Private Hosted Zone Setup for AWS VPN Connectivity | Exam Study Guide

Private Hosted Zone Setup for AWS VPN Connectivity

Prev Question Next Question

Question

Your company is planning to create a private hosted zone in AWS.

They need to ensure that on-premises devices that are connected to AWS through VPN, can reach the resources defined in the private hosted zone.

How can this be achieved, ensuring the least effort is put into setting this up?

Answers

Explanations

Click on the arrows to vote for the correct answer

A. B. C. D.

Answer - A.

When you create a VPC using Amazon VPC, Route 53 Resolver automatically uses a Resolver on the VPC to answer DNS queries for local Amazon VPC domain names for EC2 instances (ec2-192-0-2-44.compute-1.amazonaws.com) and records in private hosted zones (acme.example.com).

The Resolver additionally contains endpoints that you configure to answer DNS queries to and from your on-premises environment.

This is also mentioned in the AWS Documentation.

Option B is incorrect because it is specifically mentioned to use a private hosted zone.

Options C and D are incorrect because this would add maintenance overhead.

For more information on Simple AD and DNS, please refer to the below URL:

https://docs.aws.amazon.com/directoryservice/latest/admin-guide/microsoftadbasestep3.html https://docs.aws.amazon.com/Route53/latest/DeveloperGuide/resolver.html
The Resolver additionally contains endpoints that you configure to answer DNS queries to and from your
on-premises environment.

You also can integrate DNS resolution between Resolver and DNS resolvers on your network by
configuring forwarding rules. Your network can include any network that is reachable from your VPC,
such as the following:

e The VPC itself
e Another peered VPC
e An on-premises network that is connected to AWS with AWS Direct Connect, a VPN, or a network

address translation (NAT) gateway

Before you start to forward queries, you create Resolver inbound and/or outbound endpoints in the
connected VPC. These endpoints provide a path for inbound or outbound queries:

Inbound endpoint: DNS resolvers on your network can forward DNS queries to Route 53 Resolver via
this endpoint

This allows your DNS resolvers to easily resolve domain names for AWS resources such as EC2
instances or records in a Route 53 private hosted zone. For more information, see How DNS
resolvers on your network forward DNS queries to Route 53 Resolver endpoints.

The correct answer to the question is A. Consider using Route53 Inbound Resolver endpoints for resolving DNS requests.

Explanation:

A private hosted zone in Amazon Web Services (AWS) is a DNS namespace that you can use to manage custom domain names within your virtual private cloud (VPC). This enables you to map private IP addresses to domain names that can be used internally. On the other hand, VPN provides secure and encrypted communication between your on-premises network and your AWS VPC. To ensure that on-premises devices connected through VPN can access the resources defined in a private hosted zone, you need to configure DNS resolution.

Option A, which is to use Route53 Inbound Resolver endpoints for resolving DNS requests, is the most appropriate and least effort approach for this scenario. This solution allows you to resolve DNS queries from on-premises devices to private hosted zones in your VPC without the need for complex networking configurations or additional infrastructure.

With Route53 inbound resolver endpoints, you can configure your VPC to use Route53 as the default DNS resolver for your on-premises devices. Route53 will then resolve DNS queries for your private hosted zone within your VPC. This option offers a cost-effective and easy-to-manage solution that eliminates the need to deploy additional infrastructure or configure complex networking rules.

Option B is incorrect because converting a private hosted zone to a public one would expose private IP addresses to the public internet, which would be a security risk.

Option C is incorrect because creating an EC2 instance and installing a DNS resolver would require additional infrastructure and management overhead.

Option D is incorrect because installing Active Directory Domain Services (AD DS) on an EC2 instance would only be necessary if you needed to create a domain controller in the cloud. It would not be necessary for configuring DNS resolution for a private hosted zone.