I was trying to get a private hosted zone to work an resolved server IP addresses with AWS when clients connected via OpenVPN.
The Route53 private hosted zone worked within the servers in my environment, but not the OpenVPN clients.

Per AWS’s own instructions (https://aws.amazon.com/premiumsupport/knowledge-center/r53-private-ubuntu/) I went down a rabbit’s hole of setting up a BIND server to forward the DNS requests to Route 53.

After getting nowhere for a while, I realized I didn’t have to do all that and I decided to just edit the server.conf in OpenVPN and directly add the Route 53 VPC DNS Resolver, in my case it was (You just add 2 to whatever your VPC CIDR block is, ie. would have

So in the end, all I had to do was add the following lines to /etc/openvpn/server.conf

push “dhcp-option DNS” (this is the internal Route 53 private DNS server resolveer)
push “dhcp-option DNS” (I still set this to Cloudflare for Public DNS resolution)

No need for an additional DNS/BIND server, and all of my private hostnames (ie. server1.local) now resolve within the VPN. Yipee!

Skip to content