diff --git a/provider/aws.go b/provider/aws.go
index a9664acab..fbc3ca84e 100644
--- a/provider/aws.go
+++ b/provider/aws.go
@@ -449,7 +449,7 @@ func suitableZones(hostname string, zones map[string]*route53.HostedZone) []*rou
 	var publicZone *route53.HostedZone
 
 	for _, z := range zones {
-		if strings.HasSuffix(hostname, aws.StringValue(z.Name)) {
+		if aws.StringValue(z.Name) == hostname || strings.HasSuffix(hostname, "."+aws.StringValue(z.Name)) {
 			if z.Config == nil || !aws.BoolValue(z.Config.PrivateZone) {
 				// Only select the best matching public zone
 				if publicZone == nil || len(aws.StringValue(z.Name)) > len(aws.StringValue(publicZone.Name)) {
diff --git a/provider/aws_test.go b/provider/aws_test.go
index f350a288a..f873f5af2 100644
--- a/provider/aws_test.go
+++ b/provider/aws_test.go
@@ -783,6 +783,12 @@ func TestAWSSuitableZones(t *testing.T) {
 	}{
 		{"foo.bar.example.org.", []*route53.HostedZone{zones["example-org-private"], zones["bar-example-org-private"], zones["bar-example-org"]}},
 		{"foo.example.org.", []*route53.HostedZone{zones["example-org-private"], zones["example-org"]}},
+
+		// bar.example.org is NOT suitable
+		{"foobar.example.org.", []*route53.HostedZone{zones["example-org-private"], zones["example-org"]}},
+
+		// all matching private zones are suitable (i'm not sure why)
+		{"bar.example.org.", []*route53.HostedZone{zones["example-org-private"], zones["bar-example-org-private"], zones["bar-example-org"]}},
 		{"foo.kubernetes.io.", nil},
 	} {
 		suitableZones := suitableZones(tc.hostname, zones)