Hosted Zones

Public and Private DNS Zone Management

Public Hosted Zones

Public hosted zones respond to DNS queries from the internet for a particular domain.

Internet-facing: Resolves queries from anywhere on the internet
Domain registration: Works with registered domains
Name servers: AWS provides 4 name servers
Cost: $0.50 per hosted zone per month

Private Hosted Zones

Private hosted zones respond to DNS queries within one or more VPCs that you specify.

VPC-specific: Only resolves within associated VPCs
Internal domains: Use custom domain names internally
Cross-VPC: Can associate with multiple VPCs
Security: Not accessible from internet

Split-View DNS

Use the same domain name for both public and private hosted zones to provide different responses based on the source of the query.

Public Zone Response

External users get public IP addresses

// External query
example.com → 203.0.113.1

Private Zone Response

VPC users get private IP addresses

// VPC query
example.com → 10.0.1.100

Best Practices

Naming Convention

Use descriptive names for hosted zones and maintain consistent naming patterns

VPC Association

Associate private zones with specific VPCs and enable DNS resolution

Monitoring

Monitor query logs and set up CloudWatch alarms for DNS failures

Exam Strategy Tip

Remember: Public hosted zones are for internet-facing domains, private hosted zones are for VPC-internal resolution. Split-view DNS allows same domain to resolve differently for internal vs external users.

Previous: DNS Fundamentals Next: Routing Policies