The Domain Name System (DNS) functions like a phone directory. Instead of looking up a person’s name to find their phone number, your computer looks up a domain name to find the corresponding IP address.

This process involves several types of DNS servers, including recursive resolvers, root nameservers, TLD nameservers, and authoritative nameservers like Google 8.8.8.8 or Cloudflare 1.1.1.1 or your home router that forwards DNS query to your Internet Provider’s DNS Server.

For example, if we run nslookup command for my website, valerioagosto.com will be translated into these IP Addresses:

Server:		192.168.1.1
Address:	192.168.1.1#53

Name:	valerioagosto.com
Address: 108.157.188.31
Name:	valerioagosto.com
Address: 108.157.188.54
Name:	valerioagosto.com
Address: 108.157.188.74
Name:	valerioagosto.com
Address: 108.157.188.84

In my case, my website is published by AWS CDN Cloudfront and it responds with many IPs, and DNS server assigned by DHCP router is exactly my home router IP Address.

How DNS Works

When you type a domain name into your browser, a DNS query is initiated to find the corresponding IP address. Here’s a simplified breakdown of the process:

1. DNS Recursor: Acts like a librarian who is asked to find a specific book in a library. It receives the query from the client and makes additional requests to satisfy it.
2. Root Nameserver: The first step in translating the human-readable hostname into an IP address. It directs the query to the appropriate TLD nameserver.
3. TLD Nameserver: Handles the top-level domain part of the query (e.g., .com, .org) and directs it to the authoritative nameserver.
4. Authoritative Nameserver: Provides the final IP address corresponding to the domain name.

AWS Route 53

Amazon Route 53 is a scalable and highly available DNS web service designed to route end-user requests to internet applications. It supports both public and private hosted zones, each serving different purposes. Using Route 53 as service, AWS provide you also Certificate Manager to create a wildcard certificate and sign your HTTPS domains by Amazon as Certified Authority, for free.

Key Differences Between Public and Private Zones

Public Zones

Public hosted zones are used to manage DNS records for a domain that is accessible from the internet. When you create a public hosted zone, Route 53 assigns a set of name servers to the zone, which are then used to resolve DNS queries from anywhere on the internet. I bought valerioagosto.com domain in Route 53 for 11$ per year and in my public zones there are several DNS entries (A Records or CNAME Records) to reach domains and subdomains.

• Accessibility: Accessible from the internet.
• Use Case: Used for domains that need to be publicly accessible, such as websites and web applications.
• Security: DNS records are visible to anyone on the internet.
• Configuration: Configured with public DNS records that route traffic to public IP addresses.

Private Zones

Private hosted zones, on the other hand, are used to manage DNS records within one or more Amazon Virtual Private Clouds (VPCs). These zones are not accessible from the internet and are used for internal DNS resolution within your VPCs. This is particularly useful for scenarios where you need to resolve domain names to private IP addresses within your AWS environment. Private hosted zones costs are 0,50$ per hosted zone.

• Accessibility: Accessible only within specified VPCs.
• Use Case: Used for internal services and applications that should not be exposed to the internet.
• Security: DNS records are only visible within the associated VPCs, enhancing security for internal resources.
• Configuration: Configured with private DNS records that route traffic to private IP addresses within the VPC.

By understanding these differences, you can effectively use AWS Route 53 to manage both your public and private DNS needs, ensuring that your applications are both accessible and secure.