AWS Security ChangesHomeSearch

AWS Route53 documentation change

Service: Route53 · 2025-10-16 · Documentation low

File: Route53/latest/DeveloperGuide/DeleteHostedZone.md

Summary

Added error details about DNSSEC and resource record requirements when deleting hosted zones

Security assessment

The change documents DNSSEC-related constraints during deletion but does not address a specific vulnerability. DNSSEC is a security feature, so this adds security documentation.

Diff

diff --git a/Route53/latest/DeveloperGuide/DeleteHostedZone.md b/Route53/latest/DeveloperGuide/DeleteHostedZone.md
index f2fcafb4b..8a2e020e7 100644
--- a//Route53/latest/DeveloperGuide/DeleteHostedZone.md
+++ b//Route53/latest/DeveloperGuide/DeleteHostedZone.md
@@ -58,0 +59,8 @@ To use the Route 53 console to delete a public hosted zone, perform the followin
+###### Note
+
+If you attempt to delete the hosted zone without completing these requirements, Route 53 will return an error:
+
+     * If DNSSEC signing is enabled: **`The specified hosted zone contains DNSSEC Key Signing Keys and so cannot be deleted`**
+
+     * If other resource record sets exist (other than the default SOA and NS records): **`The specified hosted zone contains non-required resource record sets and so cannot be deleted`**
+