AWS Certified Advanced Networking – Specialty (ANS-C00) — Question 360
A company has a hybrid architecture with dual AWS Direct Connect connections and applications running in the AWS Cloud and on premises. The company uses its on-premises DNS servers to provide name resolution for is internal domain company.com. The company uses an Amazon Route 53 private hosted zone, aws.company.com, for resolution of AWS resource records.
A new application that runs on Amazon EC2 in the company's VPC needs to resolve records in the company.com domain and on other AWS resources.
What should the company do to meet these requirements?
Answer options
- A. Create a new DHCP options set. Configure the DHCP options set name servers to be the on-premises DNS servers, and configure the domain name to be company.com. Assign the DHCP options set to the VPC with the EC2 instances.
- B. Create Route 53 Resolver outbound endpoints in each subnet in the VPC. Configure a Route 53 forwarding rule with a rule type of Forward for company.com that points to the on-premises DNS servers. Configure a Route 53 forwarding rule with a rule type of System for aws.company.com.
- C. Create Route 53 Resolver outbound endpoints in each subnet in the VPC. Configure conditional forwarding rules on the on-premises DNS servers to forward queries for the domain aws.company.com to the Route 53 Resolver endpoints. Modify the DHCP options set to configure instances to resolve hostnames using the on-premises DNS servers.
- D. Create a private hosted zone for company.com within the AWS account. Create Route 53 Resolver inbound endpoints in each subnet in the VPC. Configure the on-premises DNS servers to send outbound zone transfers for company.com to the Route 53 Resolver endpoints.
Correct answer: B
Explanation
To resolve on-premises domains from a VPC, Route 53 Resolver outbound endpoints must be configured to forward queries to the on-premises DNS servers using a Forward rule for company.com. Additionally, a System rule for aws.company.com ensures that queries for the AWS private hosted zone continue to be resolved locally by the Route 53 Resolver instead of being forwarded to the on-premises servers. Other options are incorrect because DHCP option set modifications or zone transfers do not properly support this hybrid, bidirectional resolution flow without unnecessary complexity or unsupported features.