Private Hosted Zone Setup for AWS VPN Connectivity
Question
Your company is planning to create a private hosted zone in AWS.
They need to ensure that on-premises devices that are connected to AWS through VPN, can reach the resources defined in the private hosted zone.
How can this be achieved, ensuring the least effort is put into setting this up?
Answers
Explanations
Click on the arrows to vote for the correct answer
A. B. C. D.Answer - A.
When you create a VPC using Amazon VPC, Route 53 Resolver automatically uses a Resolver on the VPC to answer DNS queries for local Amazon VPC domain names for EC2 instances (ec2-192-0-2-44.compute-1.amazonaws.com) and records in private hosted zones (acme.example.com).
The Resolver additionally contains endpoints that you configure to answer DNS queries to and from your on-premises environment.
This is also mentioned in the AWS Documentation.
Option B is incorrect because it is specifically mentioned to use a private hosted zone.
Options C and D are incorrect because this would add maintenance overhead.
For more information on Simple AD and DNS, please refer to the below URL:
https://docs.aws.amazon.com/directoryservice/latest/admin-guide/microsoftadbasestep3.html https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resolver.html
The correct answer to the question is A. Consider using Route53 Inbound Resolver endpoints for resolving DNS requests.
Explanation:
A private hosted zone in Amazon Web Services (AWS) is a DNS namespace that you can use to manage custom domain names within your virtual private cloud (VPC). This enables you to map private IP addresses to domain names that can be used internally. On the other hand, VPN provides secure and encrypted communication between your on-premises network and your AWS VPC. To ensure that on-premises devices connected through VPN can access the resources defined in a private hosted zone, you need to configure DNS resolution.
Option A, which is to use Route53 Inbound Resolver endpoints for resolving DNS requests, is the most appropriate and least effort approach for this scenario. This solution allows you to resolve DNS queries from on-premises devices to private hosted zones in your VPC without the need for complex networking configurations or additional infrastructure.
With Route53 inbound resolver endpoints, you can configure your VPC to use Route53 as the default DNS resolver for your on-premises devices. Route53 will then resolve DNS queries for your private hosted zone within your VPC. This option offers a cost-effective and easy-to-manage solution that eliminates the need to deploy additional infrastructure or configure complex networking rules.
Option B is incorrect because converting a private hosted zone to a public one would expose private IP addresses to the public internet, which would be a security risk.
Option C is incorrect because creating an EC2 instance and installing a DNS resolver would require additional infrastructure and management overhead.
Option D is incorrect because installing Active Directory Domain Services (AD DS) on an EC2 instance would only be necessary if you needed to create a domain controller in the cloud. It would not be necessary for configuring DNS resolution for a private hosted zone.
