I was trying to get a private hosted zone to work an resolved server IP addresses with AWS when clients connected via OpenVPN.
The Route53 private hosted zone worked within the servers in my environment, but not the OpenVPN clients.

Per AWS’s own instructions (https://aws.amazon.com/premiumsupport/knowledge-center/r53-private-ubuntu/) I went down a rabbit’s hole of setting up a BIND server to forward the DNS requests to Route 53.

After getting nowhere for a while, I realized I didn’t have to do all that and I decided to just edit the server.conf in OpenVPN and directly add the Route 53 VPC DNS Resolver, in my case it was 10.0.0.2. (You just add 2 to whatever your VPC CIDR block is, ie. 172.0.0.0 would have 172.0.0.2)

So in the end, all I had to do was add the following lines to /etc/openvpn/server.conf

push “dhcp-option DNS 10.0.0.2” (this is the internal Route 53 private DNS server resolveer)
push “dhcp-option DNS 1.1.1.1” (I still set this to Cloudflare for Public DNS resolution)

No need for an additional DNS/BIND server, and all of my private hostnames (ie. server1.local) now resolve within the VPN. Yipee!

Blog