, queries to the Amazon provided DNS server at the 169.254.169.253 IP address, or the reserved IP address at the base of the VPC IPv4 network range plus two will succeed. The Amazon DNS server can resolve private DNS hostnames to private IPv4 addresses for all address spaces, including where the IPv4 address range of your VPC falls outside of the private IPv4 addresses ranges specified by RFC 1918.
Important If you created your VPC before October 2016, the Amazon DNS server does not resolve private DNS hostnames if your VPC's IPv4 address range falls outside of the private IPv4 addresses ranges specified by RFC 1918.
For more information, see Enabling Classic Link DNS Support in the .
Otherwise, private hosted zones do not support transitive relationships outside of the VPC; for example, you cannot access your resources using their custom private DNS names from the other side of a VPN connection.
A public (external) DNS hostname takes the form for other Regions.
We resolve a public DNS hostname to the public IPv4 address of the instance outside the network of the instance, and to the private IPv4 address of the instance from within the network of the instance.
For example, if you want browser requests for to be routed to a web server in your VPC, you'll create an A record in your private hosted zone and specify the IP address of that web server.
For more information about creating a private hosted zone, see Working with Private Hosted Zones in the .
To access resources using custom DNS domain names, you must be connected to an instance within your VPC.
From your instance, you can test that your resource in your private hosted zone is accessible from its custom DNS name by using the command to work.) You can access a private hosted zone from an EC2-Classic instance that is linked to your VPC using Classic Link, provided your VPC is enabled for Classic Link DNS support.