0

This is related to this question.

In AWS Route 53 FAQ, it is stated:

Q: Can I create multiple hosted zones for the same domain name?

Yes. Creating multiple hosted zones allows you to verify your DNS setting in a “test” environment, and then replicate those settings on a “production” hosted zone. For example, hosted zone Z1234 might be your test version of example.com, hosted on name servers ns-1, ns-2, ns-3, and ns-4. Similarly, hosted zone Z5678 might be your production version of example.com, hosted on ns-5, ns-6, ns-7, and ns-8. Since each hosted zone has a virtual set of name servers associated with that zone, Route 53 will answer DNS queries for example.com differently depending on which name server you send the DNS query to.

I understand this statement. However, since AWS has a finite number of name severs, if I (or someone else, let's say 1 million other accounts) create too many zones with the same name, eventually one of them will share a name server with my zone. Isn't there a problem when one name server hosts two zones with the same name? How, hypothetically, can AWS handle this case?

Improve this question
3
  • 1
    Considering that AWS owns multiple /8's worth of IPv4 addresses, I'm thinking they might just spin up more nameservers automatically... Commented Jul 17 at 8:07
  • @grawity You maybe right. I am underestimating the scale of AWS here. Commented Jul 17 at 8:22
  • 1
    (I mean, it is true that they would run out at some point, but – of course without any knowledge as to how things work at AWS – I'd also expect 1) some limits as to how many zones an account may have, maybe from internal planning depending on how many NS they expect to have in total, and 2) perhaps someone from the abuse dept. contacting the customer, or just a very high bill.) Commented Jul 17 at 8:25

1 Answer 1

Reset to default
1

I think the key part in their answer is

each hosted zone has a virtual set of name servers associated with that zone

"Virtual set of name servers" doesn't mean they have a whole set of physical ones running just for you. That wouldn't scale very well financially. They probably could, from an infrastructure perspective, but it wouldn't make sense.

I can imagine very well that this could be solved by running DNS servers in, let's say, Docker containers.

Also keep in mind that there's a difference between public hosted zones and private hosted zones in AWS' Route53.

Public hosted zones you need to verify your ownership on before you can create DNS records for them. These are also the ones that can be accessed from outside your account, therefore making them public. By having to verify your ownership, it's ensured that there are never two zones with the same name managed by unrelated name servers.

Private hosted zones only exist in your account. Outside of it, no one else can see what private zones you have nor resolve DNS records you create in them. The only place where they can be resolved is within your account. Therefore, the software-defined networking of VPCs, etc. applies for them.

The above and the knowledge that AWS makes you pay a small fee per hosted zone, no matter whether private or public, makes it clear that the actual infrastructure behind it can't be too big.

I mean, DNS doesn't really need a lot of resources anyway, especially for a single zone. And should your traffic exceed what is covered with that fee, I'd argue the probability is high that you have more infrastructure on AWS, and cover the cost for this tiny part in other ways anyway.

Improve this answer
Sign up to request clarification or add additional context in comments.

Comments

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.