Resolving DNS Query Failures in a Hybrid Connectivity Setup

Correct Answer - C.

It should be in the same VPC where Route 53 Resolver inbound endpoint is created for Private Hosted zones.

In the above case, Route 53 Resolver inbound endpoint is created in VPC A.

So, a private hosted zone needs to be created in this VPC A.Option A is incorrect as Creating another endpoint in VPC A will not resolve issues faced by users for private hosted zones in VPC.

B.

Also, for loaded endpoints, the best practice is to add an additional IP address to the endpoint instead of creating a new endpoint.

Option B is incorrect as VPC peering is not required to be enabled for sharing inbound endpoints between VPCs.

Option D is incorrect as these attributes need to be set for the VPC to enable DNS resolution on instances launched within VPC.

These attributes will be required at VPC, but this will not cause query failures for on-premises users to sub-domain names.

For more information on AWS Route 53 Resolver inbound endpoints, refer to the following URL.

https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resolver.html#resolver-considerations-inbound-endpoint-private-zone

The issue at hand is that DNS queries for domains created in a private hosted zone are failing for users in regional offices, while queries for other domains hosted in VPC are working fine. To resolve this issue, we need to consider the different options and their implications.

Option A: The existing Inbound endpoint is loaded, implementing another inbound endpoint in VPC A to cater traffic from on-premises users to private hosted zones.

This option suggests that we should load balance the existing inbound endpoint and implement another inbound endpoint in VPC A to cater traffic from on-premises users to private hosted zones. This approach can potentially solve the issue if there is a high volume of DNS queries and the existing inbound endpoint is not able to handle the load. However, this does not address the root cause of the issue.

Option B: VPC peering needs to be enabled between VPC A & VPC B.

This option suggests that we should enable VPC peering between VPC A and VPC B. VPC peering enables communication between instances in different VPCs using private IP addresses. However, this option does not address the issue with the DNS queries failing for domains created in a private hosted zone.

Option C: Private Hosted Zone needs to be created in VPC A, where an inbound endpoint is created.

This option suggests that we should create a private hosted zone in VPC A where an inbound endpoint is created. This approach can potentially solve the issue as it ensures that DNS queries for the private hosted zone are resolved within the VPC. However, this may involve additional configuration steps, such as updating the DNS resolver configuration for the regional offices to ensure they can resolve DNS queries for the private hosted zone.

Option D: enableDnsHostnames & enableDnsSupport need to be enabled in VPC.

This option suggests that we should enable the VPC attributes "enableDnsHostnames" and "enableDnsSupport" in VPC. This approach can potentially solve the issue if these attributes were not previously enabled, as they are required for the correct resolution of DNS queries in VPCs.

In conclusion, the best option to resolve the issue with DNS queries failing for domains created in a private hosted zone for users in regional offices is Option C, which involves creating a private hosted zone in VPC A where an inbound endpoint is created. However, it is important to ensure that all the necessary configuration steps are taken to ensure that DNS queries can be resolved correctly by the users in regional offices.