{"id":22439,"date":"2015-07-06T11:48:19","date_gmt":"2015-07-06T06:18:19","guid":{"rendered":"http:\/\/www.tothenew.com\/blog\/?p=22439"},"modified":"2015-11-02T21:43:12","modified_gmt":"2015-11-02T16:13:12","slug":"route-53-setting-up-private-hosted-zones-phz","status":"publish","type":"post","link":"https:\/\/www.tothenew.com\/blog\/route-53-setting-up-private-hosted-zones-phz\/","title":{"rendered":"Route 53: Setting up Private Hosted Zones (PHZ)"},"content":{"rendered":"<p>It\u2019s been <a href=\"http:\/\/www.tothenew.com\/devops-aws\">a while since Amazon extended its Route53 service<\/a> by adding a new feature called Private Hosted Zone which works within VPC. We recently started exploring it and thought of sharing our learning through this blog.<\/p>\n<p><strong>Introduction<\/strong>: This feature enables us to route the traffic between various resources present inside a VPC using custom DNS domains and their subdomains keeping the resources masked from the Internet.<\/p>\n<p><strong>Scenario<\/strong>: We will be hosting custom DNS domain name (say www.privatehostedzone.com) in Route53 as a private hosted zone and using it to point to a webserver\u2019s private IP, which is running inside VPC.<\/p>\n<p>Let\u2019s get started by first launching an ec2 instance inside a VPC.<\/p>\n<ol>\n<ol>\n<ol>\n<li>Install any web server on the instance (say Nginx).<\/li>\n<li>To create private hosted zone (<a href=\"http:\/\/www.privatehostedzone.com\">www.privatehostedzone.com<\/a>) in Route53, goto Route53 console and click on \u201cCreate Hosted Zones\u201d.\n<ol>\n<li>A pane on right side will appear and fill the details as follows.<br \/>\n<img decoding=\"async\" loading=\"lazy\" class=\"alignnone size-full wp-image-22442\" src=\"\/blog\/wp-ttn-blog\/uploads\/2015\/07\/phz1.png\" alt=\"phz1\" width=\"416\" height=\"562\" \/><br \/>\n&#8211; Provide a domain name of your choice against \u201c<strong>Domain Name<\/strong>\u201d field.<br \/>\n&#8211; Populate descriptive text against \u201c<strong>Comment<\/strong>\u201d field. This field is optional.<br \/>\n&#8211; In the \u201c<strong>Type<\/strong>\u201d field, from the drop down list select \u201c<em>Private Hosted Zone for Amazon VPC<\/em>\u201d. Once we select it, \u201c<em>VPC ID<\/em>\u201d field would appear.<br \/>\n&#8211; In \u201c<strong>VPC ID<\/strong>\u201d field, select the VPC from the drop down list in which we have launched the web server and click \u201c<strong>Create<\/strong>\u201d.<br \/>\n&#8211; At the bottom of the pane, a highlighted block is advising us to enable DNSHostname and DNSSupport options for the VPC we selected to make things work.<br \/>\n&#8211;\u00a0<strong><b>DNSHostname<\/b> <\/strong>option if set, the ec2 instances get DNS hostnames but not otherwise.<br \/>\n&#8211; <strong><b>DNSSupport<\/b><\/strong> option if set, AWS DNS service inside VPC is enabled else no DNS hostname would be resolved in the VPC.These options can be set in the AWS VPC console as follows.<img decoding=\"async\" loading=\"lazy\" class=\"alignnone size-full wp-image-22444\" src=\"\/blog\/wp-ttn-blog\/uploads\/2015\/07\/phz3.png\" alt=\"phz3\" width=\"495\" height=\"217\" \/>Go to both the options and click \u201c<strong>yes<\/strong>\u201d when a\u00a0dialog box appears to enable them.<br \/>\n<strong><b>Note<\/b>: <\/strong>DNSHostname and DNSSupport options are already enabled for default VPC and VPC created using the\u00a0wizard.<\/li>\n<\/ol>\n<\/li>\n<li>Go to the record sets \u201cprivatehostedzone.com\u201d hosted zone.<\/li>\n<li>Click on \u201c<strong>Create Record Set<\/strong>\u201d to create a new recordset and a pane on the right side will appear. Fill the details as follows.<br \/>\n<img decoding=\"async\" loading=\"lazy\" class=\"alignnone size-full wp-image-22455\" src=\"\/blog\/wp-ttn-blog\/uploads\/2015\/07\/phz2.png\" alt=\"phz2\" width=\"372\" height=\"563\" \/><br \/>\n&#8211; Provide a domain name for this record set in \u201c<strong>Name<\/strong>\u201d field.<br \/>\n&#8211; Since we will be using a private IP address of the web server, select A type record in \u201c<strong>Type<\/strong>\u201d field.<br \/>\n&#8211; In the &#8220;<strong>value<\/strong>&#8221; field, provide the private IP address of the web server and click create.<\/li>\n<li>To test if it is working, login into the web server or any other instance in the VPC and try to resolve the subdomain www.privatehostedzone.com using &#8220;nslookup&#8221; or any other utility. Below is the output of the &#8220;nslookup&#8221; command and it worked.\n<p><img decoding=\"async\" loading=\"lazy\" class=\"alignnone size-full wp-image-22456\" src=\"\/blog\/wp-ttn-blog\/uploads\/2015\/07\/phz4.png\" alt=\"phz4\" width=\"488\" height=\"110\" \/><\/li>\n<\/ol>\n<\/ol>\n<\/ol>\n<p><b><br \/>\n<strong>Limitation:<\/strong><\/b><\/p>\n<p style=\"padding-left: 30px\">AWS Route53 health checks can not be associated with resource records sets in a\u00a0privately hosted zones.<\/p>\n<p><strong>Use cases of Private Hosted Zones(PHZ):<\/strong><\/p>\n<p style=\"padding-left: 30px\">1. Public and Private hosted zones can have the same domain name and can contain same subdomains inside them. Using this flexibility, one internal version of our \u00a0website can be maintained for testing code changes before making them public.<br \/>\n2. Failover could be implemented using PHZs for any component of the application. For example, we have an application connected to a database. Instead of providing IP or endpoint of a database in an application, a PHZ record in the database can be created and used in the application. We can create a script which keeps pinging the database and if anything goes wrong with the database, the script could change the standby database endpoint in the PHZ record.<br \/>\n3. Instead of creating a separate public sub-domain for load test , PHZs could be used to perform load test.<br \/>\n4. For intra-application communication, subdomains defined in PHZs could be used instead of hard-coding server IPs.<br \/>\n5. This feature reprieves the headache of managing our own internal DNS servers.<\/p>\n","protected":false},"excerpt":{"rendered":"<p>It\u2019s been a while since Amazon extended its Route53 service by adding a new feature called Private Hosted Zone which works within VPC. We recently started exploring it and thought of sharing our learning through this blog. Introduction: This feature enables us to route the traffic between various resources present inside a VPC using custom [&hellip;]<\/p>\n","protected":false},"author":154,"featured_media":0,"comment_status":"open","ping_status":"open","sticky":false,"template":"","format":"standard","meta":{"iawp_total_views":50},"categories":[1174,1],"tags":[],"aioseo_notices":[],"_links":{"self":[{"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/posts\/22439"}],"collection":[{"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/posts"}],"about":[{"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/types\/post"}],"author":[{"embeddable":true,"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/users\/154"}],"replies":[{"embeddable":true,"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/comments?post=22439"}],"version-history":[{"count":0,"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/posts\/22439\/revisions"}],"wp:attachment":[{"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/media?parent=22439"}],"wp:term":[{"taxonomy":"category","embeddable":true,"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/categories?post=22439"},{"taxonomy":"post_tag","embeddable":true,"href":"https:\/\/www.tothenew.com\/blog\/wp-json\/wp\/v2\/tags?post=22439"}],"curies":[{"name":"wp","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}