Expand description

When you create a VPC using Amazon VPC, you automatically get DNS resolution within the VPC from Route 53 Resolver. By default, Resolver answers DNS queries for VPC domain names such as domain names for EC2 instances or Elastic Load Balancing load balancers. Resolver performs recursive lookups against public name servers for all other domain names.

You can also configure DNS resolution between your VPC and your network over a Direct Connect or VPN connection:

Forward DNS queries from resolvers on your network to Route 53 Resolver

DNS resolvers on your network can forward DNS queries to Resolver in a specified VPC. This allows your DNS resolvers to easily resolve domain names for AWS resources such as EC2 instances or records in a Route 53 private hosted zone. For more information, see How DNS Resolvers on Your Network Forward DNS Queries to Route 53 Resolver in the Amazon Route 53 Developer Guide.

Conditionally forward queries from a VPC to resolvers on your network

You can configure Resolver to forward queries that it receives from EC2 instances in your VPCs to DNS resolvers on your network. To forward selected queries, you create Resolver rules that specify the domain names for the DNS queries that you want to forward (such as example.com), and the IP addresses of the DNS resolvers on your network that you want to forward the queries to. If a query matches multiple rules (example.com, acme.example.com), Resolver chooses the rule with the most specific match (acme.example.com) and forwards the query to the IP addresses that you specified in that rule. For more information, see How Route 53 Resolver Forwards DNS Queries from Your VPCs to Your Network in the Amazon Route 53 Developer Guide.

Like Amazon VPC, Resolver is Regional. In each Region where you have VPCs, you can choose whether to forward queries from your VPCs to your network (outbound queries), from your network to your VPCs (inbound queries), or both.

If you’re using the service, you’re probably looking for Route53ResolverClient and Route53Resolver.


For Resolver list operations (ListResolverEndpoints, ListResolverRules, ListResolverRuleAssociations, ListResolverQueryLogConfigs, ListResolverQueryLogConfigAssociations), and ListResolverDnssecConfigs), an optional specification to return a subset of objects.

To filter objects, such as Resolver endpoints or Resolver rules, you specify Name and Values. For example, to list only inbound Resolver endpoints, specify Direction for Name and specify INBOUND for Values.

Configuration of the firewall behavior provided by DNS Firewall for a single VPC from Amazon Virtual Private Cloud (Amazon VPC).

High-level information about a list of firewall domains for use in a FirewallRule. This is returned by GetFirewallDomainList.

To retrieve the domains that are defined for this domain list, call ListFirewallDomains.

Minimal high-level information for a firewall domain list. The action ListFirewallDomainLists returns an array of these objects.

To retrieve full information for a firewall domain list, call GetFirewallDomainList and ListFirewallDomains.

A single firewall rule in a rule group.

High-level information for a firewall rule group. A firewall rule group is a collection of rules that DNS Firewall uses to filter DNS network traffic for a VPC. To retrieve the rules for the rule group, call ListFirewallRules.

An association between a firewall rule group and a VPC, which enables DNS filtering for the VPC.

Minimal high-level information for a firewall rule group. The action ListFirewallRuleGroups returns an array of these objects.

To retrieve full information for a firewall rule group, call GetFirewallRuleGroup and ListFirewallRules.

In a CreateResolverEndpoint request, the IP address that DNS queries originate from (for outbound endpoints) or that you forward DNS queries to (for inbound endpoints). IpAddressRequest also includes the ID of the subnet that contains the IP address.

In the response to a GetResolverEndpoint request, information about the IP addresses that the Resolver endpoint uses for DNS queries.

In an UpdateResolverEndpoint request, information about an IP address to update.

The response to a PutResolverQueryLogConfigPolicy request.

The response to a PutResolverRulePolicy request.

A complex type that contains information about a configuration for DNSSEC validation.

In the response to a CreateResolverEndpoint, DeleteResolverEndpoint, GetResolverEndpoint, ListResolverEndpoints, or UpdateResolverEndpoint request, a complex type that contains settings for an existing inbound or outbound Resolver endpoint.

In the response to a CreateResolverQueryLogConfig, DeleteResolverQueryLogConfig, GetResolverQueryLogConfig, or ListResolverQueryLogConfigs request, a complex type that contains settings for one query logging configuration.

In the response to an AssociateResolverQueryLogConfig, DisassociateResolverQueryLogConfig, GetResolverQueryLogConfigAssociation, or ListResolverQueryLogConfigAssociations, request, a complex type that contains settings for a specified association between an Amazon VPC and a query logging configuration.

For queries that originate in your VPC, detailed information about a Resolver rule, which specifies how to route DNS queries out of the VPC. The ResolverRule parameter appears in the response to a CreateResolverRule, DeleteResolverRule, GetResolverRule, ListResolverRules, or UpdateResolverRule request.

In the response to an AssociateResolverRule, DisassociateResolverRule, or ListResolverRuleAssociations request, provides information about an association between a Resolver rule and a VPC. The association determines which DNS queries that originate in the VPC are forwarded to your network.

In an UpdateResolverRule request, information about the changes that you want to make.

A client for the Route53Resolver API.

One tag that you want to add to the specified resource. A tag consists of a Key (a name for the tag) and a Value.

In a CreateResolverRule request, an array of the IPs that you want to forward DNS queries to.


Errors returned by AssociateFirewallRuleGroup

Errors returned by AssociateResolverEndpointIpAddress

Errors returned by AssociateResolverQueryLogConfig

Errors returned by AssociateResolverRule

Errors returned by CreateFirewallDomainList

Errors returned by CreateFirewallRule

Errors returned by CreateFirewallRuleGroup

Errors returned by CreateResolverEndpoint

Errors returned by CreateResolverQueryLogConfig

Errors returned by CreateResolverRule

Errors returned by DeleteFirewallDomainList

Errors returned by DeleteFirewallRule

Errors returned by DeleteFirewallRuleGroup

Errors returned by DeleteResolverEndpoint

Errors returned by DeleteResolverQueryLogConfig

Errors returned by DeleteResolverRule

Errors returned by DisassociateFirewallRuleGroup

Errors returned by DisassociateResolverEndpointIpAddress

Errors returned by DisassociateResolverQueryLogConfig

Errors returned by DisassociateResolverRule

Errors returned by GetFirewallConfig

Errors returned by GetFirewallDomainList

Errors returned by GetFirewallRuleGroupAssociation

Errors returned by GetFirewallRuleGroup

Errors returned by GetFirewallRuleGroupPolicy

Errors returned by GetResolverDnssecConfig

Errors returned by GetResolverEndpoint

Errors returned by GetResolverQueryLogConfigAssociation

Errors returned by GetResolverQueryLogConfig

Errors returned by GetResolverQueryLogConfigPolicy

Errors returned by GetResolverRuleAssociation

Errors returned by GetResolverRule

Errors returned by GetResolverRulePolicy

Errors returned by ImportFirewallDomains

Errors returned by ListFirewallConfigs

Errors returned by ListFirewallDomainLists

Errors returned by ListFirewallDomains

Errors returned by ListFirewallRuleGroupAssociations

Errors returned by ListFirewallRuleGroups

Errors returned by ListFirewallRules

Errors returned by ListResolverDnssecConfigs

Errors returned by ListResolverEndpointIpAddresses

Errors returned by ListResolverEndpoints

Errors returned by ListResolverQueryLogConfigAssociations

Errors returned by ListResolverQueryLogConfigs

Errors returned by ListResolverRuleAssociations

Errors returned by ListResolverRules

Errors returned by ListTagsForResource

Errors returned by PutFirewallRuleGroupPolicy

Errors returned by PutResolverQueryLogConfigPolicy

Errors returned by PutResolverRulePolicy

Errors returned by TagResource

Errors returned by UntagResource

Errors returned by UpdateFirewallConfig

Errors returned by UpdateFirewallDomains

Errors returned by UpdateFirewallRule

Errors returned by UpdateFirewallRuleGroupAssociation

Errors returned by UpdateResolverDnssecConfig

Errors returned by UpdateResolverEndpoint

Errors returned by UpdateResolverRule


Trait representing the capabilities of the Route53Resolver API. Route53Resolver clients implement this trait.