Private Hosted Zone

Hosted Zones:

A Hosted Zone is a collection of resource record set for a specified domain. So, basically, we create a hosted zone for a particular domain and then we create resource record set to tell the domain name system how we want traffic to be routed for that domain.

There are two types of Hosted Zones available:

1. Public Hosted Zones: Used to register a domain name globally.
   Learn Public Hosted Zone...
2. Private Hosted Zones: As we are creating this locally, this could be any name.

In traditional data center there are two types of DNS servers:

1. Local DNS: which is inside OS, named /etc/host file
2. Global DNS: Used globally to convert the name to IP and IP to name.

To run our Database Server, which is in Private Network, generally we use its IP. But, if we want to run this Database Server with a name, for an example we can take 'db.google.com', we need to follow the steps:

1. Create a Windows Jump Server
2. Create a Windows instance in private subnet
3. Enable DNS Hostname and DNS Support
4. Host private zone named 'google.com'
5. Create A-record for google.com
6. Try to login to the Database Server using name 'db.google.com'

Step 1: Create a Windows Jump Server:

AWS ➔ Services ➔ EC2 ➔ Instances ➔ Launch Instance ➔ [*] Free Tier only ➔ Select 'Amazon Windows' AMI ➔ Instance Type: t2.micro ➔ Next ➔ Number of instances: 1 ➔ Network: select default VPC or own created VPC ➔ Subnet: select the public subnet ➔ Auto-assign Public IP: Enabled (already enabled as I have enabled it at the time of creation of public subnet) ➔ Next ➔ Next: tags ➔ Name: Win-Jump-Server ➔ Next: SG ➔ [*] Create a new Security Group or select an existing one which enables port number 3389 for RDP ➔ Review and Launch ➔ Launch ➔ Create a new key-pair OR select any existing one ➔ Launch Instances ➔ View Instances.

Get Password:

Select Public Instance ➔ Actions ➔ Get Windows Password ➔ Browse ➔ Provide Private Key with '.pem' extension ➔ Open ➔ Decrypt Password ➔ Copy password in notepad ➔ Close.

Step 2: Create a Windows instance in private subnet

AWS ➔ Services ➔ EC2 ➔ Instances ➔ Launch Instance ➔ [*] Free Tier only ➔ Select 'Amazon Windows' AMI ➔ Instance Type: t2.micro ➔ Next ➔ Number of instances: 1 ➔ Network: select default VPC or own created VPC ➔ Subnet: Private Subnet ➔ Next ➔ Next: tags ➔ Name: Win-pvt-instance ➔ Next: SG ➔ [*] Create a new Security Group or select an existing one which enables port number 3389 for RDP ➔ Review and Launch ➔ Launch ➔ Create a new key-pair OR select any existing one ➔ Launch Instances ➔ View Instances.

Get Password:

Select Private Instance ➔ Actions ➔ Get Windows Password ➔ Browse ➔ Provide Private Key with '.pem' extension ➔ Open ➔ Decrypt Password ➔ Copy password in notepad ➔ Close.

Step 3: Enable DNS Hostname and DNS Support: 

AWS ➔ Services ➔ VPC ➔ Your VPCs ➔ Select your VPC you chose ➔ Actions ➔Edir DNS Resolutions ➔ [*] enable ➔ Save.

AWS ➔ Services ➔ VPC ➔ Your VPCs ➔ Select your VPC you chose ➔ Actions ➔Edir DNS Hostnames ➔ [*] enable ➔ Save.

Step 4: Host private zone named 'google.com':

AWS ➔ Services ➔ Route 53 ➔ DNS Management: Get started now ➔ Create Hosted Zone ➔ Create Hosted Zone ➔ Domain Name: google.com ➔ Comment: for testing purpose ➔ Type: Private Hosted Zone for Amazon VPC ➔ VPC ID: (select your VPC, as I am selecting 'webshack-vpc' ➔ Create.

As a result, this will provide one SOA and four Nameservers. We got nameservers for google.com, it doesn't mean we are going to do the resolution of main google.com, which is available on the Internet. We just use this for our private Database Server, which we names as google.com.

Step 5: Create A-record set for google.com:

AWS ➔ Services ➔ Route 53 ➔ Hosted Zones ➔ Select hosted zone, named 'google.com' ➔ Go to Record Sets ➔ Create Record Set ➔ Name: db (do not provide dot, it will automatically appear as you type something in text box) ➔ Type: A-IPv4 Address ➔ Alias: [*] No ➔ TTL (second): leave default (it means how much time query will live) ➔ Value: provide private IP of Database Server ➔ Routing policy: Simple ➔ Create.

Fig: Record-set

As a result, this will provide us A-record for our Database server, named 'google.com'.

Step 6: Try to login to the Database Server using name 'db.google.com':

To login to the Database server, first, we need to login to the Jump Server:

Run ➔ type 'mstsc' ➔ provide public IP of 'Win-Jump-Server' ➔ Connect ➔ Username: admin ➔ Password ➔ (copy password from notepad, where you copied) ➔ Connect.

Now, login Database server from Jump Server:

Click on Run in Jump Server ➔ type 'mstsc' ➔ computer: 'db.google.com' ➔ Connect ➔ Username: admin ➔ Password ➔ (copy password from notepad, where you copied) ➔ Connect.

Fig: db.google.com

This is asking for username, means we are able to reach Database Server. Provide username and password and access.