Auto-sync: 2026-04-29 00:02
This commit is contained in:
35
wiki/concepts/Private-Hosted-Zone.md
Normal file
35
wiki/concepts/Private-Hosted-Zone.md
Normal file
@@ -0,0 +1,35 @@
|
||||
---
|
||||
title: "Private Hosted Zone"
|
||||
type: concept
|
||||
tags:
|
||||
- AWS
|
||||
- DNS
|
||||
- Networking
|
||||
last_updated: 2026-04-28
|
||||
---
|
||||
|
||||
## Definition
|
||||
|
||||
Private Hosted Zone(PHZ,私有托管区)是 Amazon Route 53 的一项功能,允许在指定的 Amazon VPC 内部解析自定义私有域名(如 `int-sas.local`、`corp.internal`)。与公有托管区不同,PHZ 的DNS记录不对互联网开放,仅在关联的 VPC 内可见。
|
||||
|
||||
## Aliases
|
||||
- Private Hosted Zone
|
||||
- PHZ
|
||||
- AWS 私有托管区
|
||||
|
||||
## Key Characteristics
|
||||
|
||||
- **VPC 范围隔离**:DNS 记录仅在关联的 VPC 内可解析,保证内部域名不暴露
|
||||
- **跨账号关联**:VPC 可与另一个 AWS 账户拥有的 PHZ 关联,但必须先完成"授权(Authorization)"再执行"关联(Association)"
|
||||
- **Resolver 自动优先**:当查询匹配 PHZ 中的域名时,Route 53 Resolver 直接返回 PHZ 记录,不再转发至转发规则
|
||||
- **多 VPC 支持**:一个 PHZ 可关联多个 VPC,支持跨区域(但建议同区域以减少延迟)
|
||||
- **集中化 vs 分散化**:在 Landing Zone 架构中,推荐集中式 DNS 账号管理 PHZ,而非在每个业务账号中分散创建
|
||||
|
||||
## Related Concepts
|
||||
- [[Route-53-Resolver]] — PHZ 依赖 Resolver 进行解析
|
||||
- [[Resolver-Rules]] — 未匹配 PHZ 的查询由 Resolver Rules 转发
|
||||
- [[VPC-Association-Authorization]] — 跨账号 PHZ 关联流程
|
||||
- [[AWS-Landing-Zone]] — 多账号环境下的 PHZ 管理策略
|
||||
|
||||
## Sources
|
||||
- [[ctp-topic-19-configuring-dns-within-aws-lzs]]
|
||||
Reference in New Issue
Block a user