AWS Security ChangesHomeSearch

AWS Route53 documentation change

Service: Route53 · 2025-07-01 · Documentation low

File: Route53/latest/DeveloperGuide/resolver-forwarding-inbound-queries.md

Summary

Added guidance about creating NS records for DNS delegation to inbound endpoints

Security assessment

Operational guidance about DNS configuration without explicit security implications. While proper DNS configuration is important for security, this change doesn't address vulnerabilities or document security features.

Diff

diff --git a/Route53/latest/DeveloperGuide/resolver-forwarding-inbound-queries.md b/Route53/latest/DeveloperGuide/resolver-forwarding-inbound-queries.md
index 8321e1cad..a1bf0c770 100644
--- a//Route53/latest/DeveloperGuide/resolver-forwarding-inbound-queries.md
+++ b//Route53/latest/DeveloperGuide/resolver-forwarding-inbound-queries.md
@@ -8,0 +9,2 @@ To forward DNS queries from your network to Resolver, you create an inbound endp
+When implementing inbound delegation, you're delegating DNS authority for a subdomain from your on-premises DNS infrastructure to Route 53 Resolver. To properly configure this delegation, you must use the inbound endpoint's IP addresses as glue records (NS records) on your on-premises name server for the subdomain being delegated. For example, if you're delegating the subdomain "aws.example.com" to Route 53 Resolver through an inbound delegation endpoint with IP addresses 10.0.1.100 and 10.0.1.101, you would create NS records on your on-premises DNS server pointing "aws.example.com" to these IP addresses. This makes sure that DNS queries for the delegated subdomain are properly routed to the Route 53 Resolver via the inbound endpoint, allowing the Resolver to respond with records from the associated private hosted zone.
+