Skip to main content

Howto: Point AWS to Umbrella with new Route 53 Feature



  • patrick.marr

    Note: this will forward everything to Umbrella. 

    The creation of the "." forwarding rule overrides all other rules. 

    If you have an environment where you want some domains like forwarded on on-prem resolvers, this will send those requests to Umbrella. 

    So the setup suggested here did not work for us. We want R53 to send our internal requests to our private DNS servers, and we want R53 to send all others to Umbrella.

    It seems the only way to do this is to use VAs... 


  • vittorio.garbellotto

    The guide MISS a step as indicated in


    If you create a conditional forwarding rule for "." (dot) or "com", we recommend that you also create a system rule for (System rules cause Resolver to locally resolve DNS queries for specific domains and subdomains.) Creating this system rule improves performance, reduces the number of queries that are forwarded to your network, and reduces Resolver charges." and it also DOES NOT BREAK YOUR VPC endpoints

    Second point, the IPs to register in Umbrella console are the public IPs of the NAT instance/gateway/service connected to the subnets where the endpoints have been created.


Please sign in to leave a comment.