diff --git a/nxrm-aws-resiliency/templates/external-dns-rbac.yml b/nxrm-aws-resiliency/templates/external-dns-rbac.yml
index 948c200..70edb95 100644
--- a/nxrm-aws-resiliency/templates/external-dns-rbac.yml
+++ b/nxrm-aws-resiliency/templates/external-dns-rbac.yml
@@ -58,7 +58,7 @@ spec:
             - --domain-filter={{ .Values.externaldns.domainFilter }} # will make ExternalDNS see only the hosted zones matching provided domain, omit to process all available hosted zones
             - --provider=aws
             - --policy=upsert-only # would prevent ExternalDNS from deleting any records, omit to enable full synchronization
-            - --aws-zone-type=public # only look at public hosted zones (valid values are public, private or no value for both)
+            - --aws-zone-type={{ .Values.externaldns.awsZoneType }} # only look at public hosted zones (valid values are public, private or no value for both)
             - --registry=txt
             - --txt-owner-id=external-dns
           env:
diff --git a/nxrm-aws-resiliency/values.yaml b/nxrm-aws-resiliency/values.yaml
index 1f3863a..ae754c5 100644
--- a/nxrm-aws-resiliency/values.yaml
+++ b/nxrm-aws-resiliency/values.yaml
@@ -5,6 +5,7 @@ namespaces:
   externaldnsNs: nexus-externaldns
 externaldns:
   domainFilter: example.com #your root domain e.g example.com
+  awsZoneType: private # only look at public hosted zones (valid values are public, private or no value for both)
 deployment:
   clusterRegion: us-east-1
   name: nxrm.deployment