Task Statement 1.2: Design DNS solutions that meet public, private, and hybrid requirements.
📘AWS Certified Advanced Networking – Specialty
1. What Is a Public Hosted Zone?
A public hosted zone in Amazon Route 53 is a DNS database that stores DNS records for a public domain name.
- “Public” means the domain can be resolved from the internet
- It is used when applications must be accessible by internet users
- Route 53 answers DNS queries coming from anywhere on the internet
In simple terms:
A Route 53 public hosted zone tells internet users how to reach public AWS resources like web applications, APIs, or public endpoints.
2. Why Public Hosted Zones Are Important for the Exam
For the Advanced Networking exam, you must understand:
- How public hosted zones work
- When to use them
- How DNS records are configured inside them
- How they integrate with AWS services
- How they support public and hybrid architectures
This topic is core to DNS design questions.
3. Public Hosted Zone and Domain Name Relationship
A public hosted zone is always linked to a domain name, such as:
example.comapi.example.com
Important exam points:
- The domain must be registered (either in Route 53 or another registrar)
- The domain’s name servers must point to Route 53
- Once delegated, Route 53 becomes authoritative for that domain
4. How DNS Resolution Works with Public Hosted Zones
When someone on the internet tries to access a public application:
- A DNS query is sent for a domain name
- The query reaches Route 53 public hosted zone
- Route 53 checks the DNS records
- Route 53 returns the correct IP address or AWS resource target
- The user connects to the application
Key exam idea:
Route 53 public hosted zones provide authoritative DNS answers for public domains.
5. DNS Records Used in Public Hosted Zones
Public hosted zones support all standard DNS record types.
Common Exam-Relevant Record Types
A Record
- Maps a domain name to an IPv4 address
- Example use: public EC2 instance
AAAA Record
- Maps a domain name to an IPv6 address
CNAME Record
- Maps one domain name to another domain name
- Cannot be used at the zone root
Alias Record (AWS-specific and very important)
- Maps a domain name to AWS resources
- No additional DNS cost
- Supports zone apex (root domain)
Alias records are heavily tested in the exam.
6. AWS Resources Commonly Used with Public Hosted Zones
Route 53 public hosted zones are commonly integrated with:
- Application Load Balancers
- Network Load Balancers
- Amazon CloudFront distributions
- Public EC2 instances
- API Gateway
- S3 static website endpoints
Exam focus:
Alias records should be used instead of CNAME records when pointing to AWS resources.
7. Alias Records vs CNAME Records (Very Important)
Alias Records
- AWS-only feature
- Free of charge
- Can be used at root domain
- Automatically update when AWS resource IPs change
CNAME Records
- Standard DNS record
- Cannot be used at root domain
- Requires extra DNS queries
Exam rule to remember:
Always prefer Alias records for AWS resources.
8. Routing Policies in Public Hosted Zones
Route 53 public hosted zones support multiple routing policies to control traffic.
Simple Routing
- One record → one target
- Basic DNS resolution
Weighted Routing
- Distribute traffic by percentage
- Used for gradual traffic shifting
Latency-Based Routing
- Sends users to the region with lowest latency
Failover Routing
- Primary and secondary records
- Uses health checks
Geolocation Routing
- Routes based on user location
Multi-Value Answer Routing
- Returns multiple healthy endpoints
Exam focus:
Routing policies are configured inside public hosted zones.
9. Health Checks with Public Hosted Zones
Route 53 can perform health checks on public endpoints.
Key points:
- Health checks monitor availability
- Used with failover and multi-value routing
- Health checks are performed from multiple AWS locations
- If a target fails, Route 53 stops returning it
Exam tip:
Route 53 health checks work only with public endpoints.
10. Public Hosted Zones in Hybrid Architectures
In hybrid DNS designs:
- Public hosted zones are used for internet-facing names
- Private hosted zones are used for internal names
- The same domain name can exist in both (split-horizon DNS)
Important exam concept:
Public hosted zones answer queries from the internet, while private hosted zones answer queries from VPCs.
11. Security Considerations
DNSSEC Support
- Public hosted zones support DNSSEC
- Protects against DNS spoofing
- Adds cryptographic signing to DNS responses
Exam point:
DNSSEC is supported for public hosted zones only, not private hosted zones.
12. Limits and Design Considerations
Exam-relevant limits:
- One public hosted zone per domain name
- DNS records must follow RFC standards
- TTL values affect caching and propagation time
Design best practices:
- Use lower TTLs for frequently changing records
- Use Alias records for AWS services
- Separate public and private DNS namespaces
13. Cost Considerations (Exam Awareness)
Public hosted zones incur costs for:
- Hosted zone itself
- DNS queries
- Health checks
Alias records do not add extra query cost.
14. Common Exam Scenarios You Should Recognize
You should immediately think of Route 53 public hosted zones when the exam mentions:
- Internet-facing applications
- Public DNS resolution
- Domain names accessible worldwide
- Integration with CloudFront or ALB
- Global traffic routing
- DNS-based failover for public services
15. Key Exam Takeaways (Must Remember)
- Public hosted zones handle internet DNS queries
- They store DNS records for public domains
- Alias records are preferred for AWS services
- Routing policies control how traffic is distributed
- Health checks work with public endpoints
- DNSSEC is supported only for public hosted zones
- Public hosted zones are essential for global and hybrid architectures
