Route 53 – Public vs. Private Hosted Zones

Public Hosted Zone

• Routes DNS traffic over the public Internet.

• Clients receive public IP addresses.

• Typical resources:
• S3 bucket (static website hosting)
• CloudFront distribution
• EC2 instance with a public IP
• Application Load Balancer

• Example: example.com → 54.22.33.44

Private Hosted Zone

• Routes DNS traffic within one or more VPCs only.

• Uses private IP addresses; resources are not accessible from the Internet.

• Example:
• webapp.example.internal → 10.0.0.10 (EC2)
• api.example.internal → 10.0.0.35 (EC2)
• db.example.internal → Private RDS endpoint

• Queries resolve only from inside the VPC.

Key Difference

• Public Hosted Zone → Internet-facing DNS resolution.

• Private Hosted Zone → Internal VPC DNS resolution.