Learn how to configure DNS resolution between on-premises and VPC applications by setting alias records in private Route 53 zones and conditional forwarding via Resolver endpoints.
Table of Contents
Question
A company deploys an internal website behind an Application Load Balancer (ALB) in a VPC. The VPC has a CIDR block of 172.31.0.0/16. The company creates a private hosted zone for the domain example.com for the website in Amazon Route 53. The company establishes an AWS Site-to-Site VPN connection between its office network and the VPC.
A network engineer needs to set up a DNS solution so that employees can visit the internal webpage by accessing a private domain URL (https://example.com) from the office network.
Which combination of steps will meet this requirement? (Choose two.)
A. Create an alias record that points to the ALB in the Route 53 private hosted zone.
B. Create a CNAME record that points to the ALB internal domain in the Route 53 private hosted zone.
C. Create a Route 53 Resolver inbound endpoint. On the office DNS server, configure a conditional forwarder to forward the DNS queries to the Route 53 Resolver inbound endpoint.
D. Create a Route 53 Resolver outbound endpoint. On the office DNS server, configure a conditional forwarder to forward the DNS queries to the Route 53 Resolver outbound endpoint.
E. On the office DNS server, configure a conditional forwarder for the private domain to the VPC DNS at 172.31.0.2.
Answer
A. Create an alias record that points to the ALB in the Route 53 private hosted zone.
C. Create a Route 53 Resolver inbound endpoint. On the office DNS server, configure a conditional forwarder to forward the DNS queries to the Route 53 Resolver inbound endpoint.
Explanation
These steps allow resolution of the private domain from the office network:
A – Creates an alias record in the private hosted zone to map the domain to the ALB
C – Forwards queries from the office DNS to the Resolver inbound endpoint in the VPC
The other options do not fully meet the requirements:
B – CNAME records cannot be used for aliases to ALBs
D/E – Do not use a Resolver endpoint to forward queries to the private zone
By creating an alias record in the private zone and conditionally forwarding queries to the Resolver endpoint, this combination resolves the private domain URL from the office network as required.
AWS Certified Advanced Networking – Specialty ANS-C01 certification exam practice question and answer (Q&A) dump with detail explanation and reference available free, helpful to pass the AWS Certified Advanced Networking – Specialty ANS-C01 exam and earn AWS Certified Advanced Networking – Specialty ANS-C01 certification.