Find answers, ask questions, and connect with our
community around the world.

Home Forums AWS AWS Certified Advanced Networking – Specialty I think you cannot have DNSSEC on Route 53 for DN Service -only for registration Reply To: I think you cannot have DNSSEC on Route 53 for DN Service -only for registration

  • Jon-Bonso

    Administrator
    October 4, 2020 at 7:36 am
    Hi,

    Thank you for posting your question. Route 53 provides two functions:

    1. Domain registration

    2. DNS Service

    DNSSEC is only supported for domain registration and not when you are using Route 53 as your DNS service. If you want to use DNSSEC with Route 53, you have to use another DNS Service provider or set up your own DNS BIND Server.

    This is discussed in the provided explanation:

    Amazon Route 53 supports DNSSEC for domain registration. However, Route 53 does not support DNSSEC for DNS service, regardless of whether the domain is registered with Route 53. If you want to configure DNSSEC for a domain that is registered with Route 53, you must either use another DNS service provider or set up your own DNS server.

    This is supported by the AWS documentation:

    https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/domain-configure-dnssec.html

    I understand that the answer didn’t mention anything about launching your own DNS server. I’ll revise this to: “Set up your own DNS server and enable Domain Name System Security Extensions (DNSSEC) in Amazon Route 53.” to avoid any issues.

    Let us know if you need further assistance. The Tutorials Dojo team is dedicated to help you pass your AWS exam on your first try!

    Regards,

    Jon Bonso @ Tutorials Dojo