DEV Community

Cover image for Efficient and Cost-Saving Tips for Managing DNS Queries in Your AWS Landing Zone
Lucian Patian for AWS Community Builders

Posted on • Edited on

Efficient and Cost-Saving Tips for Managing DNS Queries in Your AWS Landing Zone

In today's budget-conscious world, finding ways to reduce costs in your AWS Landing Zone is more important than ever. Here, I'll share some practical tips on how to efficiently direct on-premise DNS queries using AWS Route 53, helping you save money.

In this guide, we'll explore how to use outbound endpoints and rules from the Route 53 resolver to effectively manage traffic from all your AWS accounts to your private (on-premise) managed domains, all while keeping expenses low.

In a hybrid DNS setup, you need to query your private (on-premise) DNS servers to get the IP addresses for your private domains. AWS offers a way to set up a Route 53 resolver outbound endpoint along with DNS forwarding rules for each of your private domains.

The outbound endpoint is part of the Route 53 DNS resolver that creates network interfaces inside your VPC. These interfaces help forward queries to your on-premise DNS based on the rules you set.

Image description

A Route 53 resolver rule allows you to specify the IP addresses of your on-premise DNS servers, which will respond with the IPs of your private domains.

Image description

While this setup might seem straightforward, the cost implications are often overlooked. If you look at the top-right corner of the image above, you'll see that the sharing status of this rule is marked as "not shared."

Imagine most of your AWS accounts in the landing zone need access to the same private domains. Creating separate Route 53 resolver rules for each account could lead to a hefty bill.

Here's a cost-saving trick: use the Resource Access Manager service. Create a resource share by selecting the Route 53 Resolver Rules type and add your AWS account IDs in the Shared Principals configuration. This way, all AWS accounts listed can use the same Route 53 rule for your on-premise domain, and you'll only have charges for the network interfaces created in your central account.

The final step is to log into the AWS accounts you added in the Shared Principals configuration, go to Route 53 resolver rules, select the shared rule and attach it to your local VPC.

What strategies do you use to keep costs down in your AWS Landing Zone?

In another article, I discuss how to bypass inbound endpoints from the Route 53 resolver and forward traffic from your on-premise DNS to your Route 53 private zone files at no cost.

Image of Datadog

How to Diagram Your Cloud Architecture

Cloud architecture diagrams provide critical visibility into the resources in your environment and how they’re connected. In our latest eBook, AWS Solution Architects Jason Mimick and James Wenzel walk through best practices on how to build effective and professional diagrams.

Download the Free eBook

Top comments (0)

Best Practices for Running  Container WordPress on AWS (ECS, EFS, RDS, ELB) using CDK cover image

Best Practices for Running Container WordPress on AWS (ECS, EFS, RDS, ELB) using CDK

This post discusses the process of migrating a growing WordPress eShop business to AWS using AWS CDK for an easily scalable, high availability architecture. The detailed structure encompasses several pillars: Compute, Storage, Database, Cache, CDN, DNS, Security, and Backup.

Read full post

👋 Kindness is contagious

Please leave a ❤️ or a friendly comment on this post if you found it helpful!

Okay