AWS Certified Advanced Networking – Specialty (ANS-C01) — Question 128
A company has set up hybrid connectivity between its VPCs and its on-premises data center. The company has the on-premises.example.com subdomain configured at its DNS server in the on-premises data center. The company is using the aws.example.com subdomain for workloads that run on AWS across different VPCs and accounts. Resources in both environments can access each other by using IP addresses. The company wants workloads in the VPCs to be able to access resources on premises by using the on-premises.example.com DNS names.
Which solution will meet these requirements with MINIMUM management of resources?
Answer options
- A. Create an Amazon Route 53 Resolver outbound endpoint. Configure a Resolver rule that conditionally forwards DNS queries for on-premises.example.com to the on-premises DNS server. Associate the rule with the VPCs.
- B. Create an Amazon Route 53 Resolver inbound endpoint and a Resolver outbound endpoint. Configure a Resolver rule that conditionally forwards DNS queries for on-premises.example.com to the on-premises DNS server. Associate the rule with the VPCs.
- C. Launch an Amazon EC2 instance. Install and configure BIND software to conditionally forward DNS queries for on-premises.example.com to the on-premises DNS server. Configure the EC2 instance's IP address as a custom DNS server in each VPC.
- D. Launch an Amazon EC2 instance in each VPC. Install and configure BIND software to conditionally forward DNS queries for on-premises.example.com to the on-premises DNS server. Configure the EC2 instance's IP address as a custom DNS server in each VPC.
Correct answer: A
Explanation
Option A is correct as it provides a straightforward solution by using an Amazon Route 53 Resolver outbound endpoint, which requires minimal management and directly forwards DNS queries. Options B and C involve additional complexity by either requiring an inbound endpoint or setting up BIND software on EC2 instances, which increases management overhead. Option D further complicates the solution by necessitating multiple EC2 instances instead of a single endpoint.