AWS Certified Advanced Networking – Specialty (ANS-C01) — Question 90

A network engineer is working on a private DNS design to integrate AWS workloads and on-premises resources. The AWS deployment consists of five VPCs in the eu-west-1 Region that connect to the on-premises network over AWS Direct Connect. The VPCs communicate with each other by using a transit gateway. Each VPC is associated with a private hosted zone that uses the aws.example.internal domain. The network engineer creates an Amazon Route 53 Resolver outbound endpoint in a shared services VPC and attaches the shared services VPC to the transit gateway.

The network engineer is implementing a solution for DNS resolution. Queries for hostnames that end with aws.example.internal must use the private hosted zone. Queries for hostnames that end with all other domains must be forwarded to a private on-premises DNS resolver.

Which solution will meet these requirements?

Answer options

• A. Add a forwarding rule for “*” that targets the on-premises server's DNS IP address. Add a system rule for aws.example.internal that targets Route 53 Resolver.
• B. Add a forwarding rule for aws.example.internal that targets Route 53 Resolver. Add a system rule for “.” that targets the Route 53 Resolver outbound endpoint.
• C. Add a forwarding rule for “*” that targets the Route 53 Resolver outbound endpoint.
• D. Add a forwarding rule for “.” that targets the Route 53 Resolver outbound endpoint.

Correct answer: D

Explanation

The correct answer is D because adding a forwarding rule for '.' ensures that all queries not specifically handled by other rules are forwarded to the Route 53 Resolver outbound endpoint. Options A and B do not correctly address the requirement to forward all other domain queries appropriately, while option C incorrectly uses a wildcard that does not meet the specific resolution requirements.