Task Statement 1.2: Design DNS solutions that meet public, private, and hybrid requirements.
📘AWS Certified Advanced Networking – Specialty
1. What Is Domain Registration?
Domain registration is the process of buying and owning a domain name (for example, example.com) so that it can be used in DNS.
In an AWS DNS design, domain registration is the first step before:
- Creating public DNS records
- Routing traffic to AWS services
- Integrating on-premises and cloud DNS (hybrid DNS)
Without a registered domain:
- Public DNS records cannot be resolved on the internet
- Applications cannot be accessed using domain names
2. Domain Registration in AWS
AWS provides Amazon Route 53 as a domain registrar.
Using Route 53, you can:
- Register new domains
- Transfer existing domains
- Manage DNS records
- Integrate DNS with AWS services
Important exam point:
Route 53 can act as both:
- A domain registrar
- A DNS service
These are separate concepts, but Route 53 supports both.
3. Domain Registration vs DNS Hosting (Very Important for Exam)
| Feature | Domain Registration | DNS Hosting |
|---|---|---|
| Purpose | Own the domain name | Resolve domain names |
| Example | Register example.com | Create A, AAAA, CNAME records |
| Service | Route 53 Registrar | Route 53 Hosted Zones |
| Mandatory | Yes for public domains | Yes to resolve names |
Exam trap:
Registering a domain does NOT automatically create DNS records.
You must create a hosted zone separately.
4. Public vs Private Domains
4.1 Public Domains
Public domains:
- Are accessible from the internet
- Use public DNS
- Must be registered with a domain registrar
Examples:
company.comapp.example.org
Key points:
- Public domains are registered with Route 53 or another registrar
- Public hosted zones resolve DNS over the internet
- Required for public-facing applications
4.2 Private Domains
Private domains:
- Are not registered with a public registrar
- Exist only inside private networks
- Are resolved using private hosted zones
Examples:
internal.companycorp.local
Key points:
- No domain registration is required
- Used for internal AWS or hybrid environments
- Resolution happens inside VPCs or connected networks
Exam rule:
You cannot register private domains like .local with Route 53 registrar.
5. Domain Registration and Route 53 Hosted Zones
When you register a domain using Route 53:
- AWS creates a public hosted zone
- AWS assigns four authoritative name servers
- These name servers are linked to the domain
You must:
- Add DNS records manually (A, AAAA, CNAME, etc.)
- Or integrate with AWS services automatically
Key exam concept:
The registered domain must point to Route 53 name servers to work correctly.
6. Domain Registration and Name Servers
What Are Name Servers?
Name servers:
- Answer DNS queries for a domain
- Are authoritative for the domain
When using Route 53:
- AWS provides name servers
- These must be configured correctly
Exam Focus
- If domain is registered outside AWS, you must:
- Update the registrar’s name servers to Route 53
- If domain is registered inside AWS, Route 53 handles this automatically
7. Domain Registration in Hybrid DNS Architectures
Hybrid DNS means:
- AWS + on-premises DNS working together
How Domain Registration Fits
- Public domains are still registered normally
- Private domains are resolved internally
- Split-horizon DNS is often used
Split-Horizon DNS
Split-horizon DNS means:
- Same domain name
- Different DNS responses based on location
Example (IT-focused):
- Internet users resolve to public IPs
- Internal users resolve to private IPs
Exam point:
Domain registration remains public, but resolution behavior differs.
8. Domain Transfer to Route 53
Route 53 allows:
- Transferring domains from another registrar
- Keeping DNS hosting unchanged or moved
Key requirements:
- Domain must be unlocked
- Authorization code is required
- Transfer does not change DNS records automatically
Exam tip:
Transferring a domain does not interrupt DNS resolution if done correctly.
9. Supported and Unsupported Domain Types
Supported:
- Common TLDs (
.com,.net,.org, etc.) - Country-specific TLDs (varies)
Unsupported:
- Internal-only domains
.local.internal
Exam rule:
Private hosted zones do not require domain registration.
10. Security and Domain Registration
DNS Security Features Relevant to Registration
- WHOIS privacy protection
- Domain lock to prevent unauthorized transfer
- DNSSEC support (for DNS integrity)
Important:
DNSSEC is configured at the DNS level, not during registration, but registration must support it.
11. Cost and Lifecycle Considerations (Exam Level)
- Domain registration has annual cost
- Renewal is automatic unless disabled
- Expired domains stop resolving
Exam point:
Expired domains cause:
- Public DNS resolution failure
- Application downtime
12. Common Exam Scenarios
You should know how to answer questions like:
- When is domain registration required?
- Difference between registrar and DNS service
- Public vs private hosted zones
- How hybrid DNS uses registered domains
- What happens if name servers are misconfigured
- When Route 53 registrar is optional
13. Key Exam Takeaways (Must Remember)
- Domain registration is required for public DNS
- Route 53 can act as registrar and DNS service
- Registration and DNS hosting are separate steps
- Private hosted zones do not need registration
- Hybrid DNS still uses public domain registration
- Name servers must match hosted zone values
14. One-Line Exam Summary
Domain registration is the process of owning a public domain name so that DNS services like Route 53 can resolve it globally, while private and hybrid DNS designs use registered public domains together with internal DNS resolution mechanisms.
