How to Enable DNS Resolution Between On-Premises and AWS VPC
Question
Your company has the requirement of connecting its on-premises location to an AWS VPC.
The on-premises servers should have the capabilities of resolving custom DNS domain names in the VPC.
The Instances in the VPC need to have the ability to resolve the DNS names of the on-premises servers.
How can you achieve this?
Answers
Explanations
Click on the arrows to vote for the correct answer
A. B. C. A. E. A. G. H. .Answer - A.
Option B is incorrect because the DNS forwarder needs to point to the DNS resolver for the VPC and not the Name servers.
Option C is incorrect because the DNS forwarder should also point to the DNS resolver for the VPC.Option D is incorrect because the DNS forwarder should not point to the VPN tunnel IP address.
An example of this is given in the AWS Documentation.
For more information on this example, please refer to the below URL.
https://aws.amazon.com/blogs/security/how-to-set-up-dns-resolution-between-on-premises-networks-and-aws-by-using-unbound/
To achieve the requirement of connecting on-premises servers to an AWS VPC and allowing instances in the VPC to resolve custom DNS domain names, a DNS forwarder must be set up in the VPC. The DNS forwarder will point to the on-premises DNS server, allowing resolution of custom domain names from the VPC. Additionally, a DNS forwarder must be set up in the on-premises location to allow resolution of DNS names of instances in the VPC.
The correct answer is option C: A. Setup a DNS forwarder in your VP. B. Ensure the DNS forwarder points to the Amazon DNS resolver for the VP. C. Also, ensure the forwarder is configured with the on-premises DNS server. Change the Option Set for the VPC for the IP address of the DNS forwarder. Configure a DNS forwarder in the On-premises location.
Here's a detailed explanation of each step:
Setup a DNS forwarder in your VPC: A DNS forwarder is a server that forwards DNS requests to another DNS server. In this case, a DNS forwarder needs to be set up in the VPC to forward DNS requests to the on-premises DNS server.
Ensure the DNS forwarder points to the Amazon DNS resolver for the VPC: The Amazon DNS resolver is a service that provides DNS resolution for Amazon VPCs. By pointing the DNS forwarder to the Amazon DNS resolver, the VPC will be able to resolve public domain names.
Ensure the forwarder is configured with the on-premises DNS server: The DNS forwarder in the VPC must be configured with the IP address of the on-premises DNS server to forward DNS requests for custom domain names.
Change the Option Set for the VPC for the IP address of the DNS forwarder: An option set is a collection of settings that define the behavior of a VPC. The IP address of the DNS forwarder needs to be added to the option set of the VPC to allow instances in the VPC to use the DNS forwarder.
Configure a DNS forwarder in the on-premises location: A DNS forwarder must also be set up in the on-premises location to forward DNS requests from on-premises servers to the VPC DNS forwarder. This will allow resolution of DNS names of instances in the VPC.
Option E is incorrect because it suggests pointing the DNS forwarder to the name server for the Route 53 hosted zone. While this may work for resolving DNS names in the VPC, it will not allow resolution of custom domain names from the on-premises location.
Option G is incorrect because it suggests pointing the DNS forwarder to the IP address of the on-premises DNS server but does not mention configuring a DNS forwarder in the on-premises location.
Option H is incorrect because it suggests pointing the DNS forwarder to the IP address of the VPN tunnel, which is not necessary for DNS resolution between the on-premises location and the VPC.