AWS Certified Advanced Networking - Specialty: Troubleshooting DNS Queries in a Hybrid Connectivity Setup

Resolving DNS Query Failures in a Hybrid Connectivity Setup

Prev Question Next Question

Question

A food production company is having hybrid connectivity between regional Data Centre & AWS VGW using AWS Direct Connect link.

VPC A & VPC B is created to deploy multiple servers accessed by users in regional offices.

A private hosted zone is created for a new domain hosted on one of the servers in VPC B.

Route 53 Resolver inbound endpoint is created in VPC A for a large volume of DNS queries from users in regional offices.

These users are complaining of DNS queries failing for domains created in a private hosted zone but working for other domains hosted in VPC.Which of the following actions need to be taken to resolve the issue?

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

Correct Answer - C.

It should be in the same VPC where Route 53 Resolver inbound endpoint is created for Private Hosted zones.

In the above case, Route 53 Resolver inbound endpoint is created in VPC A.

So, a private hosted zone needs to be created in this VPC A.Option A is incorrect as Creating another endpoint in VPC A will not resolve issues faced by users for private hosted zones in VPC.

B.

Also, for loaded endpoints, the best practice is to add an additional IP address to the endpoint instead of creating a new endpoint.

Option B is incorrect as VPC peering is not required to be enabled for sharing inbound endpoints between VPCs.

Option D is incorrect as these attributes need to be set for the VPC to enable DNS resolution on instances launched within VPC.

These attributes will be required at VPC, but this will not cause query failures for on-premises users to sub-domain names.

For more information on AWS Route 53 Resolver inbound endpoints, refer to the following URL.

https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resolver.html#resolver-considerations-inbound-endpoint-private-zone

The issue at hand is that DNS queries for domains created in a private hosted zone are failing for users in regional offices, while queries for other domains hosted in VPC are working fine. To resolve this issue, we need to consider the different options and their implications.

Option A: The existing Inbound endpoint is loaded, implementing another inbound endpoint in VPC A to cater traffic from on-premises users to private hosted zones.

This option suggests that we should load balance the existing inbound endpoint and implement another inbound endpoint in VPC A to cater traffic from on-premises users to private hosted zones. This approach can potentially solve the issue if there is a high volume of DNS queries and the existing inbound endpoint is not able to handle the load. However, this does not address the root cause of the issue.

Option B: VPC peering needs to be enabled between VPC A & VPC B.

This option suggests that we should enable VPC peering between VPC A and VPC B. VPC peering enables communication between instances in different VPCs using private IP addresses. However, this option does not address the issue with the DNS queries failing for domains created in a private hosted zone.

Option C: Private Hosted Zone needs to be created in VPC A, where an inbound endpoint is created.

This option suggests that we should create a private hosted zone in VPC A where an inbound endpoint is created. This approach can potentially solve the issue as it ensures that DNS queries for the private hosted zone are resolved within the VPC. However, this may involve additional configuration steps, such as updating the DNS resolver configuration for the regional offices to ensure they can resolve DNS queries for the private hosted zone.

Option D: enableDnsHostnames & enableDnsSupport need to be enabled in VPC.

This option suggests that we should enable the VPC attributes "enableDnsHostnames" and "enableDnsSupport" in VPC. This approach can potentially solve the issue if these attributes were not previously enabled, as they are required for the correct resolution of DNS queries in VPCs.

In conclusion, the best option to resolve the issue with DNS queries failing for domains created in a private hosted zone for users in regional offices is Option C, which involves creating a private hosted zone in VPC A where an inbound endpoint is created. However, it is important to ensure that all the necessary configuration steps are taken to ensure that DNS queries can be resolved correctly by the users in regional offices.