How to Configure AWS VPC Instances to Use On-Premises DNS Server

Correct Answer: C.

The AWS Documentation mentions the following.

The Amazon EC2 instances you launch into a nondefault VPC are private by default.

They're not assigned a public IPv4 address unless you specifically assign one during launch or you modify the subnet's public IPv4 address attribute.

By default, all instances in a nondefault VPC receive an unresolvable hostname that AWS assigns (for example, ip-10-0-0-202)

You can assign your own domain name to your instances and use up to four of your own DNS servers.

To do that, you must specify a special set of DHCP options to use with the VPC.Option A is incorrect since you need to create a Private hosted zone for routing DNS names local to the VPC.Option B is incorrect since you would need to manage the replication between DNS servers.

Option D is incorrect since the resolution is based on Amazon DNS servers.

For more information on the DHCP options set, please refer to the below URL-

https://docs.aws.amazon.com/AmazonVPC/latest/UserGuide/VPC_DHCP_Options.html

To achieve the requirement of all instances in the VPC using the on-premises DNS server for resolving DNS names in a hybrid IT architecture with a VPN connection between AWS VPC and on-premises data center, we can use the following options:

A. Create an Internal Route 53 hosted zone: This option involves creating an internal Route 53 hosted zone in AWS and setting up the on-premises DNS server as a forwarder in the Route 53 resolver. This will enable the VPC instances to use the on-premises DNS server for name resolution. To implement this option, the following steps need to be followed:

1. Create an internal Route 53 hosted zone.
2. Configure the on-premises DNS server as a forwarder in the Route 53 resolver.
3. Modify the VPC DHCP options to use the Route 53 resolver.

B. Create a secondary DNS server in AWS: This option involves creating a secondary DNS server in AWS and configuring it to forward DNS requests to the on-premises DNS server. The VPC instances can then be configured to use the secondary DNS server for name resolution. To implement this option, the following steps need to be followed:

1. Launch a new EC2 instance in AWS and install a DNS server.
2. Configure the DNS server to forward DNS requests to the on-premises DNS server.
3. Modify the VPC DHCP options to use the secondary DNS server.

C. Create a DHCP Options set and assign it to the VPC: This option involves creating a DHCP Options set and configuring it to include the on-premises DNS server as the primary DNS server. The VPC instances can then be configured to use DHCP to obtain their DNS settings. To implement this option, the following steps need to be followed:

1. Create a DHCP Options set and configure it to include the on-premises DNS server as the primary DNS server.
2. Assign the DHCP Options set to the VPC.
3. Modify the VPC's security group settings to allow DNS traffic.

D. Modify the DNS resolution of the VPC: This option involves modifying the DNS resolution settings of the VPC to use the on-premises DNS server for name resolution. To implement this option, the following steps need to be followed:

1. Modify the VPC's DNS resolution settings to use the on-premises DNS server.
2. Modify the VPC DHCP options to use the VPC's DNS resolution settings.
3. Modify the VPC's security group settings to allow DNS traffic.

Among these options, the most appropriate one for achieving the requirement is option A, which involves creating an internal Route 53 hosted zone and configuring the on-premises DNS server as a forwarder in the Route 53 resolver. This option provides a scalable and flexible solution for DNS resolution in a hybrid IT architecture with a VPN connection between AWS VPC and on-premises data center.