Discover how to leverage Amazon Route 53 inbound resolver endpoints and forwarding rules to enable seamless DNS resolution between on-premises and AWS resources connected via a Site-to-Site VPN.
Table of Contents
Question
A company is trying to connect two applications. One application runs in an on-premises data center that has a hostname of host1.onprem private. The other application runs on an Amazon EC2 instance that has a hostname of host1.awscloud private. An AWS Site-to-Site VPN connection is in place between the on-premises network and AWS.
The application that runs in the data center tries to connect to the application that runs on the EC2 instance, but DNS resolution fails. A SysOps administrator must implement DNS resolution between on-premises and AWS resources.
Which solution allows the on-premises application to resolve the EC2 instance hostname?
A. Set up an Amazon Route 53 inbound resolver endpoint with a forwarding rule for the onprem.private hosted zone. Associate the resolver with the VPC of the EC2 instance. Configure the on-premises DNS resolver to forward onprem.private DNS queries to the inbound resolver endpoint.
B. Set up an Amazon Route 53 inbound resolver endpoint. Associate the resolver with the VPC of the EC2 instance. Configure the on-premises DNS resolver to forward awscloud.private DNS queries to the inbound resolver endpoint.
C. Set up an Amazon Route 53 outbound resolver endpoint with a forwarding rule for the onprem.private hosted zone. Associate the resolver with the AWS Region of the EC2 instance. Configure the on-premises DNS resolver to forward onprem.private DNS queries to the outbound resolver endpoint.
D. Set up an Amazon Route 53 outbound resolver endpoint. Associate the resolver with the AWS Region of the EC2 instance. Configure the on-premises DNS resolver to forward awscloud.private DNS queries to the outbound resolver endpoint.
Answer
A. Set up an Amazon Route 53 inbound resolver endpoint with a forwarding rule for the onprem.private hosted zone. Associate the resolver with the VPC of the EC2 instance. Configure the on-premises DNS resolver to forward onprem.private DNS queries to the inbound resolver endpoint.
Explanation
This solution allows the on-premises application to resolve the EC2 instance hostname by using an Amazon Route 53 inbound resolver endpoint and forwarding rules.
Here’s how it works:
- Create an Amazon Route 53 private hosted zone for the “onprem.private” domain.
- Set up an Amazon Route 53 inbound resolver endpoint in the VPC where the EC2 instance is running.
- Configure a forwarding rule on the inbound resolver endpoint to forward DNS queries for the “onprem.private” domain to the on-premises DNS resolver.
- On the on-premises DNS resolver, configure it to forward DNS queries for the “onprem.private” domain to the Route 53 inbound resolver endpoint.
With this setup, when the on-premises application tries to resolve the “host1.onprem.private” hostname, the DNS query will be forwarded from the on-premises DNS resolver to the Route 53 inbound resolver endpoint. The inbound resolver will then forward the query to the on-premises DNS resolver, which can resolve the hostname.
Similarly, when the EC2 instance needs to resolve hostnames in the on-premises domain, the Route 53 inbound resolver endpoint will handle the forwarding and resolution.
Other options are not suitable or do not address the specific requirement:
B. Forwarding “awscloud.private” DNS queries to the inbound resolver endpoint will not help resolve the on-premises hostname.
C. An outbound resolver endpoint is used to forward DNS queries from AWS to on-premises, which is the opposite of the requirement.
D. Forwarding “awscloud.private” DNS queries to the outbound resolver endpoint will not help resolve the on-premises hostname.
Amazon AWS Certified SysOps Administrator – Associate certification exam practice question and answer (Q&A) dump with detail explanation and reference available free, helpful to pass the Amazon AWS Certified SysOps Administrator – Associate exam and earn Amazon AWS Certified SysOps Administrator – Associate certification.