AWS provides a built-in DNS server for all VPCs. This DNS server is part of the VPC’s networking features and uses Amazon Route 53 under the hood for name resolution.
Every VPC includes a built-in DNS resolver, available at the .2 IP of the VPC’s CIDR range (e.g., 10.0.0.2 for 10.0.0.0/16). This DNS resolves::
- private DNS names of AWS resources in the same region, such as RDS or ElasticCache.
- public DNS names, forwarding to external DNS servers for internet domains.
Role of Route 53
While the VPC DNS server uses Route 53 internally:
- Public Hosted Zones: The VPC DNS server forwards public DNS queries to Route 53’s public resolver or external resolvers as needed.
- Private Hosted Zones: For private zones in Route 53, queries are resolved only if the VPC is explicitly associated with the private zone.
AWS Services and DNS
- EC2:
- The default DNS server is enabled unless explicitly disabled in the VPC settings.
- Applications can use the built-in DNS resolver for seamless access to AWS service endpoints.
- Lambda:
- AWS Lambda functions running in a VPC use the same VPC DNS server for name resolution.
- If the Lambda function needs access to private hosted zones, ensure the VPC is associated with those zones in Route 53.
- EKS (Elastic Kubernetes Service):
- EKS clusters rely on CoreDNS, which forwards DNS queries to the VPC DNS resolver by default.
- This allows pods to resolve both private and public DNS names without additional configuration.
- RDS and Other AWS Services:
- RDS uses private DNS names for internal communication when deployed in the same VPC.
- These DNS names are resolved natively by the VPC’s DNS server.
When You Need to Configure Route 53
- Private Hosted Zones:
- If you create custom DNS records for internal domains, you must associate your VPCs with the private hosted zone in Route 53.
- Custom DNS Setup:
- If using your own DNS server or external resolvers, configure the DHCP options set in the VPC to point to those servers instead of the default resolver.