4.48. R53 Private Hosted Zones

What is a private hosted zone in Route 53?

A DNS zone that is only resolvable within associated VPCs. Not accessible from the public internet.

How do private hosted zones differ from public ones?

They function similarly but are only visible to VPCs they are associated with, not globally accessible.

Can private hosted zones be shared across accounts?

✅ Yes, using the CLI or API, private zones can be associated with VPCs in other AWS accounts.

How do you make a private hosted zone accessible to a VPC?

By associating the VPC with the private hosted zone, via console, CLI, or API.

What resolver address is used inside a VPC?

The VPC+2 address (e.g., if VPC CIDR is 10.0.0.0/16, then resolver is 10.0.0.2).

What happens if a VPC is not associated with a private zone?

It cannot resolve any records from that private hosted zone.

What is split-view or split-horizon DNS?

Technique where you define both public and private hosted zones with the same domain name, but serve different records internally vs externally.

What is a common use case for split-view DNS?

Host a company intranet internally (e.g. intranet.company.com) and a public website externally using the same domain.

Can public users access private hosted zones?

❌ No. Records in a private zone are not resolvable via the public DNS system.

Can private and public hosted zones coexist with the same domain?

✅ Yes. AWS supports both zone types for the same domain using split-view DNS.

What type of records can be stored in a private hosted zone?

Same as public zones: A, AAAA, MX, CNAME, TXT, etc.