AWS Certified Solutions Architect – Professional (SAP-C02) — Question 247
A company plans to deploy a new private intranet service on Amazon EC2 instances inside a VPC. An AWS Site-to-Site VPN connects the VPC to the company's on-premises network. The new service must communicate with existing on-premises services. The on-premises services are accessible through the use of hostnames that reside in the company.example DNS zone. This DNS zone is wholly hosted on premises and is available only on the company's private network.
A solutions architect must ensure that the new service can resolve hostnames on the company.example domain to integrate with existing services.
Which solution meets these requirements?
Answer options
- A. Create an empty private zone in Amazon Route 53 for company.example. Add an additional NS record to the company's on-premises company.example zone that points to the authoritative name servers for the new private zone in Route 53.
- B. Turn on DNS hostnames for the VPC. Configure a new outbound endpoint with Amazon Route 53 Resolver. Create a Resolver rule to forward requests for company.example to the on-premises name servers.
- C. Turn on DNS hostnames for the VPConfigure a new inbound resolver endpoint with Amazon Route 53 Resolver. Configur&the on-premises DNS server to forward requests for company.example to the new resolver.
- D. Use AWS Systems Manager to configure a run document that will install a hosts file that contains any required hostnames. Use an Amazon EventBridge rule to run the document when an instance is entering the running state.
Correct answer: B
Explanation
Option B is correct because it allows DNS queries for the company.example domain to be directed to the on-premises name servers, enabling resolution of hostnames required for integration. Option A is incorrect as it does not facilitate direct hostname resolution since the private zone will not be authoritative. Option C is also wrong because it describes an inbound resolver, which is not suitable for this scenario. Option D is not applicable as it involves a hosts file, which does not provide dynamic DNS resolution.