Deploying internal DNS zones for internet-facing load balancers
Networking & Content Delivery Blog
This article explains how to deploy internal DNS zones for internet-facing load balancers using Route 53, EventBridge, Lambda, and DynamoDB.
- Internet-facing load balancers only resolve to public IPs, causing issues with DNS-based firewall rules
- Solution uses Route 53 private hosted zones to provide internal IP resolution for load balancers
- CloudTrail events trigger EventBridge rules to capture load balancer lifecycle changes
- Lambda functions (r53-scavenger and r53-updater) manage DNS record creation, updates, and deletion
- DynamoDB table tracks load balancer to IP mappings across accounts
- Supports multi-account environments using AWS Organizations
- Enables DNS queries to resolve internet-facing load balancers to internal-only addresses
This solution simplifies internal firewall routing and split DNS scenarios by automatically maintaining internal DNS records for internet-facing load balancers across multi-account AWS environments.
The AWS News Feed is currently looking for gold sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.
Related articles
Feb 13
2025
2025
Exploring new subnet management capabilities of Network Load Balancer
Oct 11
2024
2024
Cross-zone enabled Network Load Balancer now supports zonal shift and zonal autoshift
Apr 22
2024
2024
Using Protective DNS services with AWS workloads
Aug 30
2023
2023
Now deploy Gateway Load Balancer Endpoint between virtual private gateway and subnets in Amazon VPC
The AWS News Feed is currently looking for silver sponsors. If you want to support the AWS community and reach a large audience of AWS professionals, consider sponsoring the AWS News Feed.