DNS request proceeds to the Route 53 resolver. The Route 53 resolver attempts to resolve the domain name from three distinct sources: private DNS, Amazon domains, and public DNS. It follows this order when attempting to resolve the domain. For domain names associated with private hosted zones, it will first check the private DNS, and if found, it returns the corresponding IP address.

One vital piece of information to understand is the significance of the dot (‘.’) in domain names. A domain name with a trailing dot, such as ‘’, ensures that the DNS request always goes to the private DNS resolver and never to Amazon domains or public DNS.

Creating a Private Hosted Zone: A Step-by-Step Guide

Now, let’s move on to the practical demonstration of creating a private hosted zone and mapping it to an IP address. Here’s how it’s done:

1. Access AWS Route 53:

  • Log in to your AWS Management Console.
  • Navigate to AWS Route 53, found under “All Services” > “Network and Content Delivery” > “Route 53.”

2. Create a Private Hosted Zone:

  • In the Route 53 dashboard, select “Hosted Zones.”
  • Click on “Create Hosted Zone.”
  • Choose “Private hosted zone” as your type.
  • Name your hosted zone. For example, we can use “”
  • Associate it with the VPC you intend to use.

3. Create a Record:

  • After creating the hosted zone, you can create an ‘A’ record to map the domain name to an internal IP address.
  • Use the IP address of your EC2 instance within the VPC.

4. Set Time to Live (TTL):

  • When creating a record, set the Time to Live (TTL). This value determines how long the DNS resolution is cached. For instance, set it to 300 seconds.

5. Testing the DNS Resolution:

  • From another AWS EC2 instance within the same VPC, run a DNS resolution request for ‘’
  • You’ll receive the mapped internal IP address in response.

Remember that any changes to the A record might take up to the TTL time (e.g., 300 seconds) to propagate.


In this detailed walkthrough, we’ve explored the mechanics of Route 53 Private Hosted Zones. By creating a private hosted zone, mapping it to an internal IP address, and understanding the DNS resolution path, you can efficiently handle DNS resolution within your AWS environment.

If you have any questions or need further clarification, please don’t hesitate to ask. Feel free to leave your questions in the comments, and we’ll be more than happy to address them. Don’t forget to subscribe, like, and share this video. Thank you for watching, and stay tuned for more enlightening content!

Leave a Comment

Your email address will not be published. Required fields are marked *

Scroll to Top